Sunday, March 21, 2010

How Gemini CDS fails to stop copybotting

Yet again, there's another cache of apparently copybotted content being sold on XStreetSL. And this has been discovered long after Gemini CDS was released into the wild to prey on the paranoia of content creators. Wasn't this "wonderful tool" supposed to be the "silver bullet" against copybotting?

No, it's not, because of it's biggest and intentional flaw: it does not stop or detect the act of copybotting at all. Yes, it's stated purpose is to merely detect "copybot viewers", but users are hyping it up beyond belief(see "silver bullet" reference above).

A copybotter can get around CDS via a few methods. The easiest (though costly) method makes use of online marketplaces that use "magic boxes" for delivery. All the copybotter has to do is go to a sandbox or other place where CDS is not used, purchase a copy of the content to be copybotted via website, then copybot the item once delivered and sell it to recoup the monies used to purchase the original copy. So if you're a merchant at XStreetSL or any of the other major online marketplaces, CDS won't protect your online listings, even if your "magic boxes" are within proximity of a CDS.

Another method of course is to play the cat-and-mouse game where copybotters continually update their ripper clients to avoid CDS detection, and Skills Hak has to update CDS in response. This will eventually end in one side "giving up" out of frustration or exhaustion, as all cat-and-mouse games do. My bet on this is that Skills will eventually give up, once people start to realize what a sham CDS is, given the other methods below.

Also CDS cannot prevent thieves from camming into a CDS-protected parcel and copybotting that way. Or stealing textures, animations and sounds by obtaining the UUID of the content via LSL or digging through the texture cache directories of any viewer.

Then there's using GLIntercept in conjunction with the official viewer. It's highly doubtful that CDS can detect GLIntercept, unless CDS does somehow force a user's viewer to peek around the filesystem and report to the CDS webservers what it finds. This would be in violation of the Second Life ToS if it were the case.

If you're still thinking CDS does work, take a look at this video I found after Googling "Gemini CDS Ban Relay":


I rest my case, folks.

Update: Apparently the main detection method of Gemini CDS has been discovered. It triggers the viewer to contact a specific URL, where the site weakly encrypts the details of the avatar and the user-agent HTTP request header details(which is how the viewers are detected), then sends the information off to Skills' secret database. This means defeating Gemini CDS detection(at least at this level) is now as trivial as blocking the URL at the router/firewall level(or by disabling Quicktime with the -noquicktime command-line option).

Update 2: The video I linked to has apparently been taken down due to a DMCA copyright claim. At first I thought it was simply because of the music track that accompanied the video, but normally that would just result in the audio of the video being disabled. But apparently Skills Hak and the Gemini staff are actively trying to suppress videos that demonstrate how ineffective CDS is at stopping copybotting. The videos themselves do not infringe *any* of Skills or Gemini's copyrights, so the takedowns amount to abuse of the DMCA and as suppression of free speech. <snarky sarcasm>I guess Skills has been taking DMCA lessons from Kalel Venkman</snarky>.

9 comments:

mike said...

I guess skills didn't want you to show his fail. Everytime someone shows his spyware not working it gets pulled from the website.
Talk about false dcma complaints.

Ari Blackthorne™ said...

This post is hilariously funny.

I know many people using the CDS. I am hearing reports that it is working just fine (contrary to your alarmist bullshit) and catching several people and bouncing them. Most who are ass-kicked out of the sim know better than to whine about it.

I've mentioned to these CDS users how it's not 100% and all that. To which the reply was often "even 10% effective is 10% protection which is better than 0% anything."

So the system is apparently not a "scam" or a waste of time and effort as you so badly are trying to convince people of - it's at least partially effective (a reported 80%). And in that case even partially effective is better than non-effective at all.

Posts like this and all over the SLogosphere that try so hard to "shoot-down" the whole idea of the CDS or to proclaim how "useless" it is are real entertainment for me.

I mean when I say "laughable" I genuinely mean it. Much more like this and I'll be pissing my pants before long.

AntoniusMisfit said...

Ari, the point of the post isn't really alarmist, but rather to cut through the overactive hype of CDS that users are pushing.

Again, if CDS actually detected or stopped the actual act of copybotting, there wouldn't be much controversy over it. It only catches people who step into the CDS megaprim while using a blacklisted viewer. Smart copybotters will simply go around it, with the same results before CDS arrived on the scene. At that point 10%(or 80%) protection will go straight down to zero.

And I just noticed this little nugget from Skills directly: "believe me i’d love to publish the names, but people will read it as a list of known thieves which it isn’t".

Ask those people you know who use CDS this simple question: "Do you believe customers who have been detected by CDS are automatically and irrevocably guilty of copybotting?" The answer will likely match up to what Skills said. That should tell you the real mindset of CDS users, and why it is a scam(of a psychological sort).

Phoebe Yheng said...

Ari Blackthorn, I believe the only reason you say the word "laughable" is because you really arent convinced your argument holds up and are attacking the people not the arguments.

Suppose Gemini CDS is acting in a way that is contrary to the laws of europe (where skills is from) and the usa (where second life is based).
That would be a cause for concern wouldnt it? Unless of course you arent bothered by software that scans your hard drive and then steals data from the drive. In which case why are you using antivirus software?
I believe when i started using windows software that I agreed to allow certain data to pass between my computer and MS servers. I made no such agreement with skills hak and furthermore skills hack is a greifer and hangs with the other retards from woodbury AKA 4chan city. I would not want any data let alone my ip address and avatar name sent to some thoroughly disreputable nobody like skills hak. I dont care what its for, i dont care what the arguments are - privacy that is my concern.
As for the emerald viewer I know for a fact it sends data of that nature to modular systems. DONT COME HERE TELLLING PEOPLE YOUR BEST BUDDY, SKILLS HAK, is reputable you will have about 3000 people laughing in your face

Jayden said...

I once had a lot of Respect for Skills Hak, and Insilico, I really liked the Sim, the market, and everything he had built, until he Released CDS, accused me of Commiting Content Theft, just because I was on a Illegal Viewer, Backing up Content of my own, and helping a friend detect some ripped Skins, which They refuse to remove me because of this.

What this person says is True, I know all about the basic Copybot Methods, and now that I know how CDS works HTTP Requests, Log IP, and such, I can use a Proxy, Another computer, with fake info, Make a false account, and Walk into any store Media fully disabled, and such and Copy everything Send it out to hundreds for free, stick it on xstreet, Nothing they could do.

But the fact's are that Linden Lab should have Final Say in all clients allowed to access Second Life, Not Skills Hak, he, and his Team are Grivers, who have helped ruin our community as a whole, and as a result in the war, L$ prices have came down a whole lot, as if creators did not have enough to worry about.

As Much as I respect Creators in Second Life, and Stuff people have created, and have been reporting Stolen Content Longer than Skills Hak's System has ever been around, and have been here longer than he even has, I have added the following Policys in place to fight back against CDS, and its unfair system, which is a Dictatorship.

We, Me, and all the people I know no longer report stolen content, if that creator is using CDS on their sims, and Contributing to theft items.

The Only acceptions to this, is the creators I know, and the creators I Trust, who have used the system, and White listed those who have not stolen any of their work, or commited any RL Crimes.

L$ Prices are going down big times and its $4.05 USD to buy L$, I have stopped spending over 100k+ A month or over $200 a month in SL on content, because as long as Skills Systems are around, I have no reason to play, So have my friends, and SL is going down hill.

Tarheel McCoy said...

My biggest observation is WTF?

It either works and nails people, or it doesn't work and people leak through.

But for fuck's sake, pick one!

Beyond that, the whole CDS thing is overblown. You'd think it was the only system in SL that did this, and it isn't, by a long shot. There are at least a dozen other systems that work exactly the same way, and have about the same degree of accountability going on.

The whole thing came about because of a pissing match between the now blacklisted Woodbury University and Phox, and if it wasn't for that, none of this would even have seen the light of day.

Oh, and grow up about the DMCA thing, for chrissakes. You want to say it's false, then show me the documents where the takedowns are proven false. Until then, piss off.

hotpuddykat Magic said...

@Jayden

Of course because to prove that everyone who disagrees with cds relay ban is a theif someone like you has to come along and sully the reputation of those who have been put n the ban lists for no other reason than pissing off the criminals that made up the emerald team and the phoenix developers.
This works on the basis that if you arent for us you must be a criminal. Well no actually! some just like their privacy
F*ck skills hak she is a sad loser and anyone that buys her viral code CDS relay Ban whatever its called is obviously a sad sack too. They hide behind their sock puppets. Thats right the emerald developers were criminals and so are the phoenix developers.
why do you think emerald collected so much user data? do the sums. it made them around $90,000 US dollars a year
now get your gums around that.

If skills hak is so honest lets have access to the database and let herpublish the code. If she is so altruistic, lets have an open source CDS ban relay system. This isnt aabout banning copybots its about knowing who peoples alts are

Whitedove Lavarock said...

I use systems like this all the time to see who has alts and who they are. I then go from sim to sim following them around and checking on them. I even put shops and other things on parcels right next to theirs so I can eavesdrop on them and watch who goes in and out of their parcel. Its called security and we love it, its so fun stalking people. I used to be in a group called SL FBI and we would investigate people and try to see what they were up to hoping to get them banned and stuff for being assholes.
I dont pretend to be interested in copybots just give me a list of alts and I am anyones.

Anonymous said...

So, Whitedove Lavarock, what you're telling us is that you engage in the sort of vigilantism that brings us back to the days of the Ku-Klux-Klan.

By the way, Whitedove Lavarock, I see you've been doing the rounds on various blogs singing the praises of this piece of scamware/malware. This reeks of sockpuppetry, at the very best.

As for Ari Blackthorne, this guy who praises this piece of scamware/malware for its "protection of people's Intellectual Property", I want to point out that he himself promotes stuff that infringes on others' Intellectual Property.

See this post on one of his blogs:

http://sociallymundane.com/post/32534264867/gratis-borg-themed-ringtones-for-you

Did the creators of these Borg-themed ringtones get any authorization from the creators of Star Trek? I guess not.

Furthermore, Skills Hak was involved in the Emerald Viewer scandal and either participated in, or did nothing to stop, a DDoS attack on SL that happened "thanks" to that viewer.

Would you trust her? I sure as hell wouldn't. She sounds damned shady to me.

Remember RedZone? Its creator, whose RL name is Michael Prime, is now in custody for fraud.

If a content creator feels the need to use the "services" of people who have been involved in malicious activities on the internet, fraud and/or peddling malware, then s/he just plain ain't worth existing in SL or RL. Show me who you work with and I'll show you who you are: content creators that employ the services of fraudsters and (cyber)criminals are fraudsters themselves.

End of story.