Content protection, it would do hifi very good to have it


Because some talk about sansar you get the compare with hifi. And the content protection.

It would be very good for high fidelity if the implement better content protection. better today then next month. It sounds for me thst people would be more interested in high fidelity if content is more protected.

So, not a simple copy and paste from web urls. not sure how easy atp works… But hiding url’s is not enough.

We need more protection, question is only what and how.


I’m actually curious if this isn’t already in place.
I have a JPG called “colors” sitting on my ATP.

It has a hash of d927ea5d96def168a7fe0fdda4387122b1807ce54caccbc16b9924130653b608

I would very much like for someone to attempt to pull this JPG into Sandbox, or use it as a texture upon a model.


cc: @Menithal


I agree @AlphaVersionD as unless the photo was digital altered, it would hold that unique SHA value and would be a way to authenticate.

The way around this would be to alter even one piece of the jpg perhaps a rescale by 1 pixel and it will forever alter the unique SHA value.


I agree, i think ATP is pretty secure. But it would be nice to know too.

But… as soon your using avatar or clothing. that cannot be put on ATP. unless you never leave your domain. So that need to put on public http server with only som e .htaccess protection.

I think the idea where to let ATP retrieve the url from your webspace and then server some hastag to the client ? Not sure. We all did soem talk about it in the past.


What domain is this on? because if it isnt on the sandbox then it is non transferrable, yet. I am still waiting for the time one can refer from to the atp from another domain.

However, it still doesnt solve the issue of a person being able to apply it on any entity. It does make it a tad bit more difficult to move the models elsewhere, which I do appreciate,

but the moment someone has a node that also hosts the atp stuff, they can simply load the models from the server data file. If everything was distributed evenly, then it probably would work better.


So we all are in agreement that a model cannot be taken from another atp, but a texture file can be applied to other entities?

tbh, I was really only concerned with someone looting my models I’ve spent months on. I haven’t spent that much time on textures. I suppose if I did, that would be a cause for concern.


Yes, but that may change later because they are planning to put the atp distributed so each domain shares their atp resources to others on requests allowing cross polination of atp resources.

However there again comes the question of if there is a domain (node) that is owned by someone naughty who will just access the atp folder. But even this would be solved by a partial solution: where only parts of the files are stored across every other node and no one, but the original domain would have the full file.

Ofcourse that would solve by having the atp urls to specific domains (atp://center/) forexample, but even that is up for discussion.

Textures again are affected by the same thing as models.


You probably need to clarify what you mean by content protection to get a meaningful response.

If, on the one hand, you’re talking about preventing people from grabbing assets you’ve used in your domain and doing stuff with them, then it’s pretty much a lost cause. Assets have to be downloaded to your machine and copied to the GPU in order to be displayed at all. There’s no secure path to do this, and there likely never will be. Even if we somehow managed to create a completely secure path from the network hosting to the local machine (including caching) all the way to loading vertices onto the GPU through OpenGL, Direct3D or Vulkan, there’s still nothing that would prevent someone from being able to intercept the data at the point where it gets passed to the GPU (see this Stack Exchange question for how people use software to rip 3D geometry).

On the other hand, we can work on embedding support for signing content and provide a mechanism for attribution, and this kind of work is definitely on the roadmap. The idea here is that you’d be able to push content to the (or ‘a’) marketplace and when that content is used, people seeing the content would also be able to inspect it and see where it came from and whether the use was authorized or unauthorized. For example of how this might work, you own a domain, you go to the marketplace and buy a chair model and put it in your domain, and people visiting can see the chair and if they want can examine some kind of ‘properties’ information about the chair and see it’s origin and that it was legitimately purchased. Of course, this doesn’t stop someone else from grabbing the chair model and putting it in their own domain. However, unless the model was altered in some way, anyone would be able to see the chair origin and that the use was unauthorized. Perhaps a conforming client would either flag the unauthorized content in some way, or even refuse to render it, but that’s a significantly harder problem. Even if this were the case, it would probably be trivial to side step because a person could open the model, change one vertex by some trivial amount and then save the new model, avoiding easy identification.

So if the question you’re really trying to get at is “how do prevent people from stealing and using my content?” the answer is, unfortunately, you can’t. This is one of the the fundamental truths of the internet, and it’s something people have tried to address over and over and over, with text, images, audio, and video. 3D/VR content isn’t going to be any different. So the real question is, “How do you survive in such a lawless wasteland?”, to which the answer is “Make it easier to act in a legitimate manner than an illegitimate one, and wait for enough people (and unfortunately, lawyers) to show up to make being reputable an important thing”. When consumer internet became fast enough to trade audio, people illegally traded music, until businesses wised up and made it cheap and easy to purchase and download DRM free music. Same thing with video. Yes, music and video piracy still exist, but for the majority of users, its usually easier to just stay within the law than to do otherwise.


What is important in this discussion is by and large in hifi coders have been paid for their work and builders haven’t.
This explains why some areas are more carefree with regards to their work.
If the rolls were reversed things would change rapidly.
The coders market is Phil, builders are speculating on futures…


@judas I have to second this motion as there is a great fear from many who make content that their material will be protected. The debate, the great debate, centers around what is realistic and what honestly can be done.

I really like what @AlphaVersionD was introducing earlier with the concept of the SHA hash. Perhaps we can digitally sign an fbx (which would entail altering it to a binary) such that we add data that would be random and very hard to physically remove which would be stamped by the author. If an fbx is then taken, the binary bits added to the data would be random based on a random hash from the author it would be hard to alter them out. In addition, make it such that if any of the binary is altered, it would make it useless.

Finally we can even go with with @AlphaVersionD was suggesting (I think). Creating a key to check data to authenticate the SHA value of the FBX. If someone has that FBX with that value and it is not purchased, we would know who the author was. The trick is if someone alters it, even by adding or changing a texture, the SHA would change.

I think if we really push this, the solution is here somewhere! So far @AlphaVersionD might be on to something.


I suppose as an alternative to the SHA hash idea, or in addition to it, we could add some sort of block-chain thingy, too. That is, there’d be a series of stored transaction info embedded into the object that gets appended to each time the object changes hands that shows each owner in sequence going back to the original creator. I actually mentioned this idea here in the forums once ages back.


I can’t claim I thought of the hash method, the console server makes this happen by default. What we could do is somehow leverage filenames in concatenation of a private domain key for distro on a domain, but on a per user or per zone.


i prefer the block chain method , that’s a chain with a stone block on the end that i whip you with if i find out you stole my work :wink:


@judas I thought we were simply going to hang them in the town square?


I’m a blockchain believer, but I to my limited knowledge, the problem of identifying a product and instances of it to protect it remains, even with BC tech. If you could incorporate or somehow securely associate a product ID and whatever copyright you choose with your resource, BC would be a solution to compensation as well as unauthorized use protection.

Another interesting dimension off this would be micropayments that include derivative work as well as property used whole. In that case, product identification is maybe way more difficult, but wouldn’t it be cool.