Instead of abandoning privacy on the protocol level why not default to logged in?


At the town hall there was discussion about removing privacy at the protocol level. I think there are legitimate uses for having privacy between sessions/servers (eg consenting adults doing adult things).

what I didn’t really get is why we can’t just default server settings to users being logged in for all public spaces? It’s more rare that a server would need to allow anonymous and if nearly all servers require login then that’s enough incentive to actually log in.


I try to understand what you mean. But it still does not sound good to drop something with privacy.

Now someone need to explain what setting that is we talk about.


I believe the setting Dusty is talking about is in the Domain Settings, setting which users are allowed to connect to your domain. By default, it allows anonymous users in, but you can set it to only allow logged in users in. I think DustyWizard is suggesting that anonymous users be disabled by default on all domains.


The problem with default settings is, the vast majority of people then use them, simply because they’re the default settings… even if a particular settings actually causes more harm than good by being too commonly used. 0o


When you pay the internet bill do u do it anonymously?
If you could be anonymous on the internet then that guy who ran the silk road dark web market who knew way more about this stuff than us wouldn’t be in jail


Disable anonymous access to domains sounds like a good thing. It protect users more and the not get suprissed by some anonymous griefer.

So. Sounds ok for me to block anonymous access by default.


Has anyone recently been affected by anonymous griefers in their domain? i’m interested in hearing about it


It was being discussed at the last town hall, so presumably. Though I think that was in reference to a ‘public’ space (ie one provided by high fidelity)


Note: If we turn off anonymous in theSpot, new users would be unable to login without creating an account.


Instead of banning… why not simply push the griefers to a “troll’s arena” domains where they could live scandalously all together.
At least they might not feel officially banned and they might stop to log bad ratings about Hifi like we can read on Oculus store.
Is it not because of a free greifing activity that VrChat started to attract peoples ?
Put a clear disclaimer to advise people that they enter to the troll’s valley and let them be.

I just don’t know who could we hired to be the troll animator to keep the first troll busy in that virtual hell… a cyber-devil maybe?

OK, another bad idea of mine :wink:


new users would be unable to login without creating an account.

@philip Would that be a feature or a bug? Forcing folks to login to enter public areas would allow banning of griefers, but wouldn’t remove the underlying privacy potential in the protocol for anonymous login for other sites which want that.


thats the point. these people abusing the system use the anon system to do their attacks…


I’m not sure I understand, @LosAngelesGraff : Creating a named account is as trivial as logging in anonymously. The recent exploits we’ve seen are just as easy to so with an account as with anonymous login.

I think that the solution here is a reputation system that allows people to establish trust, and then allow only people that they trust (or that their friends trust, etc) into a server.


To further elaborate on this point (without flat out giving the answer), all having a logged in account does is act as an additional hurdle to the issue. Making a new account can virtually be automated, as there is no capcha check and the only checks are on unique email and username. As such, one can simply ‘faceroll’ usernames just as anonymous users get new numbers added to their names. In this case, removing anonymous users wouldn’t solve the problem as the problem is still in the current system.

As such, Philip’s proposed system is to foil accounts created in this manor, anonymous or otherwise. The only concern I have is that this proposed system should NOT confuse connections with trust, as the current ‘culture’ in the system is that everyone handshakes everyone, which would not work very well.


One problem with reputation system.

How can people give others a reputation to someone as long people can change the screen name ? reputation only works if you have a name that is visible and cannot be changed.


I’m sorry Philip
when it comes down to permissions really it should be as simple as this you come into a place you can’t do anything with it are domain except the simple things like picking up objects and such

and if you want to do more you have a hash for a temporary time or a permanent time depending on what you want to do that can be revoked by the user or the domain owner on a human scale

nobody wants to be categorised I’m sorry Philip they have a right to be human I know you understand this

I have a lot more to say on this matter but I expect most people won’t listen because their upset right now


although there is no limit to how many accounts you can login with to high fidelity. creating emails over and over is still a some what deterrent. i understand the need to have a no log in account to fuel traffic though. its just to bad for the community already in high fidelity has to deal with it.