Is there One Username Server to rule them all? oO


#1

One thing I’ve been wondering for a long time. How will username credentials be handled wrt High Fidelity as a whole? Will there be one central server where all usernames are stored, or will there be many, many independent ones? One of the things I like about HiFi is that we’re trying to move as hard as possible in the opposite direction from the Walled Garden approach to internet services… but if all the users that exist in the HiFi Metaverse get their account from one place, that is still a single point of failure to that, and it is also a tempting target for busybodies who might decide they want “all those [witches/communists/homos/terrorists/blasphemers/insert-bagaboo-of-choice] on THIS list” disabled from having access to the whole of the Metaverse.

We are very lucky there IS no central login-credentials system for the entire World Wide Web, where someone could simply go to the Holder Of the WWW Login Database and suddenly Edward Snowden, or Kim Dotcom, or Gasbag Smith, or whoever that someone doesn’t like, finds he can’t access the ENTIRE Internet anymore, and he suddenly can’t even open the files stored on HIS OWN file server on HIS OWN machine in HIS OWN house because the credentials, vetted by that central DB, that says he owns or created that content is no longer valid. We sure as hell don’t want a situation like that to befall the Metaverse, either. oO

edited to add: I guess the concern I have isn’t so much that someone might lose their ability to visit the Metaverse – after all, someone COULD just create a new account if they lose the old one – I’m more wondering what would happen to all the content someone buys through those credentials. My belief is that once someone has purchased a given thing, it should be theirs forever (assuming they don’t lose all copies of it in a hard disk crash, anyway), there should never, ever be an easy way for someone to cause you to lose all your purchased stuff just because they don’t like the color of your skin, or the tone of your voice, or the fact that you don’t like parakeets, or something. oO


#2

Well, usernames, and placenames by them selves are all managed and hosted by High Fidelity, but you necessary arent required to use them. The Login is basically just an ability to have an identity, and with the rights to things connected to that identity from the domains. otherwise you are just Anonymous to the domains them selves.

Forexample, you can use High Fidelity without ever using High Fidelity Incs services. Connecting to other domains can work via just simple web domain, such as hifi://theden.dyndns-home.com which points to my domain Singularity or just a simple IP address.

I do see that there is also the possibility to mod the code to point to other login servers.

But for ownership of objects, there is a reason why I suggested my earlier HTTP requests content protection schema because it is simple enough to change to use some other authentication api for the client. But the problem about ownership of content behind “links (http or atp)” is that if the links are broken, the content is gone forever as well, which is why the ATP p2p project has been something they been looking into so that all domains online have some of the content already loaded once is available to be loaded via some authentication.


#3

Well, fundamentally, there needs to be a way that even if a given credential goes away (say, the independent service you got your username from goes out of business), you can still authenticate your stuff. Maybe there could be a means of embedding more than one means of verifying a given purchased-thing is yours into the object as stored on your machine. Say, 3 or 4 different, independent sorts of credentialing mechanisms, such that if any ONE of those can be verified as connected to you, you still are recognized as owning that item. Perhaps that you-purchased-this credential could (also?) be stored in some kind of blockchain system, one that exists independently of all the different purchase-things places and that info on ALL purchased objects from ALL parts of cyberspace might be stored on. But there’d also need to be a way to store whatever credentials were involved in your ownership of this virtual object be embedded in some redundant, I-tell-you-three-times, encrypted manner within the object itself.

You’re ability to demonstrate ownership of that object needs to be as ruggedly protected against failure-of-the-system and/or malicious attack as possible


#4

This is all known art and used everywhere through WEB sites. It’s called certificates with a trust chain that can root at various trusted centers.


#5

This days talking about one central service, tricky.

I think most of the user part is run by high fidelity. But a central service, i don’t think so. Because the login system can run cloud based, if the not already do that.

So technical i would think that ig the cloud farm in the usa get attacked that logins automatic fallback to other cloud server. But that mabye still need to be implemented.


#6

Well, think of it like this; the current web has certificates and certificate authorities. Everyone can issue certificates. The clue is that not every certificate authority is trusted by the browser. Only when the browser trusts the authority who issued the certificate of the website, the website will show up as ‘safe’. Just look above in the address bar, there should be a green lock beside the address. This means a authority trusted by the browser has issued this certificate.
The same principle should be used in HiFi. Multiple ‘name’ authorities which certify that the person behind the avatar is really that name. If the name displayed is not certified by a trusted authority, you won’t show up as trusted. You can also sign stuff with this certificate, even when it’s yours. Thus, even when a NA revokes your name, objects can still use that certificate. Only people can’t be sure that it’s really you.


#7

Okay, just to be sure I’m understanding this correctly:

In the WWW we have something called the DNS, Domain Lookup Service, which is several independent servers that each keep track of all available website domain names (well, also ones not running a website, too), and that anyone who creates an Internet domain, it gets added to that provider’s DNS server, and then gets propagated out to all the other DNS servers in cyberspace.

HiFi’s username system will function somewhat like the DNS, in which multiple places on the Net will each be letting people create a username through one or the other HiFi-style username servers, and that username credentials info then gets propagated out to all the other HiFi-style username servers, all owned and run by different, independent service providers? But also, like with DNS servers, no one else can independently try to “be” that credentialed username once yours has been created? And also, no one else at another username-server can revoke it, only the original service that made it, and maybe not even then?

And then, if someone DOES revoke the username credentials, all that does is decertify them, but not delete them from all of Cyberspace, and does not actually nullify the ID from objects made, and thus those objects can still be interacted with, and show the appropriate owner, the owner just gets shown as not-verifiably-you anymore?


#8

It is pretty near impossible to have a DRM system without a central authority. I don’t mean one computer, but a governing body. This is what the masses demand in order to protect their goods and services.

Using the DNS example: if GoDaddy terminates nathanadored.com because they don’t like your avian affinity, you may go to NetworkSolutions and reregister nathanadored.com. However, if the RSSAC blacklists it, you’re screwed.

The same goes for certificate authorities - DigiCert doesn’t like you, go to GeoTrust or StartCom - but above them is the CA/Browser Forum

Blockchain/PGP is a whole different matter- I can give you my private keys - defeating the whole purpose of DRM. In order to prevent that, there will have to be a governing body to administer your keys on your behalf.

Fortunately, you aren’t required to login to access all High Fidelity domains and the HiFi crew seem to be okay with parakeets.

OpenSimulator has a solution for distributed logins - hypergrid: You can run your own grid, including a login server, and use those credentials to teleport to OSGrid or any other hypergrid enabled grid in a practically seamless manner. Unfortunately, DRM is nonexistent.

btw- I do infrastructure and have been having this same academic debate for years

addendum: If there is no DRM system, you can have an open system. Once Apple removed DRM from the Apple store due to common demand, sales increased. So a DRM system may not be necessary down the road


#9

I think people here are misunderstanding how things work. user names are not DNS registered, place names are.
You are not at all required to log in to access a domain name.


#10

The conversation does get slightly muddied, but I gathered that OP was only using DNS to illustrate delegating account registration to multiple independent authorities. I think he is afraid that he will be banned for liking parakeets.


#11

Worse has happened. People have been banned for not liking vampires. Whatever. But, there has always been an interesting problem in virtual worlds with the use of words like ‘own’ or ‘buy’, especially in the context of digital goods.

Almost all digital goods in virtual worlds to date do not fall under ‘first sale’ doctrine. (if you don’t know what this means, read this for summary: https://en.wikipedia.org/wiki/First-sale_doctrine

So, when anyone writes something like this:

I’m more wondering what would happen to all the content someone buys through those credentials. My belief is that once someone has purchased a given thing, it should be theirs forever

…though a nice belief, it is not so at all. A ‘sale’ and conveyance of ‘ownership’, and I place those words in quotes because they are fictive transactions, are really a conveyance of a license for a fee to use a digital instance of something. Digital media does not physically convey anything. It gets worse too, because these licenses are almost always conveyed to fictive individuals, to the avatars, not the actual person. Example: in SL avatar-A ‘buys’ a race car. It is no-transfer. Avatar-B claims he should be able to get a copy of that car because B and A are the same real person. It will not happen because the license is to fictive Avatar-A. In fact if the person behind Avatar-A goes to some other virtual world, he has no default rights to use that car elsewhere. You probably have seen many merchants make it clear that items they ‘sell’ (actually license to avatars) may not be transferred to other virtual worlds. They make that point just to be clear about this.

It’s going to get very complicated in High Fidelity about all this licensing because HF has been very clear they will not be a central repository of identity unless an avatar (not the person behind the avatar) gives permission to let the system reveal some identity information. Practically speaking it means that if you wish to remain anonymous, don’t expect to ever be able to purchase things from merchants. And, if you do give permission to do so, but revoke that permission later, you will likely lose your licenses because they too have to be revoked since you have cloaked your identity. Fair is fair after all. It has to work both ways.


#12

Well, it also boils down to perspective, and on who chooses the terminology, too. I do know that Pirate Party (yes, that really is a legitimate political party) have been pushing very hard to make sure that we have the same rights with computer-file-based items as we have with physical-object-based items, or to put it another way, that digital rights should work the same as analog rights. For instance, if its illegal for them to en mass open your physical mail in transit to read it (and it is, tho they seem to have bent the rules and done end runs around them in some places) then it should also be illegal to do that with email, If ownership rights come with a dead-tree edition of a book, then it absolutely should come with ebooks, too, because a book is a book is a BOOK. But they’ve also been pushing for a subtle change in how everyone refers to DRM copy-protection schemes. I.e don’t call it Digital Rights Management, call it what it REALLY is, Digital Restrictions Mechanisms, and then spread THAT definition and usage as far and as wide as possible, in order to change the perspective of the masses, and through that, the perspective of the politicians. If they start seeing it described as Digital Restrictions Mechanisms far more often than they see it described as Digital Rights Management, it changes their views on the matter too, even better if its routinely called a DRM infestation wherever possible, as if the DRM were a whole bunch of insects invading your system, then public opinion would start swinging the other way on this.

And yes, there is clearly a battle going on between the you-just-license-this-for-your-use-but-don;t-own-it crowd and the you-own-whatever-you-purchase crowd. Which side will ultimately win is anyone’s guess, but I’m strongly in favor of the latter.

I should point out that many years ago, they had this debate over digital music, and many people put themselves squarely on the side that said that purchased digital music albums (that you then download to your own machine) should NOT have any kind of DRM attached to it, and ultimately THAT side won out. I was one of the ones who fairly early on voted with my virtual feet by signing up for companies like eMusic, which sold all their music as DRM-less MP3s, back when iTunes still sold most of its music with some sort of DRM embedded in it. Eventually Apple caved to public opinion and phased out the DRM-embedded music files in favor of plain old MP3s.


#13

The perspective I choose is U.S. Law and the treaties other countries share. Yes, there are many attempts to change this, but it has not happened to date. I am pointing out what is, not what could be. BTW, there are some exceptions: libraries are exempt in that they can redistribute digital media without specific licensing (as if it were a physical first sale case).

and too, the really big issue is that if there is no reliable identification of who you are, then anyone wanting to deliver high value content to people (in this case avatars), can’t do it without incurring risk. They will likely simply not do it.


#14

One of the things what need to be done correctly,

  1. The price need to be good.
  2. You need to have the content in your own possesion.

Also , revoking sounds a bad idea. lucky that can be solved i think when you have the content.

I really see problems in url based assets from others, especially in the early day it’s gone to be a drama. merchants come, merchants go. And people end with empty domains and money lose. This is easy to solve by have it in your own possesion.

It only need to be marked who made it and who buyed it. high fidelity is not a centralized system. and how opensim works with hypergrid is having it’s problems to.

Content on your own domain is easy, but clothing and attachments, are the bigger problem with content protection i think, you cannot around some 3rd party and http assets.


This is how asset disappear
#15

It would be wise for them to make their copy-protect mechanism just involving enough to thwart the casual copiers… and no farther. The ones who REALLY want to crack your copy-protection will do so regardless.

Anyway, it would probably be better to have some sort of purchase-proof embedded into the object, and/or into some kind of blockchain thing that exists independent of any particular online store that could go poofsky in a year or five… but also something that obfuscates the owner – one-way-encrypts it, say (one of those compare-the-hashcode things) – so someone else can’t dig out the name of the purchaser from it, so that certain things people might like to purchase – say, very VERY naughty virtual sextoys – would be protected against the busybodies digging out the info from it to use against the purchaser. Frankly, there’s going to be virtual stuff people purchase online that very MUCH falls into the none-of-your-gorrammed-business!!! category.


#16

BTW, on the subject of analog rights vs digital rights, and our liberties being eroded wrt the latter… a fairly good read on this is here:

And another important point is this:

Note particularly the point made in the first article that “You’re not going to get the government’s permission to protect the Internet against the government.”


#17

I believe all this can be summed up by the simple statement that pre the industrial and pre the digital age items created by people were essentially mod, nocopy, xfer. That pretty much protected the ability of creators to live off of their creations, and it provided decent repurposing and transfer rights to people who obtained those creations.

The industrial age brought us copy abilities for durable goods, but copy was accessible by the very few. Everyone else were still at the nocopy stage.

The electronic age made copy available to many people, but the copies were usually inferior and so creators still had the means to make a living off of their creations.

The digital age made for mod/copy/xfer by just about anyone, and so the ability to earn a living from ones creations fell into jeopardy. Only items that were not durable were safe. It is why we see so many short life products out there engineered to fall apart. It is one means to temper rampant copying.

We are now at the age of both digitally exact copies in intangibles (music, videos, avatar skins, models), and with 3D printing getting seriously good we are approaching the age where physically exact copies can be made. So, yes, there are some deep issues here, the biggest one being: how can the ideas and manifestations of a person be compensated fairly in a world where those ideas can be grabbed and manifest by others nearly instantly and anonymously.


#18

Well, yes and no. The first article there is about the tendency of governments to want to spy on us through any and every means possible, while slowly eroding away our rights in ways we don’t notice happening. Frankly, governments are an insidious thing. They’re supposed to be working for us, the voting public, but too often they act as if we’re THEIR subjects, too often trying to force everyone to their will, sometimes under the misguided belief they’re protecting us from ourselves, and the point of that article is that ONLY through properly applied technology (at the end-user’s side of the system, and/or at the local level) can we thwart that and throw them out of our lives. The first article was describing how we DO have an absolute right to privacy and self determination, and frankly I remind you that those rights do NOT come from the government, they exist as a natural law of the universe and existed as a matter of course BEFORE any of the present governments ever existed, never forget that the one of the intended duties originally set for the US Government, at least, and for at least some of the other, newer governments was to make sure those naturally-existing rights weren’t being trampled on by others. Including the governments themselves.

The trouble is that the governments, and for that matter the big corporations, then figured out they could walk all over us because they’re bigger than we individuals are. In fact, we’re getting into the age of the megacorps, where corporations get bigger than entire governments and can push those governments around like bullies at a playground, forcing those governments to do THEIR bidding. But they also figured out they could be very, very sneaky and screw us over while making it look like they benefit us.

One of the other things that has been going on with the giant corporations is, though… they’ve managed to become the gatekeepers for all content. Or, at least, for decades they were, because the only way to mass-distribute creations such as music or books was for one large entity to produce it with their expensive and complicated machinery that the person who originally made that music or book didn’t have the means of operating himself, at least not without the copies coming out crap or spending way more time churning out the records or books than he or she did on crafting the actual music or prose going into them.

The record industry has, in fact, for many, many decades been roping music artists into signing a very, VERY lopsided contracts with them, such that practically 99% of the proceeds go to the record company on all sales. They provide an advance to a music group, but that advance is actually treated as a LOAN, which that music group has to pay back later. The music group then goes out and does all the hard work (advertising themselves, placing themselves in front of the public at large, doing their concerts, etc, etc) but they never see one thin dime of the profits from their album sales until they hit something like superplatinum, which most of them never get anywhere near. They have to pay the RECORD COMPANY for the privilidge of working for THEM essentially. This is changing, of course, now that digital music and digital distribution has come along. A number of music groups now sell directly, or they go through some outfit that hosts their music online in purchasable form, but which pays THEM most of the profits on every sale. The trouble is, the giant music companies are seeing the writing on the wall, and they don’t WANT to lose this gravy-train they’ve had for maybe a century… so they lie through their teeth about how “those pirates out there” are taking money out of the pockets of all those starving music artists. This is pretty rich, considering that 90% of the time its the RECORD COMPANIES ripping off the artists, not “the pirates.”

In fact, quite often, people will discover some group they never heard of before, due to some piece of music they find distributed online by “the pirates,” decide they like that group, plug the name of the group into a search engine, find their online shop and buy some albums from them. In fact, there have been studies that have demonstrated that “the pirates” often are the bands best paying customers. At that, some bands actually deliberately place their own music out on the peer to peer networks as a marketing scheme, knowing more people will discover them and come purchase their albums or go to their concerts.

In the 90s I heard an anecdote about the home videogames industry, back when games were typically run directly from 3.5" floppy, rather than being installed to hard drive from them. I don’t know the voracity of this one, but it sounds true to life. There was, of course, a small subset of piracy going on at all times from those games. The games makers invested lots of money into various sorts of copy protection schemes, of increasing complexity and sophistication, which kept getting cracked anyway. Piracy remained the same sort of background-radiation level, though, no matter what they did. Somewhere along the line, one of these games developer companies sat down and did the math, and discovered that they were actually spending more money and effort on the copy protection mechanisms than they were on actually developing the games themselves. And it it was making zero difference in the amount of piracy going on: it just remained steady Eddie regardless. Anyway, one day they just decided… SCREW IT! …and released their next game without any copy protection applied. And the piracy level on that game remained the same as it was for all the others. So did the sales. Think about that for a minute. The piracy rate on that game did not skyrocket when the public discovered the game wasn’t copy protected, the piracy rate remained exactly the same as before!

But we’re getting off in a tangent from what I’d originally started this thread over. The point I’ve been trying to make, and that it looks very much like HiFi is going very much in the right direction on is, we have to make sure every Net technology we the Internet users develop is devised so as to make those big outfits (such as the megacorps and the big governments) have to work harder and harder at trying to screw US out of our privacy and out of those other rights that come as a natural state of the universe, until ultimately they decide its not worth the time or money to screw us over any more. One of those ways is to make wholly-owned-by-the-end-users systems devised such that it is IMPOSSIBLE to track people’s online activities, because the mechanism itself is as decentralized as possible (like Skype USED to be, for instance, before Microsoft bought it out and re-engineered it so it went through their central servers instead of it all going through a totally ad-hoc network formed directly machine to machine that was IMPOSSIBLE to insert “bugs” into and listen in on), while also strongly encrypting as much of it as possible, wherever possible, and also sometimes be deliberately NOT storing any information at all, at least not in any way that someone else can get their hands on it, but also devising these systems such that no one has ANY means of getting under the hood and trying to subvert it to do what THEY want it to do… like use it to spy on us, or to try to force certain people OUT of it because they don’t want THOSE people there (because if there’s no way to differentiate who’s who in there, because the info isn’t produced or communicated in a form that can be tapped, they can’t subvert it either, or demand by court order that the tech company pry that info out for them either) then those big and powerful agencies are just SOL… like they SHOULD be.

This is why I’m very, very happy that EVERYTHING about HiFi is designed to be decentralized and largely OUT of the ability of highfidelity the company to control or track things going on within it. INCLUDING, as it now sounds to me like, the username-credential systems. This also means that HiFi the company can say to a judge, “I’m sorry, your honor, but the technology doesn’t work like that. We CAN’T [give you that information/track that user/block that activity/insert Orwellian or for that matter busybody demand of choice] because that info isn’t where ANY one can get at it.”

Anyway, some interesting and informative links:

http://copy-me.org/2014/10/copy-me-webseries-early-copyright-history-episode-3/


#19

@Nathan, I consider the two articles rubbish. Now I can see you are seriously enamored of them, and frankly I understand that’s your relationship with them, but my interests lie with the issues of maintaining property integrity - that’s it. I’m happy to discuss the tech aspects, the issue about protecting the works that people make. The other stuff, brought up, not interested.