Model protections for purchases with MarketPlace


#1

If we place a model on DropBox and place into MarketPlace for sale, what keeps someone from just going to our DropBox and copying the model outside of HiFi?


#2

Other than it being theft intellectual property and all that, nothing. Its something i was chatting with people about today. Builders are reluctant to bring stuff in they worked hard on whilst the url is for all 2 see
If the url was hidden am sure people could still steal it, so whats the solution?


#3

Encryption maybe? Where the interface can decrypt on the fly but keeps it on the disk encrypted until needed? The artist would have a key to encrypt only and place onto DropBox. Simple encryption should be OK as the goal is to keep honest folks honest.

I spent lots of money out of pocket to pay artist in the past for assets which I would like to recoup some expense on one day.


#4

There will always be ways to get at shared assets, I do think there should be some thought of ways to discourage theft though. It should not be as trivial as following a url at least.


#5

The real question more over is what will happen when there is an asset you bought and the person who was hosting it loses their server, moves their domain etc. You just hold the pointer to an asset somewhere else and you lose everything if they leave.


#6

Well, for starters, you can’t just peruse one’s dropbox, so some sort of purchase system would have deliver a product to a user. Some sort of system could be made where the “inventory” is stored on dropbox, but selling something wouldn’t be just be handing out public links, as those are easily shared. On top of that, we’d need some sort of inventory system in place along with permissions, regardless of weather we’re storing that inventory personally, on some centralized or decentralized system.

In any case… with the open nature of the system, copy-botting would be fairly easy to do, and would likely be done.


#7

The issue here is not whether someone needs a client with patched code to find the direct url, the issue is right now, say you upload an svo of your domain for others to enjoy… even if you had it locked on your end, it is now free to view the url of the location of the entity or javascript tied to an entity once someone else “buys it.”

That is the problem right now with the marketplace as it stands, it will be seen how different it is once you can sell smaller items/entities.


#8

I think is is commen that when someone puts something on marketplace they will probably use some free service (on a nas at home for instace) to host the models, but when it appears to be a succes and they get sales they probably will want to move the content to more durable spot, somewhere at an hosting company.

So then all the url’s will change … some sort of hf redirect service would come in handy.

Preventing models get copied outside the marketplace is something wich probably cannot be prevented. But how to detect this, so action can be taken ?
I do not think it actualy will harm business if someone takes an unautized copy for themselves, probably even the oppisite is true. But I think this if different when sometakes takes a copy and sells it below the price it is sold by the authorised selled of the object on the marketplace.


#9

You could have a system based on server authentication. Assets are loaded by the server based on licenses. One issue I can see here is that without moderation people could still upload copies of items to the server, that would then at least be traceable.

Moderation I could see being a key issue, that sort of system would probably need staff to verify content is suitable for Market.

To do this assets would need restrictions on being uploaded normally. Or would have to have a restriction such as watermark/timeout. The server would keep a list of asset urls which are dynamically changing.
Then there’d be the issue of private or free assets.

It’s a very interesting subject.


#10

Something else to consider is that a lot of content providers specifically state not to “distribute or resell” in the EULA/TOS.

Putting the asset under an URL which anyone can in theory download will likely be in breach of the terms many have purchased/downloaded items under.

I certainly cant see many “serious” creators from SL working with this kind of system. Maybe people from more open ecosystems like Unity, but even they sometimes have very strict EULA. So this will in turn have a negative impact on the availability and diversity of content available for use to Hi-Fi users.


#11

In fact people are hosting their own assets for their domain within HF.

I am not sure where the assets come from within SL, but they are downloaded from somewhere from a server to a client. So also on SL content is constantly distributed over and over again. Through quite a different system that is true.

For now I would suggest to limit to assets which won’t break terms coming with them when used in HF.

My glass sphere prim is showing me some glimps of clever solutions for the url issue. But was not wearing a dk2 so the fps was a bit to low to get a clear picture.


#12

It’s not so much where the assets are delivered from or even how they’re delivered that really matters. What matters is, at this time, there is zero concept of asset control as in permissions to take, use copy redistribute. So, obviously, you should place nothing on HiFi whether in marketplace or rezzed in a domain the public can access if it’s something you want any chance of not having taken. Anyone bringing in any content they need to keep control of should clearly understand you have none at this time.

If a user can copy the URL and grab a copy of the FBX asset then they have it.

This will surely change in the future, as in encryption and call backs to authorize seeing, placing, using etc. (right?)


#13

Really, asking for DRM on models for HiFi is like asking for images on the internet to have DRM. It’s kinda insane and would probably stifle a lot of things, like memes. However, I think a way of clearly ‘watermarking’ a file would be useful. Also, it is kinda insane trying to have a Marketplace where people can buy/sell content, but the content is hosted externally.

An idea: Any URL that is linked to an item in the Marketplace cannot be rezzed outside of the Marketplace (unless free), thus ‘piracy’ via URL copy-paste would be impossible. Then there would need to be something akin to YouTube’s ContentID system, to check for re-uploads of pre-existing models that are sold. (Of course, if it was something free, I don’t believe something like this would need to be utilized).
If a user buys an item on the marketplace, then they have a ‘key’ for item. Or something. I don’t know.

So if a user copied then pasted the URL of a chair model, then HiFi would notice that they were trying to ‘upload’ a $5 chair from the Marketplace and stop them. If the user then downloaded the .fbx and re-hosted it on their own servers, then it would be detected and ‘blocked’.
The thing is, it would be kinda difficult figuring out ways to catch trivial modifications to the .fbx to circumvent the filter. It’d have to be robust enough to recognize a model that had a single polygon shifted slightly, and the texture made slightly darker in an attempt to evade the filter. However, it would also have to avoid triggering false-positives.

An even simpler route, would be to basically hide and obfuscate the URL of any items. However, I have done minimal editing, so I have little idea how it would work. Such a thing would also not stop those who are using traffic-monitors or something (I forgot what they’re called) on Interface.


#14

Yep, and putting a model under your own url is distributing the content. HF should state clearly that that models with this kind of EULA or TOS is not permitted in HF. Pretty much all models for Unity are sold in this way, and likely Unreal, and CryEngine. In the few tutorials they recently made, HF acts as if most agreements allow for the models to be used here. I’m also pretty sure that many creators would change their agreements to better protect themselves knowing that a virtual world is doing things in this way. I’m thinking of adding clarification to my own EULA, to specifically address High Fidelity, even tho I state clearly that redistribution is not allowed.

High Fidelity people? We could use some clarification from you, and how you are going to address this.


#15

Hi @Medhue, Philip has put up a good marketplace post here, that contains a number of comment threads: https://alphas.highfidelity.io/t/design-and-direction-for-protecting-content-using-the-marketplace/2767 .


#16

Thanks Chris! I’m still getting used to this forum.