Proposal: Add HTTP Request Headers to be used for Content Protection


#21

That sort of disclamer should be something the domain owner should plan for with zones or something.
In anycase, the second reason is exactly the reason I am suggesting this: This way you don’t just state the license, but could force it from the asset server the domain owner is using. Try using the url in an unauthorised domain or with unauthorized “owner” and it wont rez / download for anyone…


#22

To keep things a bit crosslinked.

https://alphas.highfidelity.io/t/talk-about-object-permissions/825


#23

Am thinking, and i think it’s close or more simplified that what @Menithal describes.
But some basic protection that would be nice to have right now, am thinking about something like this.

  • Domain send some info and especially the domain name.

  • Website where the assets are stored need to run some script that checkes if the enitiy’s are loading in the correct domain. If it’s a different domain the entities tr to load on it’s blocking access. This way it;s also hardsofar i see to download them with a web browser.

It would be a start to make things safar. but in my idea’s are some flaws. so i think @Menithal idea is better.

What i just now like to see is that you can protect your work and that it’s only loading on your own domain and nowhere else or from webbrowser. without doing difficult things.


#24

Some of this protection needs to be certified, and revocability enforceable. Some of that needs to be rolled into the servers and clients and a 3rd party. The request headers is getting there.


#25

This was a very interesting read and a bit outdated since the blockchain. Here’s my question. Content on the store will have blockchain protection. What can be done to protect content that is brought in from an outside URL? Is there some mechanism to extend the blockchain to entities outside of the domains?


#26

This was a very interesting read and a bit outdated since the blockchain.

Year wise it is but the topic is still very much relevant.

It is posted a few months after the initial blockchain announcement as linked to:

Content on the store will have blockchain protection.

there is no protection through blockchain;

Instead there is blockchain certification which means the rezed instance of the object can prove that the session that created it has a key/identity that can vertify that they have the rights to create the object, and is backed by an ownership transaction in the chain. It also links back to source where the transaction was made.

Anyone with a link can still create it, download it and rehost it, but not in the marketplace as that gets curated. And when you Rip it out regardless of method they cannot verify that they own the asset.

What can be done to protect content that is brought in from an outside URL?

Domains can restrict Rez rights and avatars only to assets from the marketplace if they want or objects to certification. Not sure how many will actually enforce it, but it’sprobably going to be a community / social driven “don’t be a dick” enforcement.

More in @Philip’s announcement
post back before I posted this thread.

Is there some mechanism to extend the blockchain to entities outside of the domains?

None yet. We haven’t gotten the ability to host nodes and the interactions with the blockchain is still limited to HiFi services and currently, choice alliance members. Where as, currently only.the ledger (wallet/identity) is the one that is distributed.

The marketplace curation and certification also makes it a bit difficult to distribute the ability to make certificationa elsewhere because as soon as another marketplace or source can just become another point through which ripped assets could be “certified” at, especially as long as it’s not curated like the HiFi marketplace.