Sunday, August 12, 2007

Loser Labs Strikes Again with another flaggrant Security Hole Bug

I often dance places that have porn in the background running on the media stream. Media is now forcing itself on without user permission in several of them. I turn it off, it turns itself back on.I turn it off, it turns itself back on.

This is a major problem, because it means that if I, the user, am not expecting it, I can be embarassed publically. It is also a privacy violation from our good friends at Loser Laboratories, since listening to a music stream or media stream exposes your IP. Force media is yet another example of how Linden Labs had no concern for user privacy, expeirince or security.

Turn off media unless you know you are going to be using it in a location that you want to listen to media, or your rl and IP address are both vulnerable.

After crashing twice in the middle of a bug report, I think the best policy is just to blog the bugs and crashes, and let the general public decide whether they want to give LL their credit card or bank information.

1 comment:

  1. Lillie,

    What you're talking about is a VERY valid concern and has been an issue even prior to the "force media" flag.

    I almost never turn on media, ever for precisely this reason. It creates a connection outside of SL directly to your computer and, to do this, it informs the server of your IP address.

    I certainly don't want someone's choice of radio station or video forced on me whenever I go someplace in SL.

    It really bothers me that LL thinks that they have a monopoly and can simply do whatever they like. They seem to have forgotten about us, the residents, in their rush to add this and that new feature. Meanwhile the grid is crashing all over the place and they have multiple outages because of "co-location problems..." (if you believe that one I have a bridge somewhere I would like to sell you).

    *sighs* when will they learn?

    Analyzing this pragmatically, you could argue:

    1) How can they check the logs? and, if they did
    2) How can they know which IP belongs to which avatar?

    I'm very cautious about such things, nonetheless. I have a lot to protect... most of all my privacy.

    Anony Mouse
    "They did what?"