CopyBot: Endgame or Detour?

Unless you’ve been on the SL equivalent of Mars for the past week or so, you’ve probably heard about the brouhaha surrounding “CopyBot,” a program which is apparently capable of duplicating objects, right down to textures and animations. It relies on the Open Source libsecondlife effort, which is a library to interpret the protocol used by the SL client that is currently in development. I’m going to try and piece together what is known, and then offer a few observations.

When the news first broke about the existence of this device, there was a great hue and cry from the content creators of SL…spurred along by a response from Robin Linden that seemed lukewarm at best. She said “copying is not necessarily theft,” and, while she is technically correct, that was probably the wrong thing to say at that point. Eventually, LL clarified its position:

[…] the use of CopyBot or any other external application to make unauthorized duplicates within Second Life will be treated as a violation of Section 4.2 of the Second Life Terms of Service and may result in your account(s) being banned from Second Life.

But, by then, the damage was done. Reports started surfacing of businesses closing due to the potential for CopyBot abuse, and a spike on the LindeX at the same time indicated panic selling of L$ might have begun. The affair gave every sign of turning into a full-scale witch hunt, which even ensnared an innocent maker of vendors. Some businesses issued stern warnings about the use of CopyBot (incidentally, after seeing the warning from GuRL 6, I crafted a similar one on behalf of Don’t Panic! Designs). Others put up “CopyBot blocker devices” that repeat the “!quit” command over and over, in an attempt to force any instance of CopyBot that might be listening nearby to close down. And, while the libSL developers protested their innocence, pointing out that they had pulled the source for CopyBot out of their development repository, evidence surfaced that the developers were gleefully anticipating the havoc they would wreak with their “object stealer.”

Prokofy Neva, of course, is utterly ripshit, accusing the libSL group of being nothing more than a glorified griefer group, and accusing LL of being, at minimum, utterly clueless, if not outright malicious, for associating with such. On another side of the issue, the esteemed Ms. Ordinal Malaprop contends:

To be quite honest I doubt that there will be many instances of copying and distribution resulting from these tools in practice; the vast majority of residents have no interest in such activities, and the vast majority of those left have not the technical abilities to carry them out or the knowledge that they are possible.


To be honest it is too early to tell what sort of development of the Copying Facilities and changes to the world will result, and I would say that it is *certainly* premature to shut up shop, but the mere idea is disturbing to many.

And now we have some hard data on the impact of CopyBot: just uner 100 complaints total, involving some 50 individual Residents, over the course of a few days. While even a fraction of that number of complaints would certainly be cause for some heightened concern, the fact that so few people were involved–less than 1% of the typical number of people logged into SL at any given time, let alone the total number of active or registered accounts–would scarcely seem to mean The End Of The World As We Know It. Perhaps Ms. Malaprop’s statement is closer to the truth of the matter…as is Tateru Nino’s:

The most severe effect that copybot will have on Second Life will be our reaction to what we /fear/ will be done with it, rather than anything that is actually done.

The first observation I could offer is that Cory Linden is right: There is no way to completely stop someone from copying an object, or at least the physical properties and textures thereof, in SL. If it can be displayed, it can be copied. This is like the old axiom about scrambled cable channels: no matter how badly the video signal was scrambled, somehow it had to be capable of being de-scrambled so it could be sent to a normal TV set. People have already had success in copying textures from SL by intercepting the stream of information going from the SL client program to the graphics driver that displays it. You can’t stop that without a fundamental shift in the way the graphics subsystem operates…something which falls firmly into the realm of Things That Are Not Going To Happen.

Which leads me to another fundamental point: you cannot assume a secure client. Even if someone runs the unmodified client as downloaded straight from LL, you have to assume that this client will be run on “Satan’s computer.” People will packet sniff, they will disassemble, they will do anything they have to to try and break your protocol or data format or security system, if they want to badly enough. They could even be running the client inside a VMware virtual machine or equivalent, with their debugging tools on the “outside” of the VM, and the client would never even know it was being watched.

Given the above two points, an effort like libsecondlife was pretty much inevitable…and, in this day and age, since the power of Open Source is apparent in many ways these days (see: Linux, GNU, Mozilla,, etc. ad nauseam), it was natural for the interested parties to combine their efforts into an Open Source project. Some people have held that they shouldn’t have opened the source, since it makes the code far too accessible to those interested in griefing. My response to that: Open Source is not to blame here. Not having the source would not make griefers’ tasks impossible, just more difficult. At least, in this instance, people, including LL, have some knowledge of what the libsecondlife developers were up to. Another group, working in secret and sharing their knowledge only between themselves, could have accomplished the same thing, albeit slower. CopyBot might have appeared, not today, but several years down the road…say, when SL had become even more successful and accepted by RL corporations…and when a successful security attack would be far more damaging than it is today. And combating the efforts of such a group would be more difficult; you might have to reverse-engineer their attack program to figure out what the vulnerability is and stop it.

This is not to say that we’re in the best of all possible worlds now. It looks to me like the libsecondlife project needs to “clean house” in a big way. In fact, I would go so far as to recommend that LL, which has some interest in libSL right now anyway, should take over the administration of the project entirely, and should eject developers from the project who are using the tools to intentionally violate the TOS. If it’s that valuable of a tool to them, for use in spotting possible exploits and such, why aren’t they administering it? They might, for instance, establish a “libsecondlife foundation” to hold the code in trust and coordinate its further development; this would be similar to the relationship that currently exists between the Jabber project and its corporate sponsor, Jabber Inc. of Denver.

People would also do well to remember that the CopyBot as it currently exists is not capable of making perfect copies of all objects. It cannot, in particular, copy scripts. This makes sense, as scripts are designed to be executed on the server; the only time the client ever sees the script source is while it’s being edited. In this limitation might lie the key to recognizing copied objects. I can envision a system, for instance, where each object would contain a script capable of answering a “challenge” from outside and responding with a message indicating that the item was the genuine article. A counterfeit object would not contain the script (assuming the script itself could not be copied by other means) and hence would not respond to the challenge, marking it as a fake. There remain many practical details to be resolved here (not least of which is the communication method to use for the challenge/response…having the object listening on a channel at all times for the challenge would cause many people to start screaming “LAG!”), but a scheme like this could provide at least some method of detecting unauthorized copies and act as a stopgap until LL can beef up their own means for doing so.

In Neal Stephenson’s Snow Crash, Hiro Protagonist recognized that the coming of the Snow Crash digital virus represented a need for a fundamental shift in the design of the Metaverse, with more emphasis on security. We may face a similar moment here in the history of our own Metaverse. But, just as the Chinese character for “crisis” is a combination of the ones for “danger” and “opportunity,” so too does the CopyBot crisis represent both a danger and an opportunity…one which I hope LL, the libSL developers, and others will rise up to the challenge of. In the meantime, stay the course. Content creators, keep watch for anyone trying to use CopyBot to steal your creations, and give some thought to technical measures whereby such may be detected. Residents, pledge yourselves to refrain from violation of copyright, and urge your peers to do likewise. And keep your eyes on LL and the libSL developers…encourage them to do the right thing.

“These things pass. The trick is to live through them.” – Lazarus Long, Time Enough For Love, Robert A. Heinlein



Filed under Business, Current Events, Griefers, Technical

8 responses to “CopyBot: Endgame or Detour?

  1. Pingback: Evans Avenue Exit

  2. One thing that I discussed with sundry libsecondlife folk at the meeting from which I posted photography on my entry was the issue of watermarking via script. We bantered back and forth on the practicalities – I consider it a system that could be implemented without extraordinary issues – but the basic point remains that it is only valuable for people who wish to ascertain whether their item is an original or not. For those who don’t care, it does not matter.

    One thing that I have noticed, though, is that even the newest of new residents, once they understand that almost everything they see has been made by someone “real”, tends to agree that it is not reasonable to make individual copies. Some of this rests, I think, on the fact that everyone who makes anything in Second Life can be seen right there and then and talked to; they are not distant impersonal corporations in the main. As well as that, many new residents have ambitions to become creators themselves, and sympathise.

    We need not appeal to artificial constraints such as “copyright” in my opinion, which is often connected in the Other Place with drastically unfair legal restrictions – simple concern for others who are identifiable as actual people is universal enough to result in those breaching it encountering most definite social pressure.

  3. That’s an interesting philosophical angle to the issue that I hadn’t considered…it makes sense, of course, and it’s helped by the fact that every single object in the world is tagged with its creator’s name and profile link, showing the “real face” of the person you’d be ripping off by copying their item.

    One question it does beg is, will this perception on the part of Residents change over time as more of them enter the world, and particularly as more identifiably “corporate” goods (American Apparel clothes, Adidas shoes, Nissan Sentras, etc.) enter the world as well? That’s a question that can’t really be answered yet; perhaps in a year or so, we’ll know more. It also sort of reduces to the general question of what effect corporate influence will have on the community…which has been asked by many people in the SL community, and which is not a new question by any means; the members of Electric Minds were debating this topic back in 1997 when that community was acquired by Durand Communications.

    For now, at least, the community is not falling apart at the seams, many of the merchants who closed in protest of the CopyBot have reopened, and even some people who had been up in arms at the original news now seem to agree it’s more of a tempest in a teapot. And, far from scaring anyone off, the rate of new signups has increased…

  4. I would predict that the introduction of corporate identities to Second Life would indeed reduce the perceived badness of copying their designs, just as many people will quite happily duplicate and distribute music that legally belongs to a large company, whereas they would not do the same when a small band is involved, particularly if they know them personally.

    And it is certainly not for me to criticise that position.

    On the other hand, corporations in Second Life distribute goods not for the value of L$ sales but for publicity at this moment, so this would not make any difference to them. The telling point might come when someone starts to sell items on the Grid which actually provide services – say, tailored prims with scripts which enable downloads. If an exploit which attacked those became known, and the Laboratory immediately and decisively acted to crush any possibility of it, well, we would know where their allegiances lay.

  5. Well, in the last few days i have noticed that the “copybot phenomenon” as i have come to call it, has fizzled into the obscure domain of has been articles. shop owners have shut down as a knee jerk reaction to the news that this had been released. with the more news that i get from my sources(remainig unnamed to protect identities of those involved) the less i am apt to believe that copybot can be all that dangerous, being that as was stated in the main post, and i had actually brought the thought to life, is the ones that wold be apt to do no good with it are the veteren SL’ers that have a grudge against someone, and those that can manipulate code.(possibly a big rarity in the SL world.) and those like me who dont know any better. for all that dont know i am an IT professional and a netadmin for the local college in my town, mostly on an oncall basis due to college funding. my staff consists of 3 full time local college grad’s and 4 interns. (i’m there more than i am selling insurance…) however i digress.
    i didnt even know this was possible, nor did i really care. however i figured, and was noted by the spike in L$ sellbacks, that the copybot and ensuing closures, has affected the economy inside the grid, mostly for those involved. the closures have cut the L$ income of the creators themselves, and hast really affected my pocket book, i just take my L$ elsewhere, as have quite a few of my shopping pals. so all in all was copybot bad for SL, well it depends on who you talk to.
    i may be saving up in the next few months to possibly open a small furniture store in the near future, hopefully by the end of the year, but hopefully before february. i will have to let everyone know to come and check it out =) lord knows i will need the help.

  6. Prokofy Neva

    This continues to be a social issue, even more than a technical issues, and as such, is not solved by purely technical means. Funny you should accuse me of being “ripshit,” when you yourself call for libsl to “clean house”. Indeed, the whole reason I was “ripshit” was because they didn’t at all clean house, and haven’t to this day. It was immoral to use this device to terrorize people; to sell it; to sell its anti-dote; to claim falsely it was under control; to pay a source to lie to journalists; to fake an apology; etc etc — there are a whole series of actions of bad faith.

    The right thing to do is to disassociate from this group and leave it. To this day, it fills up with W-Hat griefer alts and is a haven for irresponsible sandbox script kiddies. The Lindens should have pulled their own staff out of it, and should have done a lot more than they have to make it clear that while they are sanctioning the reverse-engineering of their platform, they aren’t sanctioning the use of the results of that work for griefing and harming other residents.

    It’s just happened over and over again — God-stalking, the megaprims, CopyBot, and Campbot — all griefing and terrorizing people while libsl just laughs in the IRC channel.

  7. Prok, I have never been associated with the libsecondlife group, and, after everything that’s happened, I’m not sure I ever want to be associated with it. And this should be a major cause for concern on their part–if their reputation is causing people to be scared away from becoming possible contributors to the legitimate reverse-engineering of SL and development of their library, then it’s interfering with their primary mission and needs to be addressed double-pronto.

    I still think that the right answer is for LL to take a more active role in the sponsorship of the libsecondlife project, say, by creating a foundation to hold the copyrights to the code and serve as a centerpoint for development, ala Apache or Jabber (and yes, those models have drawbacks…BUT they’ve also been very effective within their scope). But, in order to accomplish this, the existing leadership is going to have to cede some control…and if their motives are as you say, this is probably not bloody likely.

  8. Pingback: The Trouble With libsecondlife « Evans Avenue Exit

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s