Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-07 Thread Ricky
Touche'. On Fri, May 7, 2010 at 11:52 AM, Argent Stonecutter wrote: > On 2010-05-06, at 22:06, Ricky wrote: >> >> Also, since this information is /already/ accessible > > Not if you don't turn streaming media on. > ___ Policies and (un)subscribe informa

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-07 Thread Argent Stonecutter
On 2010-05-06, at 22:06, Ricky wrote: > Also, since this information is /already/ accessible Not if you don't turn streaming media on. ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read t

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-07 Thread Thomas Shikami
Tigro Spottystripes schrieb: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > don't the user agent string already tells servers about some of the > browser's capabilities with the current format? > > the current one for my Firefox is: > Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-06 Thread Tigro Spottystripes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 don't the user agent string already tells servers about some of the browser's capabilities with the current format? the current one for my Firefox is: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-06 Thread Ricky
One thing more to consider is that the content (but not the format) of this string is up to the viewer developer. If the viewer developer is security conscious, or has a security conscious user base, the developer can choose to use the one selected by one of the Linden Lab's main viewer versions.

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-06 Thread Argent Stonecutter
The only difference between "default none" and "default something generic" is that you're sending more bytes to provide the same negative information. On 2010-05-06, at 13:47, Tigro Spottystripes wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > have the default be somthing gener

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-06 Thread Tigro Spottystripes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 have the default be somthing generic then On 6/5/2010 15:24, Argent Stonecutter wrote: > On 2010-05-06, at 11:51, Tigro Spottystripes wrote: >> Then you just set your user-agent string to something generic > > Yes, I'm a paranoid nut who knows to d

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-06 Thread Argent Stonecutter
On 2010-05-06, at 11:51, Tigro Spottystripes wrote: > Then you just set your user-agent string to something generic Yes, I'm a paranoid nut who knows to do that. I know to opt out. Most people don't. Which is why any capability like this needs to be opt-in.

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-06 Thread Argent Stonecutter
On 2010-05-06, at 08:59, Tateru Nino wrote: > Would something like llDetectedViewerCaps() that returned a > well-defined, yet open, capabilities string be potentially more useful > than just asking for the brand of the viewer? So long as you have to approve (or pre-approve) them, with notificati

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-06 Thread Tigro Spottystripes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Then you just set your user-agent string to something generic On 6/5/2010 00:28, Argent Stonecutter wrote: > On 2010-05-05, at 18:39, Tigro Spottystripes wrote: >> How so? > > The SL client is not a browser, and currently provides a stronger > priv

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-06 Thread Erik Anderson
Are you referring to something like this, which can track browsers even if (and much easier if) they turn cookies off or tinker with their privacy settings... http://panopticlick.eff.org/ On Thu, May 6, 2010 at 6:32 AM, Argent Stonecutter wrote: > On 2010-05-06, at 01:23, Ricky wrote: > > How ca

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-06 Thread Tateru Nino
On 6/05/2010 11:32 PM, Argent Stonecutter wrote: > On 2010-05-06, at 01:23, Ricky wrote: > >> How can that be a source of correlation, unless you are using a viewer >> that has a userbase of one (yourself and your alts)? >> > When you're gathering information on someone for tracking purpos

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-06 Thread Argent Stonecutter
On 2010-05-06, at 01:23, Ricky wrote: > How can that be a source of correlation, unless you are using a viewer > that has a userbase of one (yourself and your alts)? When you're gathering information on someone for tracking purposes you don't need certainty. Even a viewer with a few percent of t

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Ricky
How can that be a source of correlation, unless you are using a viewer that has a userbase of one (yourself and your alts)? Even so, the suggestion is on the floor that the transmitted useragent string be readily spoofable across all methods of gathering the info. In this way we can allow legit us

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Argent Stonecutter
On 2010-05-05, at 18:39, Tigro Spottystripes wrote: > How so? The SL client is not a browser, and currently provides a stronger privacy firewall than a browser. This is important, because unlike a browser connection when you are logged in to SL you're broadcasting a strong non-repudiable ide

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Tigro Spottystripes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 How so? On 5/5/2010 20:36, Argent Stonecutter wrote: > On 2010-05-05, at 16:34, Tigro Spottystripes wrote: >> That would open lots of possibilities > > It would open up all kinds of cans of worms. > -BEGIN PGP SIGNATURE- Version: GnuPG v2.

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Argent Stonecutter
On 2010-05-05, at 16:34, Tigro Spottystripes wrote: > That would open lots of possibilities It would open up all kinds of cans of worms. ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Tigro Spottystripes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 That would open lots of possibilities On 5/5/2010 18:32, Argent Stonecutter wrote: > On 2010-05-05, at 14:57, Bryon Ruxton wrote: >> Can't we just get an additional AGENT_VIEWER flag via llGetAgentInfo? > > Let's not. >

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Argent Stonecutter
On 2010-05-05, at 14:57, Bryon Ruxton wrote: > Can't we just get an additional AGENT_VIEWER flag via llGetAgentInfo? Let's not. ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the poli

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Tateru Nino
HTTP cookies were shared across all accounts using a viewer installation - until recently. It's my understanding that the latest crop of viewer2 viewers keep cookies separate per-account. However unless you're using one of those newest ones, it's possible to track down alt-accounts or hotseat users

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Tigro Spottystripes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I thought cookies weren't shared between accounts even in the same machine...are you sure they are? On 5/5/2010 17:28, Thomas Shikami wrote: > Bryon Ruxton schrieb: >> Can't we just get an additional AGENT_VIEWER flag via llGetAgentInfo? >> Even if

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Thomas Shikami
Bryon Ruxton schrieb: > Can't we just get an additional AGENT_VIEWER flag via llGetAgentInfo? > Even if not foolproof, it's useful as a factor for legitimate security or > warning tools, as well as for stats gathering for 99% of residents. > It seems like a logical solution to me, instead of having

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Kuraiko Yoshikawa
Am 05.05.2010 21:57, schrieb Bryon Ruxton: > Can't we just get an additional AGENT_VIEWER flag via llGetAgentInfo? > Even if not foolproof, it's useful as a factor for legitimate security or > warning tools, as well as for stats gathering for 99% of residents. > It seems like a logical solution to

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Bryon Ruxton
Can't we just get an additional AGENT_VIEWER flag via llGetAgentInfo? Even if not foolproof, it's useful as a factor for legitimate security or warning tools, as well as for stats gathering for 99% of residents. It seems like a logical solution to me, instead of having to go the http agent route or

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Robin Cornelius
On Wed, May 5, 2010 at 11:02 AM, Tigro Spottystripes wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > can the the client loading HTML on a prim be considered the same as the > internal web browser or the rules change in that case? Techinaly there is no "internal" webbrowser, all htm

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Tigro Spottystripes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 can the the client loading HTML on a prim be considered the same as the internal web browser or the rules change in that case? On 5/5/2010 05:42, Harold Brown wrote: > This question is someone being overly obtuse on purpose. > > The Internal Web Br

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Boroondas Gupte
On 05/05/2010 10:42 AM, Harold Brown wrote: > This question is someone being overly obtuse Sorry about that. > on purpose. I can assure you that not. While I was aware my question was a bit nitpick-ish, I didn't consider to look at the internal browser as separate entity (which makes sense and sol

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-05 Thread Harold Brown
This question is someone being overly obtuse on purpose. The Internal Web Browser is 1. Not a Third Party Viewer, 2. Nor is it connecting to the Second Life Grid, negating the whole "Spoof" clause question At the most it might connect to an HTTP-Server on a prim. If the Internal Web Browser is

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-04 Thread Rob Nelson
On Tue, 2010-05-04 at 20:48 -0300, Tigro Spottystripes wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Is the internal browser considered the viewer itself or can it have it's > own identifier? >From what I remember, it uses something like Second Life Viewer/VERSION (Mozilla 4.0...

Re: [opensource-dev] [POLICY] Configurable HTTP user-agent string

2010-05-04 Thread Tigro Spottystripes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Is the internal browser considered the viewer itself or can it have it's own identifier? And is the user agent string of the internal browser *the* unique viewer identifier mentioned in the TPVp? Are we gonna have to hire a lawyer to get these questi

[opensource-dev] [POLICY] Configurable HTTP user-agent string (was: Banning by client)

2010-05-04 Thread Boroondas Gupte
On 05/04/2010 10:57 PM, Ricky wrote: > [...] we could easily add some functions into our various viewers to change > the string into > whatever we choose it to be. Again, just like browser useragents. > Would that be allowed under TPVp section 2. c