Touche'.
On Fri, May 7, 2010 at 11:52 AM, Argent Stonecutter
wrote:
> On 2010-05-06, at 22:06, Ricky wrote:
>>
>> Also, since this information is /already/ accessible
>
> Not if you don't turn streaming media on.
>
___
Policies and (un)subscribe informa
On 2010-05-06, at 22:06, Ricky wrote:
> Also, since this information is /already/ accessible
Not if you don't turn streaming media on.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read t
Tigro Spottystripes schrieb:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> don't the user agent string already tells servers about some of the
> browser's capabilities with the current format?
>
> the current one for my Firefox is:
> Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
don't the user agent string already tells servers about some of the
browser's capabilities with the current format?
the current one for my Firefox is:
Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.3)
Gecko/20100401 Firefox/3.6.3 (.NET CLR
One thing more to consider is that the content (but not the format) of
this string is up to the viewer developer. If the viewer developer is
security conscious, or has a security conscious user base, the
developer can choose to use the one selected by one of the Linden
Lab's main viewer versions.
The only difference between "default none" and "default something
generic" is that you're sending more bytes to provide the same
negative information.
On 2010-05-06, at 13:47, Tigro Spottystripes wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> have the default be somthing gener
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
have the default be somthing generic then
On 6/5/2010 15:24, Argent Stonecutter wrote:
> On 2010-05-06, at 11:51, Tigro Spottystripes wrote:
>> Then you just set your user-agent string to something generic
>
> Yes, I'm a paranoid nut who knows to d
On 2010-05-06, at 11:51, Tigro Spottystripes wrote:
> Then you just set your user-agent string to something generic
Yes, I'm a paranoid nut who knows to do that. I know to opt out. Most
people don't.
Which is why any capability like this needs to be opt-in.
On 2010-05-06, at 08:59, Tateru Nino wrote:
> Would something like llDetectedViewerCaps() that returned a
> well-defined, yet open, capabilities string be potentially more useful
> than just asking for the brand of the viewer?
So long as you have to approve (or pre-approve) them, with
notificati
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Then you just set your user-agent string to something generic
On 6/5/2010 00:28, Argent Stonecutter wrote:
> On 2010-05-05, at 18:39, Tigro Spottystripes wrote:
>> How so?
>
> The SL client is not a browser, and currently provides a stronger
> priv
Are you referring to something like this, which can track browsers even if
(and much easier if) they turn cookies off or tinker with their privacy
settings...
http://panopticlick.eff.org/
On Thu, May 6, 2010 at 6:32 AM, Argent Stonecutter
wrote:
> On 2010-05-06, at 01:23, Ricky wrote:
> > How ca
On 6/05/2010 11:32 PM, Argent Stonecutter wrote:
> On 2010-05-06, at 01:23, Ricky wrote:
>
>> How can that be a source of correlation, unless you are using a viewer
>> that has a userbase of one (yourself and your alts)?
>>
> When you're gathering information on someone for tracking purpos
On 2010-05-06, at 01:23, Ricky wrote:
> How can that be a source of correlation, unless you are using a viewer
> that has a userbase of one (yourself and your alts)?
When you're gathering information on someone for tracking purposes you
don't need certainty. Even a viewer with a few percent of t
How can that be a source of correlation, unless you are using a viewer
that has a userbase of one (yourself and your alts)?
Even so, the suggestion is on the floor that the transmitted useragent
string be readily spoofable across all methods of gathering the info.
In this way we can allow legit us
On 2010-05-05, at 18:39, Tigro Spottystripes wrote:
> How so?
The SL client is not a browser, and currently provides a stronger
privacy firewall than a browser. This is important, because unlike a
browser connection when you are logged in to SL you're broadcasting a
strong non-repudiable ide
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
How so?
On 5/5/2010 20:36, Argent Stonecutter wrote:
> On 2010-05-05, at 16:34, Tigro Spottystripes wrote:
>> That would open lots of possibilities
>
> It would open up all kinds of cans of worms.
>
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.
On 2010-05-05, at 16:34, Tigro Spottystripes wrote:
> That would open lots of possibilities
It would open up all kinds of cans of worms.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
That would open lots of possibilities
On 5/5/2010 18:32, Argent Stonecutter wrote:
> On 2010-05-05, at 14:57, Bryon Ruxton wrote:
>> Can't we just get an additional AGENT_VIEWER flag via llGetAgentInfo?
>
> Let's not.
>
On 2010-05-05, at 14:57, Bryon Ruxton wrote:
> Can't we just get an additional AGENT_VIEWER flag via llGetAgentInfo?
Let's not.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the poli
HTTP cookies were shared across all accounts using a viewer installation
- until recently. It's my understanding that the latest crop of viewer2
viewers keep cookies separate per-account. However unless you're using
one of those newest ones, it's possible to track down alt-accounts or
hotseat users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I thought cookies weren't shared between accounts even in the same
machine...are you sure they are?
On 5/5/2010 17:28, Thomas Shikami wrote:
> Bryon Ruxton schrieb:
>> Can't we just get an additional AGENT_VIEWER flag via llGetAgentInfo?
>> Even if
Bryon Ruxton schrieb:
> Can't we just get an additional AGENT_VIEWER flag via llGetAgentInfo?
> Even if not foolproof, it's useful as a factor for legitimate security or
> warning tools, as well as for stats gathering for 99% of residents.
> It seems like a logical solution to me, instead of having
Am 05.05.2010 21:57, schrieb Bryon Ruxton:
> Can't we just get an additional AGENT_VIEWER flag via llGetAgentInfo?
> Even if not foolproof, it's useful as a factor for legitimate security or
> warning tools, as well as for stats gathering for 99% of residents.
> It seems like a logical solution to
Can't we just get an additional AGENT_VIEWER flag via llGetAgentInfo?
Even if not foolproof, it's useful as a factor for legitimate security or
warning tools, as well as for stats gathering for 99% of residents.
It seems like a logical solution to me, instead of having to go the http
agent route or
On Wed, May 5, 2010 at 11:02 AM, Tigro Spottystripes
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> can the the client loading HTML on a prim be considered the same as the
> internal web browser or the rules change in that case?
Techinaly there is no "internal" webbrowser, all htm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
can the the client loading HTML on a prim be considered the same as the
internal web browser or the rules change in that case?
On 5/5/2010 05:42, Harold Brown wrote:
> This question is someone being overly obtuse on purpose.
>
> The Internal Web Br
On 05/05/2010 10:42 AM, Harold Brown wrote:
> This question is someone being overly obtuse
Sorry about that.
> on purpose.
I can assure you that not. While I was aware my question was a bit
nitpick-ish, I didn't consider to look at the internal browser as
separate entity (which makes sense and sol
This question is someone being overly obtuse on purpose.
The Internal Web Browser is 1. Not a Third Party Viewer, 2. Nor is
it connecting to the Second Life Grid, negating the whole "Spoof"
clause question
At the most it might connect to an HTTP-Server on a prim.
If the Internal Web Browser is
On Tue, 2010-05-04 at 20:48 -0300, Tigro Spottystripes wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Is the internal browser considered the viewer itself or can it have it's
> own identifier?
>From what I remember, it uses something like Second Life Viewer/VERSION
(Mozilla 4.0...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Is the internal browser considered the viewer itself or can it have it's
own identifier? And is the user agent string of the internal browser
*the* unique viewer identifier mentioned in the TPVp? Are we gonna have
to hire a lawyer to get these questi
30 matches
Mail list logo
