Difference between revisions of "User:Qie Niangao/Media Security"
Qie Niangao (talk | contribs) (Created page with "This will be text and pictures from Inara Pey's Media Security initiative.") |
Qie Niangao (talk | contribs) |
||
Line 1: | Line 1: | ||
This will be | Introduction | ||
Second Life has rich media content: music and videos can be enjoyed in-world through the media players included in the Second Life Viewer. | |||
While the media capabilities in the Viewer are very flexible, it is important to remember that they can also be used by others to capture information about yourself without your knowledge - and that this information can easily be transmitted to databases outside of Second Life and outside of Linden Lab’s control. | |||
Because of this, the majority of Second Life Viewers now include a Media Filter that is designed to help you check the media requests you are receiving and determine whether or not you wish to accept them. | |||
This set of notecards has been written to help you: | |||
1. Understand the problem. | |||
2. Learn to use the Media Filter. | |||
3. Identify what might be data-mining media requests. | |||
4. Disable media in your Viewer if you wish to be safe, but don't wish to use the media filter. | |||
MEDIA SECURITY FAQ | |||
What is media streaming? | |||
- Media streaming is a means by which music and video can be directed to your Viewer for your enjoyment from sources outside of Second Life. | |||
The music you might hear while visiting a store, the music you hear at a live event, and videos you watch on an in-world TV screen - all these are sent to your Viewer via a media stream that can originate anywhere outside of Second Life. The same is true for any websites, videos and so on shown through the Media On A Prim function within Viewer 2. | |||
Why is this a risk? | |||
- Because there is no absolute way of knowing where such a media stream originates. Almost all streams offered in Second Life are perfectly legitimate and offer *no* threat to you. | |||
However, because of the way Second Life operates, it *is* possible for people to abuse the system and use a media stream in an attempt to gain information on you without you being aware of it | |||
What information are they after? | |||
- So far the main attempts in misusing media streams have been to obtain the IP Address - the digital "identity" assigned to your computer - that allows it to communicate over the Internet. In the same sense that someone needs your mailing address to send you a letter, a remote computer needs your IP address to communicate with your computer. | |||
Why do they want this? | |||
- For a variety of reasons.Some believe that linking IP addresses with avatar accounts allows them to link accounts to one another - identify if you have any SL alts and who they are. Others might use the IP information to try and identify where in the real world you reside; there are many reasons for the unscrupulous to gather and link such information. | |||
Is it entirely accurate? | |||
- To be honest no; for some it could be more accurate than others. IP addresses work in a number of ways, and this makes such systems questionable in their accuracy. | |||
However, the fact that people are prepared to go to these lengths means it is advisable for you to take steps to be aware of what your computer is being asked to do. | |||
Does using the Media Filter automatically protect me? | |||
- No. It acts as an advisor, letting you see what is going to on with your computer when it receives a request to stream media to you. It helps you evaluate whether or not you should accept a request from a media service located outside of Second Life. To further help you make a decision, these Notecards include some guidelines on how to identify potentially malicious media requests. | |||
But the final choice of what to do remains with *you*. At the end of the day, nothing can be 100% "safe" in Second Life. However, the Media Filter will help you make informed choices and help you to protect yourself. | |||
The Media Filter | |||
The Media Filter is designed to help protect you from malicious media streams that might be used to gather information about you as you travel around Second Life (such as capturing your IP address alongside your avatar details in an attempt to identify any alts you may have and link them to you). | |||
It has been specifically designed to warn you when your Viewer has been asked to accept an incoming media stream request, allowing you to determine whether or not you wish to receive the stream before it connects to your Viewer. | |||
This tutorial is designed to provide an overview on how to use the Media Filter, and to provide guidelines on what to look for in suspicious media streams. | |||
Note that the Media Filter will shortly be available for Viewer 2 & variants in the near future & will use the options described for the Dolphin 2 Viewer. | |||
----------------------- | |||
ENABLING THE FILTER | |||
By default, the Media Filter may be active from the moment you install a Viewer that includes it (you may even see it display a pop-up the first time you log-in to a Viewer that uses it - see "Using the Filter", below). | |||
However, should you find you need to turn it on, or if you wish to ensure it is active, follow the instructions below. | |||
1. Access the media functions in your Viewer's Preferences, as follows: | |||
Cool VL Viewer 1.25.0.25+: EDIT -> PREFERENCES -> COOL FEATURES -> MISCELLANEOUS | |||
Dolphin 1.5.48+: EDIT -> PREFERENCES -> ADVANCED -> MISCELLANEOUS | |||
Phoenix 1.5.2.977+: EDIT -> PREFERENCES -> AUDIO & VIDEO | |||
Dolphin 2 2.5.2+: ME -> PREFERENCES -> SOUND & MEDIA. | |||
2. Make sure ENABLE MEDIA FILTER (INCREASED SECURITY/MEDIA FILTER (INCREASED SECURITY) is checked. | |||
- If it is, close the Preferences window. | |||
- If it is not, check it and click APPLY and close the PREFERENCES window. | |||
------------------ | |||
USING THE FILTER | |||
Note: The Media Filter only works if you have media enabled. If you have previously disabled media but now wish to use the Filter, you will have to re-enable media first. | |||
The Media filter can activate in two ways: | |||
-> Automatically, on encountering a media stream trying to connect to your Viewer | |||
-> When you click on the music or media PLAY button. | |||
Either way, a pop-up is displayed on your screen: | |||
| |||
(image from from Dolphin 2) | |||
The pop-up displays the URL of the media stream and a series of buttons: | |||
ALLOW: allow your Viewer to connect to the stream. You should only click on this if you feel the media stream does not harbour a potential threat (see "What Do I Block?", below). | |||
WHITELIST: if you recognise the media stream as being from a safe source, click on this button to add the stream to your Viewer's Whitelist. This will prevent the pop-up appearing when you encounter the stream in the future | |||
BLACKLIST: use this option to block the stream and add it to your Viewer's Blacklist. The stream will be blocked automatically whenever it is encountered in future, without generating the pop-up | |||
DENY: if you are unsure about the stream, and do not want to risk exposure, click this. The stream will be blocked for the duration of your stay. | |||
Examples of what you might see: | |||
| |||
(image from Dolphin 2) | |||
The above is a "safe" media stream URL (it actually is for Martini in the Morning, a popular stream in SL). It would be OK to click Accept for this. | |||
| |||
This is altogether more suspicious: the long string after the main URL, together with a php statement suggest that it is going to do more than just stream music. The safest option would be to click Deny. | |||
WHAT DO I BLOCK? | |||
Identifying potentially harmful media streams is not easy. However, Pyske Phaeton has provided some notes to help you make a more informed choice. The following Notecards in this set may help: | |||
- Media Security 4: Guide to Suspicious URLs. | |||
- Media Security 5: Media Streams Shown to be Harmful. | |||
EDITING YOUR LISTS | |||
There may be times when you accidentally add a stream to your Blacklist or Whitelist and wish to remove it. Here's how: | |||
Bring up your Media Filter Editor: | |||
Dolphin 1.5.48+ and Cool VL1.25.0.25+: VIEW -> MEDIA FILTER | |||
Phoenix 1.5.2.977+: PHOENIX -> MEDIA LISTS | |||
Dolphin 2 2.5.2+: ME -> MY MEDIA FILTERS | |||
The media filter editing window, similar to the one show below, is displayed: | |||
| |||
(image from Dophin 1.x) | |||
Any URLs you have listed will be displayed in the left or right pane of the window. | |||
To remove a URL from either list, click on the URL to highlight it, then click on the respective REMOVE button under the pane. | |||
To manually add URL to either list: | |||
-> Click on the ADD button under the required list | |||
-> The New Domain box is opened | |||
-> Enter the domain you wish to add to your list | |||
-> Click the ADD button to the right of the box | |||
-> The domain is displayed in the required list. | |||
Some Viewers allow you to completely clear both lists using the CLEAR LISTS button. Where this is the case, remember that both the Whitelist and the Blacklist will be cleared. | |||
CLOSING NOTES | |||
1) It is probably better to deny all media requests for sims you rarely visit. | |||
2) If you have specific venues you enjoy - clubs, etc., - then use the media patch to examine incoming requests. Generally, the music stream will be obvious (and probably the only one to pop-up). | |||
3) Only Whitelist those streams you know are safe: your home parcel music stream, club streams you can absolutely trust (because you know the owners), etc.. | |||
4) Remember that this media patch only protects you from attempts to obtain data from you via a media stream. It does not prevent scripted objects obtaining information about your avatar such as you make available through your Profile. Such information is regarded as being "public", and as such, is open to use by scripted tools. | |||
5) If you are uncomfortable using the Media Filter but are worried about being scanned, disable the media settings in your Viewer. |
Revision as of 07:02, 18 March 2011
Introduction
Second Life has rich media content: music and videos can be enjoyed in-world through the media players included in the Second Life Viewer.
While the media capabilities in the Viewer are very flexible, it is important to remember that they can also be used by others to capture information about yourself without your knowledge - and that this information can easily be transmitted to databases outside of Second Life and outside of Linden Lab’s control.
Because of this, the majority of Second Life Viewers now include a Media Filter that is designed to help you check the media requests you are receiving and determine whether or not you wish to accept them.
This set of notecards has been written to help you:
1. Understand the problem. 2. Learn to use the Media Filter. 3. Identify what might be data-mining media requests. 4. Disable media in your Viewer if you wish to be safe, but don't wish to use the media filter.
MEDIA SECURITY FAQ
What is media streaming?
- Media streaming is a means by which music and video can be directed to your Viewer for your enjoyment from sources outside of Second Life.
The music you might hear while visiting a store, the music you hear at a live event, and videos you watch on an in-world TV screen - all these are sent to your Viewer via a media stream that can originate anywhere outside of Second Life. The same is true for any websites, videos and so on shown through the Media On A Prim function within Viewer 2.
Why is this a risk?
- Because there is no absolute way of knowing where such a media stream originates. Almost all streams offered in Second Life are perfectly legitimate and offer *no* threat to you.
However, because of the way Second Life operates, it *is* possible for people to abuse the system and use a media stream in an attempt to gain information on you without you being aware of it
What information are they after?
- So far the main attempts in misusing media streams have been to obtain the IP Address - the digital "identity" assigned to your computer - that allows it to communicate over the Internet. In the same sense that someone needs your mailing address to send you a letter, a remote computer needs your IP address to communicate with your computer.
Why do they want this?
- For a variety of reasons.Some believe that linking IP addresses with avatar accounts allows them to link accounts to one another - identify if you have any SL alts and who they are. Others might use the IP information to try and identify where in the real world you reside; there are many reasons for the unscrupulous to gather and link such information.
Is it entirely accurate?
- To be honest no; for some it could be more accurate than others. IP addresses work in a number of ways, and this makes such systems questionable in their accuracy.
However, the fact that people are prepared to go to these lengths means it is advisable for you to take steps to be aware of what your computer is being asked to do.
Does using the Media Filter automatically protect me?
- No. It acts as an advisor, letting you see what is going to on with your computer when it receives a request to stream media to you. It helps you evaluate whether or not you should accept a request from a media service located outside of Second Life. To further help you make a decision, these Notecards include some guidelines on how to identify potentially malicious media requests.
But the final choice of what to do remains with *you*. At the end of the day, nothing can be 100% "safe" in Second Life. However, the Media Filter will help you make informed choices and help you to protect yourself.
The Media Filter
The Media Filter is designed to help protect you from malicious media streams that might be used to gather information about you as you travel around Second Life (such as capturing your IP address alongside your avatar details in an attempt to identify any alts you may have and link them to you).
It has been specifically designed to warn you when your Viewer has been asked to accept an incoming media stream request, allowing you to determine whether or not you wish to receive the stream before it connects to your Viewer.
This tutorial is designed to provide an overview on how to use the Media Filter, and to provide guidelines on what to look for in suspicious media streams.
Note that the Media Filter will shortly be available for Viewer 2 & variants in the near future & will use the options described for the Dolphin 2 Viewer.
ENABLING THE FILTER
By default, the Media Filter may be active from the moment you install a Viewer that includes it (you may even see it display a pop-up the first time you log-in to a Viewer that uses it - see "Using the Filter", below).
However, should you find you need to turn it on, or if you wish to ensure it is active, follow the instructions below.
1. Access the media functions in your Viewer's Preferences, as follows:
Cool VL Viewer 1.25.0.25+: EDIT -> PREFERENCES -> COOL FEATURES -> MISCELLANEOUS Dolphin 1.5.48+: EDIT -> PREFERENCES -> ADVANCED -> MISCELLANEOUS Phoenix 1.5.2.977+: EDIT -> PREFERENCES -> AUDIO & VIDEO Dolphin 2 2.5.2+: ME -> PREFERENCES -> SOUND & MEDIA.
2. Make sure ENABLE MEDIA FILTER (INCREASED SECURITY/MEDIA FILTER (INCREASED SECURITY) is checked.
- If it is, close the Preferences window. - If it is not, check it and click APPLY and close the PREFERENCES window.
USING THE FILTER
Note: The Media Filter only works if you have media enabled. If you have previously disabled media but now wish to use the Filter, you will have to re-enable media first.
The Media filter can activate in two ways:
-> Automatically, on encountering a media stream trying to connect to your Viewer -> When you click on the music or media PLAY button.
Either way, a pop-up is displayed on your screen:
(image from from Dolphin 2)
The pop-up displays the URL of the media stream and a series of buttons:
ALLOW: allow your Viewer to connect to the stream. You should only click on this if you feel the media stream does not harbour a potential threat (see "What Do I Block?", below).
WHITELIST: if you recognise the media stream as being from a safe source, click on this button to add the stream to your Viewer's Whitelist. This will prevent the pop-up appearing when you encounter the stream in the future
BLACKLIST: use this option to block the stream and add it to your Viewer's Blacklist. The stream will be blocked automatically whenever it is encountered in future, without generating the pop-up
DENY: if you are unsure about the stream, and do not want to risk exposure, click this. The stream will be blocked for the duration of your stay.
Examples of what you might see:
(image from Dolphin 2)
The above is a "safe" media stream URL (it actually is for Martini in the Morning, a popular stream in SL). It would be OK to click Accept for this.
This is altogether more suspicious: the long string after the main URL, together with a php statement suggest that it is going to do more than just stream music. The safest option would be to click Deny.
WHAT DO I BLOCK?
Identifying potentially harmful media streams is not easy. However, Pyske Phaeton has provided some notes to help you make a more informed choice. The following Notecards in this set may help:
- Media Security 4: Guide to Suspicious URLs. - Media Security 5: Media Streams Shown to be Harmful.
EDITING YOUR LISTS
There may be times when you accidentally add a stream to your Blacklist or Whitelist and wish to remove it. Here's how:
Bring up your Media Filter Editor:
Dolphin 1.5.48+ and Cool VL1.25.0.25+: VIEW -> MEDIA FILTER Phoenix 1.5.2.977+: PHOENIX -> MEDIA LISTS Dolphin 2 2.5.2+: ME -> MY MEDIA FILTERS
The media filter editing window, similar to the one show below, is displayed:
(image from Dophin 1.x)
Any URLs you have listed will be displayed in the left or right pane of the window.
To remove a URL from either list, click on the URL to highlight it, then click on the respective REMOVE button under the pane.
To manually add URL to either list:
-> Click on the ADD button under the required list -> The New Domain box is opened -> Enter the domain you wish to add to your list -> Click the ADD button to the right of the box -> The domain is displayed in the required list.
Some Viewers allow you to completely clear both lists using the CLEAR LISTS button. Where this is the case, remember that both the Whitelist and the Blacklist will be cleared.
CLOSING NOTES
1) It is probably better to deny all media requests for sims you rarely visit.
2) If you have specific venues you enjoy - clubs, etc., - then use the media patch to examine incoming requests. Generally, the music stream will be obvious (and probably the only one to pop-up).
3) Only Whitelist those streams you know are safe: your home parcel music stream, club streams you can absolutely trust (because you know the owners), etc..
4) Remember that this media patch only protects you from attempts to obtain data from you via a media stream. It does not prevent scripted objects obtaining information about your avatar such as you make available through your Profile. Such information is regarded as being "public", and as such, is open to use by scripted tools.
5) If you are uncomfortable using the Media Filter but are worried about being scanned, disable the media settings in your Viewer.