Johnvon Watanabe - 06/Jul/07 07:14 AM I agree this is an important issue that should be fixed right away, in view of the legislative changes happening right now with Internet radio.

SeanMcPherson Senior - 06/Jul/07 07:40 AM This is a fairly important issue. Although anyone *can* in theory sniff their own traffic to find the stream info, this at least makes things quite a bit more difficult for the casual "I want to give out this link to everyone I know, even tho they can't tip in world to help cover the costs" user.

elizabeth antonelli - 06/Jul/07 07:43 AM I completely agree .... this needs to be fixed right away!!! It is not right for people to be able to so easily steal information that others are paying good money for.

TS Allen - 06/Jul/07 08:01 AM I also agree. This is not a bug to be fixed, but a feature removed. It is a good feature to have but these are difficult times for the performers in SL. We are the primary sources of entertainment in world. We need to have the feature removed or severely controlled or the SL DJ will become a thing of the past if the internet radio DJ suffers in the judgments in the courts. Sadly though, I'm pessimistic that LL will lift a finger to help us, as it may prove to be a risk to them if they were to offer the DJs and video streamers in SL a small measure of protection. It would not be the first time that LL has cast ppl to the wolves to save their own derrieres. The best defense is a strong offence. Call and write to your representatives in the house.

Ganesha Xi - 06/Jul/07 09:20 AM I also like to have my music videos, which I host on my own private servers, to not be made available to whomever wishes to use it to chew up my bandwidth and possibly get me into DCMA trouble. I have them there for my own private viewing, as well as for guests, otherwise it's no one's business where this stuff is hosted.

Lex Neva - 06/Jul/07 09:52 AM Note, one can also view the SecondLife.log file and see the URL of most parcel audio and video. Even if this is removed, there will always be the ability to sniff one's traffic to discover the URL.

Magi Merlin - 06/Jul/07 10:33 AM My streaming bandwidth costs me a small fortune already, telling the worth the source of my stream could potentially cost me a packet - please rectify this issue as a matter of urgency

Aimee Congrejo - 06/Jul/07 11:18 AM If yer really worried about non-SL users stealing yer bandwidth then just add a user agent string check on yer streaming server. Dunno how you'd actually do that on a dedicated streaming server but Apache lets you do a .htaccess check: SetEnvIf User-Agent whatever_sl_uses share_allow Order Deny,Allow Deny from all Allow from env=share_allow Sure there's ways around it like if someone modifies their own user agent but it's a quick fix. Locks only keep the honest people out. LOL

Gregleens Merlin - 06/Jul/07 01:42 PM Need quickly be fixed. Audio and espacially video stream need to be hide from everyone. Bandwidth is to expensive for everybody can use your stream. Please do something, thanks alot.

Doubledown Tandino - 06/Jul/07 01:55 PM I am at someone else' land, and able to view their land's media links. These should never be viewable by anyone other than the parcel owners and people granted access.

grip talon - 06/Jul/07 09:28 PM This should definilty remain prviate no questions!

Gigs Taggart - 08/Jul/07 11:52 PM This should not be "fixed". There is no way to protect streaming media URLs. They must be sent to the client. It is worse to have the illusion of security where none exists.

Torley Linden - 09/Jul/07 09:35 AM Doubledown, thanks for your email to Glenn Linden and I. It's possible to *discourage* casual "copy-and-pasting" of your parcel media URLs, but not keep them 100% private. Context: when this issue came up earlier internally, we decided not to protect "special cases" because, as alluded to above, there are many ways to get the parcel URL. Such as, viewing the Debug Console. I remember Cube Linden mentioning some additional reasons -- I'll ask him. Furthermore, we know that over time, View Admin Options has led to compounded confusion, because there are a number of "intended functionality or not?" problems associated with it (search the Issue Tracker for examples). Linking this internally...

Celierra Darling - 13/Jul/07 08:31 PM Well, there's probably *a* way... route all streaming connections through SL servers, so the sim can hide the URL and can control permissions. But that's rather heavy-handed and unworkable... :P

Weaver Renegade - 21/Jul/07 08:41 AM I was going to open up a new issue, but I think my request may actually fit in here pretty well. I run an Internet radio station outside of SL, which I sometimes stream to an area within SL. I WANT people to connect to my stream, both inside and outside the game. I would like to make the stream URL visible to anyone who cares to look. More listeners for me means more money I can charge for advertising. I would like to see a checkbox next to the Music URL textbox which would NOT hide the URL in the About Land box. People streaming copyrighted music (or video) into SL without the proper royalties being paid should not be "protected" (as flimsy as it is) by hiding the URL. I don't see why any legitimate radio station would want to hide their URL from potential new listeners. Also, streaming servers like Icecast can do user authentication before allowing the client to connect. Could SL possibly handle authenticating to such a stream as another means to keep a stream private or to allow SL entrepreneurs to collect money for their services? SL live musicians could have a box containing a list of pre-created usernames and passwords and when paid a small fee would give out credentials to connect to the stream for the evening.

Thordain Curtis - 27/Jul/07 10:03 PM Like too many people have already stated, it's impossible to hide your stream URLs. Even if the client software prevented access (as well as all other means of connecting to Second Life), any person with decent network knowledge could use a simple command line too to grab the URL. This type of security through obscurity helps very little, in that once your URL gets out, there is nothing you can do to stop it. What would be a more interesting approach to solving this problem would be to have the secondlife client add in a few extra HTTP headers during media stream connections that would allow some level of connection filtering. (Think of the headers used during a llHTTPRequest(), but from the client software) I would imagine that Avatar First/Last Name and Avatar Key would be sufficient for this purpose. Once you have this type of data available on the streaming server side, you could do quite a bit of damage control. Obviously this doesn't prevent people from writing custom connection gateways or media players that forge the headers, but I'd think it would cut down on unauthorized connections quite a bit if properly implemented. Once you have this level of information, you can prevent duplicate connections from a single user key, as well as batch out xmlrpc requests to see if an avatar is actually online or not, and terminate the connection if they aren't. Even if you didn't want to take it that far, verifying avatar UUID against a DB of known allowed users is quite simple to implement, and would effectively ruin any casual attempt at using your streaming media. Also, a header with the region and parcel ID (or some other means of uniquely identifying a parcel) would be super useful as well, to prevent your streaming media URL from being used in any non-authorized parcels. Of course non-technically-inclined people wouldn't be able to make use of this immediately, but it would provide a means for people in the community to provide support software that allows this type of filtering to happen. Although mostly unrelated, it would be interesting to see the secondlife client support basic HTTP authentication for media streams. This would allow people to use many of the "premium" level services when they are on their own land.

Torley Linden - 14/Aug/07 07:11 AM Alas, I noticed this was marked as "Won't Finish" internally -- this is too "special case". I'll resolve it the same to sync issue status. However, I do know this will continue to be brought up as a concern, and if I'm aware of any other options we can do, I'll let you guys know.

Zorin Frobozz - 12/Sep/07 06:30 PM I'd like to add a vote to leave this alone. 1) You can get a stream URL anyway if you look for it. 2) Some of us like to listen using iTunes/WinAmp because then we don't miss out on the show if SL crashes. 3) Even if you remove every single possible way to see the URL from the client, a simple tcpdump will reveal it. If someone wants your stream address, they'll get it. Period. Please, we have no need for security through obscurity. Besides not being any security at all, it keeps people who want to listen to the stream in other players from doing so. I can't count the number of times I've gone home with my mate and set the URL on our own parcel so we could continue to listen to a DJ or show from the privacy of our home.

Day Oh - 18/Sep/07 06:12 PM Of course, I vote don't fix--I don't think creating the illusion of privacy is the ethical way to go.

Lightscribe Infinity - 22/Sep/07 11:07 AM I agree with Zorin Frobozz. That said,  "Don't let the music die. Call your representatives today and ask them to co-sponsor the internet radio equality act." SaveNetRadio.org

weedy herbst - 29/Nov/07 11:49 PM There is no point in removing this feature. Fetching a URL is simple. From a command prompt, type netstat -an. I am often dependant upon this admin feature when diagnosing radio, deeding and permissions issues with clients. It's important streaming audio servers protect themselves, as opposed to removing useful features from others who use them for what they were intended for.