[#SVC-869] Fighting Spam, Scams & Phishing: Add a "Give & Sell Permissions" Parcel Option.

2. Second Life Service - SVC

Fighting Spam, Scams & Phishing: Add a "Give & Sell Permissions" Parcel Option.

Created: 24/Oct/07 12:19 AM Updated: 27/Oct/07 11:29 PM

Return to search

Component/s:

Scripts, Simulation

Affects Version/s:

None

Fix Version/s:

None

Issue Links:

Relates

This issue Relates to:

SVC-422 A solution to scams, money theft - etc. New parcels Flag "Block Transactions"

SVC-456 Meta-Issue: Improved Anti-Griefer Tools

Description

« Hide

After additional thoughts about the SL Spam problem and considerations to the response received to my previous 2 cents suggestion (~~SVC-851~~). I am proposing a more thought through Spam, Scam & Phishing filtering solution that I think all parties could be happy with (except griefers and thieves

The underlying assumption is that we're trying to avert "Unauthorized selling activity as well as unsolicited automated inventory delivery (i.e. via scripted objects) from illegitimate third party sources on a parcel, other than the land owner (or land affiliated group member) of the parcel in which the recipient also stands. That said we want to leave up to the parcel owner or renter whether to opt-in or out after evaluation of the possible hampering cost vs. the benefit of having the parcel restrictions.

The feature would be a parcel option that can be turned on or off in a similar fashion to EITHER the "No Push" (Option A) OR "No Script" (Option B) with an identification icon in the toolbar.

Option A: One "Restrict Giving or Selling Objects" checkbox in the "Land Options:" section.
Enabling the checkbox at the parcel owner's discretion would prevent all scripted objects in the parcel from any unauthorized third party (rezzed or attached to an avatar) to deliver inventory to other avatars in that same parcel, except for object 'set to group' or deeded to the group if the parcel is 'set to' or owned by the group.
The box should be checked ON by default.

Option B: Two "Give/Sell Objects" checkboxes in the "Allow other residents to:" section.
Like "No Script" the owner would have two checkboxes to allow the permission to either "All residents" and/or "Group". The "All Residents" permission should be checked OFF by default and the "Group" one default to ON.

I am not sure whether option B is entirely necessary, but it may be an additional level of flexibility for group land, notably in commercial rental areas. The difference with option A is that you can also apply the restriction to non-owner-qualifed group members.

In both cases, a group based 'ability' such as "Set Set-to-group objects for sale" can always be added under 'Object Management' to limit selling permissions within the group itself as an additional level of security .

When clicking on the toolbar icon with permissions off, the blue dialog would say to a resident:
"This land is llGiveInventory, llGiveInventoryList, money llRequestPermissions and Object Selling Restricted".
You cannot set objects for sale or deliver objects via another object to others on this land unless you are the owner.

What does having such option imply?

1. In LSL terms, it would prevent the ability from any unauthorized third party to use the llGiveInventory, llGiveInventoryList, llRequestPermissions(key, PERMISSION_TRIGGER_ANIMATION) functions in a script to deliver objects to an avatar in the same restricted area. Avatar to avatar object deliveries from (i.e. inventory to inventory or not rezzed) shall of course be excluded from the spam filter restrictions.

"Buy/Pay" functions in the pie menu and the "For Sale" checkbox would be grayed out/disabled for the unauthorized objects, and the hover tip should not show the text line "For sale: Price". Since there is already a flag for objects that would be considered authorized (i.e. what makes them not auto-return) maybe the same flag could be used to disable Buy/For Sale. (Specifically Case A)

So this would overall prevent illegitimate advertising (free or not), prohibit third party unauthorized sales, and protect against phishing.

2. It would greatly deter griefers from spreading self replicating inventory givers like I have lately seen, capable of spreading from region to region and from innocent avatar to innocent avatar rezzing them, creating a social mess as I have outlined in ~~SVC-851~~.
Because a land can be restricted against spam it would actually make spam violation attempts from remote parcels (notably using sensors) more reprehensible and perhaps subject to more aggressive disciplinary actions from Linden Lab.

3. It will give visitors a more reliable way to mitigate the risk over the legitimacy of an object being delivered to them, just by looking at the toolbar icon to see whether the parcel "Anti-Spam" filter is enabled or not. It may also likely improve the overall chances that a legitimate notecard/object will be actually read/looked at. And it will give more control to land owners to define what they consider spam (i.e. what is their own definition of unsolicited delivery)

4. It retains the capability for any vendors or remote scripted methods to deliver a third party product from an outside parcel (so long as the object is set to group or owned by the parcel owner), or for inventory givers on neighboring parcels to remain functional (yes, even those infamous ad cubes )

NB: I am not a professional programmer and only an LSL novice so I may have overlooked critical elements. But if not, I think it's a good solution addressing spam, scams and phishing issues all at once with a fairly simple feature.

Description

). The underlying assumption is that we're trying to avert "Unauthorized selling activity as well as unsolicited automated inventory delivery (i.e. via scripted objects) from illegitimate third party sources on a parcel, other than the land owner (or land affiliated group member) of the parcel in which the recipient also stands. That said we want to leave up to the parcel owner or renter whether to opt-in or out after evaluation of the possible hampering cost vs. the benefit of having the parcel restrictions. The feature would be a parcel option that can be turned on or off in a similar fashion to EITHER the "No Push" (Option A) OR "No Script" (Option B) with an identification icon in the toolbar. Option A: One "Restrict Giving or Selling Objects" checkbox in the "Land Options:" section. Enabling the checkbox at the parcel owner's discretion would prevent all scripted objects in the parcel from any unauthorized third party (rezzed or attached to an avatar) to deliver inventory to other avatars in that same parcel, except for object 'set to group' or deeded to the group if the parcel is 'set to' or owned by the group. The box should be checked ON by default. Option B: Two "Give/Sell Objects" checkboxes in the "Allow other residents to:" section. Like "No Script" the owner would have two checkboxes to allow the permission to either "All residents" and/or "Group". The "All Residents" permission should be checked OFF by default and the "Group" one default to ON. I am not sure whether option B is entirely necessary, but it may be an additional level of flexibility for group land, notably in commercial rental areas. The difference with option A is that you can also apply the restriction to non-owner-qualifed group members. In both cases, a group based 'ability' such as "Set Set-to-group objects for sale" can always be added under 'Object Management' to limit selling permissions within the group itself as an additional level of security . When clicking on the toolbar icon with permissions off, the blue dialog would say to a resident: "This land is llGiveInventory, llGiveInventoryList, money llRequestPermissions and Object Selling Restricted". You cannot set objects for sale or deliver objects via another object to others on this land unless you are the owner. What does having such option imply? 1. In LSL terms, it would prevent the ability from any unauthorized third party to use the llGiveInventory, llGiveInventoryList, llRequestPermissions(key, PERMISSION_TRIGGER_ANIMATION) functions in a script to deliver objects to an avatar in the same restricted area. Avatar to avatar object deliveries from (i.e. inventory to inventory or not rezzed) shall of course be excluded from the spam filter restrictions. "Buy/Pay" functions in the pie menu and the "For Sale" checkbox would be grayed out/disabled for the unauthorized objects, and the hover tip should not show the text line "For sale: Price". Since there is already a flag for objects that would be considered authorized (i.e. what makes them not auto-return) maybe the same flag could be used to disable Buy/For Sale. (Specifically Case A) So this would overall prevent illegitimate advertising (free or not), prohibit third party unauthorized sales, and protect against phishing. 2. It would greatly deter griefers from spreading self replicating inventory givers like I have lately seen, capable of spreading from region to region and from innocent avatar to innocent avatar rezzing them, creating a social mess as I have outlined in ~~SVC-851~~. Because a land can be restricted against spam it would actually make spam violation attempts from remote parcels (notably using sensors) more reprehensible and perhaps subject to more aggressive disciplinary actions from Linden Lab. 3. It will give visitors a more reliable way to mitigate the risk over the legitimacy of an object being delivered to them, just by looking at the toolbar icon to see whether the parcel "Anti-Spam" filter is enabled or not. It may also likely improve the overall chances that a legitimate notecard/object will be actually read/looked at. And it will give more control to land owners to define what they consider spam (i.e. what is their own definition of unsolicited delivery) 4. It retains the capability for any vendors or remote scripted methods to deliver a third party product from an outside parcel (so long as the object is set to group or owned by the parcel owner), or for inventory givers on neighboring parcels to remain functional (yes, even those infamous ad cubes

) NB: I am not a professional programmer and only an LSL novice so I may have overlooked critical elements. But if not, I think it's a good solution addressing spam, scams and phishing issues all at once with a fairly simple feature.

Show »

All

Comments

Change History

Sort Order:

[ Permlink | « Hide ]

WarKirby Magojiro added a comment - 24/Oct/07 01:16 AM

Very similar to SVC-422, one of my own proposals

[ Permlink | « Hide ]

Lex Neva added a comment - 24/Oct/07 09:22 AM

I can definitely get behind this. I'd just like to see the option changed from "No Spam" to "No Scripted Inventory offers" or something similar, so there's no confusion.

I'd like to see the decision about whether a llGiveInventory() call is allowed to see follow the same pattern of the way the push restriction was designed to behave (not the way it currently behaves, see SVC-141). In fact, while we're at it, it might be cool if quite a few other functions could be limited in this manner by parcel owners.

I like this kind of limitation because it leaves options open. If I don't like this limitation, I can go to lands that don't have it set. If I find that a parcel owner has set this but still has scripts spams me with inventory offers when I show up on their parcel, my response is obvious: leave the parcel and find one that disallows scripted inventory offers. I like the idea of NOT making the scripted inventory spam protection into a client preference for the same reason that I didn't want Push Restriction to be a client option: there are plenty of legitimate uses of both llGiveInventory AND llPushObject, and people will be very likely not to take the time to educate themselves before turning on options that claim to be "anti-griefing". So a parcel setting like this is definitely the way to go.

[ Permlink | « Hide ]

Bryon Ruxton added a comment - 24/Oct/07 07:33 PM

Lex, I agree about the name. The reason I called it "No-Spam" is that I focused initially only on llGiveInventory() restrictions in the same way you mentioned. But I realized later in the process that disabling a llGiveInventory() calls HAS to implicate money functions as well (e.g. otherwise you can still pay a vendor but the vendor cannot deliver, and we don't want that kind of scam or failure). Only then I realized that this kind of feature could indeed be associated with other restrictions. The question is then, which functions are inevitably associated together and how can they fit in one meaningful term that properly defines the entire feature?

I had not read SVC-422, which mainly focuses on money transactions with selling and buying limitations. The major differences is that my proposal now encloses the llGiveInventory() functions in addition, regardless of payments, and the approach is based on disabling LSL functions from being called rather than simulation behavior. (e.g. graying out the pay function avoids the need for rejected payment dialogs or having the simulator refunding the money)

UPDATE: Changed overall definitions and terms to reflect the broader scope of protections with a feature name that encompasses the no selling and no phishing elements along with llGiveInventory restrictions.

[ Permlink | « Hide ]

Lex Neva added a comment - 25/Oct/07 08:34 AM

I wish that our hand wasn't forced in having to disable paying objects at the same time we disable llGiveInventory(). There are definitely cases where an object takes payment but does not call llGiveInventory(), and we're going to stomp on those. It'd be nice if we had any kind of return value from llGiveInventory() or ANY way of determining whether or not it worked. Then we wouldn't have to disable paying objects when we disable llGiveInventory().

[ Permlink | « Hide ]

Lex Neva added a comment - 25/Oct/07 08:43 AM

I disagree with your suggestion that the "restrict giving and selling" checkbox should be on by default. Push Restriction wasn't marked on by default, but it gained widespread adoption shortly after it was implemented. This means that it's not necessary to default an option like this to on to let it see widespread adoption. On the other hand, suddenly turning this option on across the grid WILL impact many vendor rental land areas, including one my group owns.

I also don't want to see llRequestPermissions() lumped together with llGiveInventory. I'd LIKE not to see even llGiveInventory lumped together with objects allowing payment, but that's necessary right now, I think. llRequestPermissions() should definitely be its own setting. Don't hamstring this feature by making it too much, which makes it an all-or-nothing proposal. If someone wants llRequestPermissions() to be allowed for whatever reason that we can't forsee, they shouldn't have to also allow llGiveInventory(), and vice versa.

I don't think you should be limiting setting objects for sale. There is no way whatsoever that setting an object for sale using SL's internal "for sale" checkbox could possibly result in an unsolicited inventory offer happening. Someone must buy the object before inventory will be sent. I think this should remain allowed. Only SCRIPTED vendors using the right-click pay system and llGIveInventory() should be limited. In other words, don't lump the buying system into this, lump right-click pay into it.

[ Permlink | « Hide ]

Bryon Ruxton added a comment - 27/Oct/07 02:46 PM

Good valid points Lex! In option B the group checkbox should remain checked by default indeed. I overlooked the group functionality in this particular case. Also I lacked clarity on llRequestPermissions(). I mean MONEY permissions ONLY to be limited (i.e. the PERMISSION_DEBIT constant). Updating Description accordingly.

As for lumping the buying function together, I know it's not necessary but I think it's a value added protection with no particular hampering cost to the owner. In fact, I don't think many owners are tolerating or have use for any unauthorized third party setting objects for sale in their store or on their land unless their are renters or group members. For the few who have such legitimate use it would probably make sense for them to turn the entire feature off anyway. The problem of objects for sale spam is particularly frequent in popular landing/platform areas especially sandboxes where the no-selling rule is violated every day. I think it's an actual issue worth addressing at the same time.

[ Permlink | « Hide ]

Lex Neva added a comment - 27/Oct/07 02:55 PM

I'm not quite sure my meaning got across properly, or maybe I don't understand what you mean by only setting the group checkbox to checked by default. What I was trying to say is that, when/if this suggestion is implemented, it should, by default, NOT make any changes whatsoever to existing plots. The default should be no restriction at all. Otherwise, you're going to slam a lot of people with an unexpected change, and for owners of vendor rental areas, that translates to lost revenue and upset renters.

I still don't agree that it's a good idea to lump for-sale objects into this proposal. It's like one of those bills in the US congress, where people keep lumping in semi-unrelated or unnecessary provisions, and eventually no one will vote for the bill because every person hates at least one part of it. We want to make sure people actually USE this functionality, so we should try to avoid having this one option turn off too many things so that fewer people will be forced not to use it. Furthermore, an object simply set for sale using the built-in system does not spam by its nature. If its very existence is considered spam, then turn off building on the plot. And if we're going to go back to trying to protect sandboxes... well, I'm sorry, but they ARE by their nature free-for-all areas.

[ Permlink | « Hide ]

Bryon Ruxton added a comment - 27/Oct/07 04:48 PM

The "Group" checkbox checked ON by default in Solution B means the opposite of the checkbox checked ON in Solution A.
I think that's what confused you and initially myself. In both solutions now presented the default behavior is not causing any impact or unexpected behavior to owners or group members at all, just like you seem to want it.

(And BTW this isn't for the entire benefit of sandboxes without impairment, because it means no builders would be allowed to test money events or llGiveInventory functions with the restriction on... My goal would be to have this restriction in two sandboxes out of three, or slice a small parcel with no restrictions reserved for builders money/llGiveInventory related testing. It's could actually be an alternative to Linden sandboxes letting people script with limitations against selling and spamming. And, sandboxes are not free-for-all TO SELL as you know.)

So, to be clear, the default behavior will prevent anyone setting shop on your land, including freebie advertising methods, automated unsolicited distribution, or other such unethical business practice to be taking place. The premise making me assume that 99% of land owners actually want this is that: you don't go sell or promote things in other peoples stores or private property or in public areas no reserved for such activity. This kind of behavior is not freedom, it's violating other people's personal and property rights. I think WarKirby Magojiro and Gigs Taggart would agree based on their SVC-422 comments. I am honestly not quite sure why it bothers you that much, you can still opt-out, and this does not impair anyones ability to conduct permissible or legitimate activities.

I welcome and encourage more comments to see what others have to say.

[ Permlink | « Hide ]

Lex Neva added a comment - 27/Oct/07 11:29 PM

"the default behavior is not causing any impact or unexpected behavior to owners or group members at all, just like you seem to want it."

I guess I haven't made myself clear yet. What I would want for option B would be BOTH checkboxes checked, so that this option limits NO ONE by default. I want this to be something that has to be explicitly set to cause any changes. Otherwise, we're going to slam a bunch of people with an unexpected change when this is released. I guarantee that some significant portion of the population would be disrupted and confused if you suddenly disallowed non-group people from giving/selling inventory all across the grid.

The reason it would bother me so much to enforce this by default is twofold: first, it's an unexpected change, and second, it's a case of you enforcing your preference on the grid.

As to the first, most people don't read the release notes on each new version, and they don't read the blog, so they'll be caught completely unaware if this change is rolled out and suddenly changes what can or cannot be done on their plot. I can think of plenty of cases where this will disrupt business, including rental vendor plots. I don't care how much of a benefit you forsee in enforcing this by default; if you change the way the grid operates and it breaks things, residents will be (rightfully) up in arms. I'm sure a vendor rental magnate won't enjoy spending hours trying to figure out what the heck is causing their customers' vendors to stop working while tens or hundreds of them are IMing the magnate demanding their money back.

As to the second, I'm all about giving people OPTIONS, but I'm not very happy with the idea of forcing those options on people without their concent or without informing them. There are bound to be cases that you and I can't think of in which this will severely inconvenience someone. That's happened to me plenty of times.

So, to make it clear: providing options is good. Changing the way SL behaves unilaterally isn't. If this option is useful enough, trust me, it'll see widespread adoption very quickly.

[ Show » ]

Lex Neva added a comment - 27/Oct/07 11:29 PM "the default behavior is not causing any impact or unexpected behavior to owners or group members at all, just like you seem to want it." I guess I haven't made myself clear yet. What I would want for option B would be BOTH checkboxes checked, so that this option limits NO ONE by default. I want this to be something that has to be explicitly set to cause any changes. Otherwise, we're going to slam a bunch of people with an unexpected change when this is released. I guarantee that some significant portion of the population would be disrupted and confused if you suddenly disallowed non-group people from giving/selling inventory all across the grid. The reason it would bother me so much to enforce this by default is twofold: first, it's an unexpected change, and second, it's a case of you enforcing your preference on the grid. As to the first, most people don't read the release notes on each new version, and they don't read the blog, so they'll be caught completely unaware if this change is rolled out and suddenly changes what can or cannot be done on their plot. I can think of plenty of cases where this will disrupt business, including rental vendor plots. I don't care how much of a benefit you forsee in enforcing this by default; if you change the way the grid operates and it breaks things, residents will be (rightfully) up in arms. I'm sure a vendor rental magnate won't enjoy spending hours trying to figure out what the heck is causing their customers' vendors to stop working while tens or hundreds of them are IMing the magnate demanding their money back. As to the second, I'm all about giving people OPTIONS, but I'm not very happy with the idea of forcing those options on people without their concent or without informing them. There are bound to be cases that you and I can't think of in which this will severely inconvenience someone. That's happened to me plenty of times. So, to make it clear: providing options is good. Changing the way SL behaves unilaterally isn't. If this option is useful enough, trust me, it'll see widespread adoption very quickly.