The CopyBot controversy

15 11 2006

Copied!Recently there has ben lots of discussion and drama about a tool called CopyBot. One discussion with Robin Linden can be read here, there were some articles in the Second Life Herald, Eric Rice commented on the RIAA-style rage and even Reuters reported on the case here and here. Additionally there are two posts by Linden Lab on the topic, one is by Robin Linden and the other one by Cory Linden where he states again that the use of CopyBot is a violation of the Terms of Service and will be handled accordingly.

The effect in-world also has been quite huge. I received several votings on proposing to ban either CopyBot or libsecondlife, many shops have closed in protest and at least two demonstrations e.g. in front of a CopyBot reseller have been happening.

Now what is this all about? Let me try to clarify some things first.

How the system works

Second Life consists of clients and servers. On the server side there are first of all the servers which serve the sims (for each sim one server basically) and then there are some additional ones in the backend which handle e.g. login or provide the complete set of objects in existence (the asset server) which you can e.g. access via your inventory. Now in order to display objects and textures on your computer screen these need to be copied from the server to the client. In my understanding this will be a direct connection between the sim server on which you are and your client while the sim server talks to the asset server if it needs additional objects or textures.
The important point to note here is that all the objects (in the form of prim data) and textures (as bitmaps) will be transferred to your client which constructs the image from it by sending that data in a processed form to your graphics card (e.g. prim data will be converted into actual 3d objects constructed from points and vertices).
As this description implies it is always possible to copy this data. And it happened already as with the GL intercept program or similar tools (only for textures though).

Now what about CopyBot?

CopyBot is just one application which can do this task of copying objects. It is a result of the people who are doing research on the libsecondlife project which aims at documenting the Second Life protocol. A protocol can be seen as a sort of language in which the client and server talk to each other. So in fact it is the deciphering of that data stream I talked about earlier.
Additionally this project is an open source project which means that the code is freely available and can be modified and used by anybody as long as they do their work in terms of the license attached (some open source licenses, as for instance the GNU public license, need changes to be made public again so that everybody can profit from this derivative work again. It also seems to me one of the few (if any more) true collaborative open source projects in the realm of Second Life (but then again Second Life also makes it hard to truely collaboratively work on a project in-world).

CopyBot now started (in my understanding) as debugging tool for libsecondlife. And apparently the existence of a program to copy objects is not necessarily a bad thing. Imagine you created something and want to get a copy of this on your hard drive. There is no way to do that right now but work based on the CopyBot source could possibly provide such a service.
Of course there are also bad uses of such a program such as copying copyrighted material which in fact is the fear of many content creators these days.

But there is not much Linden Lab can do about it and this is what people need to understand. The data needs to be transferred somehow to your client and on this way it can always be copied. One solution might be to add encryption to the protocol. This might help but with Linden Lab’s plans of opensourcing the client it wouldn’t make much sense as they would provide the source code for decryption later on as well. Beside it might be cracked at some point and then LL would need to implement another mechanism which would be cracked again and so on. Actually I think they are changing those things on a regular basis already but people keep adjusting.

Is Open Source bad?

Before I come to the content creators let me first talk about Open Source a bit. For those who are not familiar with programming let me quickly explain that the source code of a program is the human readable form of it. Programmers write source code which in turn will be converted to a machine readable format. This format is very minimal and is not easily to convert back to the original form (and hard to understand for humans in this form). This machine readable format will then be given to the world (e.g. as the Second Life client). What libsecondlife does is not converting the machine readable format back to a human readable one based on the client program but instead they monitor the network traffic and try to guess what it means. So their goal is mainly to create completely new clients (or even servers) which then can be made truly open source.

Now on the forums there have been some commentators who argued that Open Source is a bad idea. Their reason for this opinion is that with open source code people can more easily spot problems in the source code which might be exploited. This discussion is actually not new as many companies a while back have argued the same way when they were confronted with Linux and tried to fight it (because it could possibly steal market share from them). That bugs and exploits can more easily be spotted in open source code is in fact true but then on the other hand these exploits will still exist if the source code is closed. Hackers could silently go and exploit these without anybody knowing about them. Now with Open Source many more eyes will check the source code. Some will be those of the bad guys but many more will be those of the good guys who go ahead and fix those bugs. They also release the product more often and patches are faster available than with traditional closed source programming thus making the system more secure in the end. For Second Life it usually means that Linden Lab has more pressure to fix them quickly (and LL does not have record of otherwise fixing things quickly as some have noted).

In the case of Second Life the subject is not the client source code but the underlying protocol. As I cannot imagine something completely bugfree and unexploitable the protocol probably will always be. And bugs have been spotted in the protocol already and Linden Lab went to fix them. This would eventually not have happened without libsecondlife and thus Second Life would be more vulnerable.

In this case things are different though. Data needs to be passed to the client and apparently disabling this feature would shut down Second Life. But they took at least some actions in announcing the timestamping of content and introducing Creative Commons licenses.


A license is the list of rules what you are allowed to do with content. This is not the same as the permission set available in Second Life. In fact the existing permission system is a bit weak when it comes to express my true intent about what I want to allow to be done with my creations. For instance I cannot set the permissions to “Allow this object to be copied and transferred for free but do not allow to sell it” or “Allow it to be copied and transferred and even changed but only with putting my name as original creator on it”. There are more such examples as you can imagine.

This is where Creative Commons Licenses come into play. These allow content creators to specify rules in more detail. For a complete description of them have a look at their homepage. Of course not all these restrictions can be modeled by permissions and thus it depends on the owner of the object to pay attention to them. But this is the same as in Real Life as e.g. I cannot protect a photo I put on the web. But I can attach a license to it stating what is allowed and what is not. I then have to make myself sure that I eventually sue people who are not playing by the rules. The same basically to Second Life. Technology is not always the solution and in fact we have more a cultural problem in front of us.

But there is DRM!

DRM stand for Digital Rights Management and is mainly known for it’s use in the field of audio and video files on the web. If you buy a song from iTunes then there is automatically DRM attached to restrict copying. It defines that you are only allowed to copy this song to 5 different devices to play and thus aims to prevent copying on file sharing sites.

Now this might sound like a good idea for Second Life!

It isn’t!

DRM is a pain in the ass if you e.g. try to copy your purchased MP3 from an iPod to another MP3 player (like the Zune). It does not play. In fact the Zune does need a different form of DRM which is not compatible to the iTunes one. So to be on the legal side you’d need to purchase this song again from the Zune store. Now imagine your iPod is broken and you got a Zune and you have 1000 songs purchased. You cannot listen to them anymore unless you break the copy protection. This is quite easily possible as every protection will be circumvented by hackers at some point but it’s not legal. Also look at the 5 devices limit. You maybe have an iPod, a laptop and your desktop computer, this makes 3 devices. Now you get another iPod and eventually a new laptop because the old one was broken. Makes 5. Now you are out of luck. It’s very unlikely that you will be able to listen to your purchased music in some years in a legal way.

So this is why I don’t buy DRM’d music. And the same would apply to any form of Second Life DRM. Even right now it’s annoying that I cannot copy all the clothes I purchased for personal use (as for making a new outfit) as they are set to no-copy. People want freedom and IMHO stuff would sell better the more freedom they have.

DRM means trusting nobody and it mostly affects your customer but not the ones who copy your stuff. They have a DRM-free version. Go to a filesharing site and you won’t see any DRM. And all the music is available nevertheless. Thus IMHO it does not make sense to start racing against hackers as the only one suffering would be your customers.

But what to do?

You as content creator are not only the sum of all your content you created. There is more to it. You have a brand which is (hopefully) recognizable, you do customer support (I hope), you are creative and come up with new ideas all the time (I bet). All this cannot be copied. And everybody who once started a business knows how hard it is to sell stuff if nobody knows you. The same is true for people copying other people’s stuff. Additionally they need to fear being sued (this maybe should done more often) or being banned. They also would be foolish to announce their service more openly. Thus IMHO content creators are pretty much protected by their brand.

The main thing to note here is that you need to be aware of this issue. Discussing it publicly it better than hiding it under the carpet while the bad guys can keep on copying. Being aware also means to find ways around that e.g. by providing additional services or maybe teaming up with a scripter to provide additional features.

There’s also the fact that many people hide behind their anonymity in Second Life. This is esp. true for all the trolls who are commenting on forums and blogs (IMHO these are the ones who truly act inresponsible in heating up such discussions instead of explaining things properly). It is also true for those who copy other people’s content. And it is true for those who are selling CopyBot (or did), such as Prim Revolution who is according to his interview on Reuters has been in Second Life for quite a while but created this account just to sell CopyBot. We should mark him as coward.

This in reverse means though that it might be a good idea to leave RL anonymity and provide more info about you. I never really understood why people tend to have separate lives in SL and RL (except maybe they are cheating on their beloved ones) but this is just me :-). But giving more info about yourself definitely helps gaining creditability which those copying guys never will have.

If we come back to CopyBot itself it’s also obvious that it is not the perfect solution for copying content. It won’t copy scripts and even objects without scripts are only poorly copied. No scripts also means no bling, no AO etc. Also read this post about what it is exactly able to do or not.


I understand the worries of the content creators esp. when they make a living out of it. But I’d also first wait to see how much copying really will be done. Additionally there needs to be some social and eventually legal pressure on them to stop such practices.
What I would not like is the banning of Open Source projects such as libsecondlife. Those projects help to push the platform to a new future and eventually could even replace the existing Second Life platform with all the stuff you possibly want in it. This is admittedly not very likely but if it helps to spot security holes or even enable me to save my content externally or provide similar servies then this is a good thing. And helping the platform in general is most likely also the reason why Linden Lab is embracing it.

Also note that copying always was possible and always will be. It’s the same as in RL and the same methods for fighting this apply (branding and legal action).

So please calm down, open your shops again (before other people will step into your spots and make use of that opportunity), do cool stuff and help to keep Second Life as open as possible (in fact it is not very open but that’s a different topic ;-) ).

Technorati Tags: , , , , , , , , ,

About these ads



15 responses

15 11 2006
Nobody Fugazi (aka Taran Rampersad)

Tao, this is a blessedly informative post. I had the high level concepts, but you fleshed in a few details for me.’d for good measure so I can find it as a reference. Thanks!

15 11 2006

BTW, per the DRM discussion…. there is not a limit on iPods authorization. You can sync as many as you want. You are only limited to five “computers.” And, if you replaced your computers to go over the five limit, you can reauthorize all five computer slots including both old and new computers as you please.

15 11 2006
Second Life Italia Blog » Blog Archive » Allarme Copybot: l’avatar nell’epoca della sua riproducibilita’ tecnica

[...] Le repository di lavoro di libsecondlife sono pubbliche, e un software che permette il tipo di copia descritto era gia’ in uso presso sviluppatori e costruttori per effettuare copie di complesse costruzioni o raccolte di oggetti: ma recentemente e’ stato messo in vendita su web, presso, con il nome di Copybot (verificare: al prezzo di L$ 3000 – circa 10 dollari statunitensi). Creatore dell’oggetto e responsabile della sua potenziale diffusione: Prim Revolution, un avatar creato in quello stesso giorno, su cui non si hanno informazioni. Anche in-world, a Manitoba, e’ stato messo temporaneamente in vendita. Copybot ha suscitato timori, proteste e allarmismi – in certi casi, chiusura di locali o interi sim. A fare notizia per ora non ci sono pero’ clamorose duplicazioni ma piuttosto rimostranze, dirette talvolta impropriamente contro gli sviluppatori, anziche’ contro gli autori di copie effettuate in violazione di copyright, o addirittura a tutti i membri del gruppo libsecondlife. Chi scrive, pur non sapendo programmare, e’ entrato a farne parte come osservatore qualche tempo fa. Se rilevato, l’utilizzo di Copybot per effettuare copie non consentite all’interno di Second Life verra’ trattato da Linden Labs come una violazione dei termini del servizio, che potrebbe quindi procedere bannando l’account del responsabile. Questo e’ un provvedimento temporaneo, secondo Linden Labs, che ha preannunciato per il 2007 una strategia riguardo la gestione dei diritti in Second Life, che include tra l’altro un’interessante integrazione con le licenze libere Creative Commons, sistemi piu’ complessi per la valutazione della reputazione e nuovi strumenti con cui i giocatori e le loro comunita’ possano decidere come gestire le violazioni dei loro diritti. [...]

15 11 2006

Ok, TP, then I was mistaken on that one.. But nevertheless I cannot play them on other devices.. I might also have a problem should Apple go out of business.

15 11 2006

Well, in my opinion most of the shop holders in sl will learn to keep prices a bit more reasonable and maybe to consider customers in the correct way.
I don’t have copybot (I’m sorry I learnt about it only when illegal) but if I got it I’ve used to duplicate some of the most expensive items I got in sl, just to keep the original safe. I don’t think it is illegal. I recently had problems if 2 objects I lost and creators, when contacted told me “it’s not my problem”.
I don’t care if someone looses business, I care that they learn to respect customers because their money comes from them

16 11 2006
Aren Mandala

Fantastic post – great explanation!

16 11 2006
Atom Lahtoh

Here’s a good example:
Microsoft shut down MSN Music, in favor of their new Zune brand. Unfortunately they didn’t feel it necessary to create a DRM conversion for purchased MSN Music files and don’t plan on it. So you have to rebuy all of the tracks — from the same company.

16 11 2006
Szabo Horn


Informative post but your conclusion betrays a lack of compassion for those who build. I make furniture. A tremendous amount of work goes into each design, something like 20 hours of crafting. I take great pride in the results, there is really is a piece of me in each one. So I don’t take any comfort in your releax it is the future prediciton. If I cannot have protection why would I make things for SL? You say the same is true in RL. It is for some items but try to make a copy of sofa sometime. Kinda hard huh?

16 11 2006
Menno ophelia

Great post Tao!!

16 11 2006
Copyrights and Content Creation in Second Life « Barney Boomslang

[...] Click the link for some quite reasonable comment on copyright with regard to second life. And Moriash Moreau notices the bad effects the current panic reactions have on the mainland. And Tao Takashi puts in a calm and reasonable opinion, too. [...]

16 11 2006
Gwyn's Home

Learning the lesson about copyrights

1.4 million users learned recently the lesson about what “copyright” really means. Or rather, they finally understood what it means for content creators who live from the royalties honestly earned through their hard labour on their own cop…

16 11 2006
Gwyneth Llewelyn

Tao, thank you very much for your very informational article on the technical and, even more important, social aspects of digital piracy. It is thanks to people like you who are willing to side-step from the hysteria and carefully explain what the issues are that we might — I’m an optimist! — educate the public to understand what the issue *is*.

Because the crowd feels cheated. They implicitly assumed that SL, as a technology, worked to protect their creations “magically”. In certain cases, this was assumed because of an implicit trust in LL’s developers to be so insanely good that they were able to create something that, say, the music and video industry, have been unable to do for decades: preventing digital copies of content shown on your computer.

The average user has no idea how a computer really works. They don’t understand the concept that “if it shows on your screen (or speakers), it can be copied”. Thus the first ones on the resident’s targets is Linden Lab — they feel cheated and claim that LL did not do their best to protect their interests.

Actually, 1) Linden Lab *is* doing their best, but they are not magicians, and can’t create a technical solution to a problem that is impossible (the only way to prevent digital content in SL to be copied is to shut down the grid!) and 2) Linden Lab did *never* claim superhuman abilities to be able to protect digital content — all they do is respect owner’s copyrights through *legal* mechanisms. It would be insane to claim that there exist *technical* mechanisms to prevent copyright fraud. If they did exist, the RIAA would have solved their issues decades ago…

The next target are the researchers (in this case, people working with the endorsement of Linden Lab to document the Second Life Protocol that enables client/server communication, and supply tools to work with these). This can be seen as the high-tech, “ivory tower” lab people, working on things so advanced and so detailed that nobody beyond their circle really understands what they’re doing — and thus, the streak of Luddism on the average person will quickly surface to the top. This is not different from the hordes of ecoterrorists who routinely wreck havoc out of high-tech labs in biotechnology. In several cases, the targets are companies working on the cure for cancer, AIDS, or genetic diseases. They work on animals and sometimes human material; by destroying all their work, they set back the hope for a cure for decades. A good example is cystic fibrosis (, which affects 1-2% of the human population, and it could already have been erradicated easily if the ecoterrorists didn’t routinely destroy the labs where this is being researched.

This is a common Luddite approach to new technology — people fearing the consequences of advanced research, which might bring solutions in the near future (ie. cure for cancer; an open-source SL client) but may suffer unintended results in the short term (mice and human material get destroyed in the labs; digital fraud). Failing to explain the purpose of this kind of research will postpone an advancement of technology that will enable us to have a better experience in the future, in exchange for a short-term peace of mind.

Scientists all over the world struggle with ethical dilemmas every day, and the governments supporting their efforts also have a horrible time explaining their own population why it is important to continue that research. This is definitely not “unique” to Linden Lab’s Second Life.

The third target, of course, are the exploiters. Naturally enough, it’s to be expected that the creative community will single these out and force LL to ban them. Still, we all know that these people are naturally alts, created just for the purpose of doing the exploits. I’m not against alts myself — I have a few to do permissions debugging, always a tricky area in SL — and respect the others “need” for alts (eg. rental facilities needing more groups or more tier, or simply role-playing opportunities). But it naturally makes things so more easier for the culprits. And people’s anger will be targeted — once more — to anyone having alts, and on LL for *allowing* alts to exist. Both extremes are worthless. If alts are banned, only criminals will have alts. That’s easy to explain and is exactly the same example you gave above:

If the libsecondlife project is banned, only griefers and crackers will have access to those tools. This is something that most people fail to understand: forbidding technology means that the only the criminals will have access to it. Because they always did, and always will have.

There is even another side-effect: by closing down libsecondlife, which is a peer-reviewed open source project, exploits used by criminals/griefers/crackers will only be identified by a very small number of experts — namely, LL’s developers. libsecondlife, being open source and open to *all* programmers, allows these exploits to be found, and quickly and efficiently dealt with. It’s completely different to submit a bug report to LL or a *complete solution to a bug, fully documented, with source code* to LL for them to fix it. The latter is what libsecondlife will be able to do — in fact, has already done often in the past, it just never deserved the attention of the public. And what the public doesn’t know, they can’t understand.

So we need definitely to educate people. Some comments made from a few elements of the libsecondlife core team did also not help much; on one side, they presented themselves publicly as valid, honest, ethical researchers. On the other hand, in “internal” chats published elsewhere, they used irony and sarcasm which can be misinterpreted by others as being “what they’re thinking about”. That’s the worrying aspect of the “Big Brother”-type of society where everything you say is stored somewhere — it’ll be hard to explain “sarcasm”, “irony”, or “a joke in bad taste” when you’re confronted with what you said ages ago. Still, people will have to deal with this as well. Scientists all over the world have PR teams to try to explain to the public what they are really doing and how it will benefit us.

The fourth issue is far more worrying to me: it’s the witch-hunting. Sites have been popping up left and right, as well as notecard-based lists, or IM group chats and notices, warning everybody to “ban this avatar, for she’s a known copybotter”. This will increase dramatically in the next few days. Everyone even mildly associated with copybot, libsecondlife, or — who knows! — open source software might get into ONE of those lists. Since this is “mob rule”, the mob is impossible to argue with — once you’re in that list, you very likely won’t get out of it. Ever again.

People used to mail servers blacklisting your ISP know what I’m talking about. If one person from AOL starts spamming the whole of the Internet, AOL gets on a blacklist — thus preventing *all* users of AOL to send their legitimate emails. This happens every day, and it’s a mess to sort it out — AOL has to “prove” that they have indeed identified the culprit and banned them, and only them, slowly, the blacklists tend to disappear. Put into another words: on self-regulatory, mob-based behaviour, it’s far easier to get blacklisted (which can happen almost immediately) than to be able to prove your innocence.

And to make matters worse: Linden Lab, in a desperate attempt to appease the masses and control the hysteria, is moving swiftly. Just get them an email of a SUSPECTED copybotter (or CopyBot/libsecondlife supporter), and they’ll ban you. Temporarily, “for verification purposes” — which can take months or years, especially now that the number of ARs will certainly increase exponentially.

What this means, Tao, is that both you and me — who have been patiently trying to explain what the issue is about (it’s a legal/social one, not a technical one) — might one of this days be the target of a furious content provider. They’ll ask LL to verify our inventory to see if we have any item created by, say, Adam Zaius, or Baba Yamamoto, or Eddy Stryker, or whomever has been working with libsecondlife. And you might be unlucky and get Random Linden (who just joined SL yesterday and never was in-world before becoming a Liaison) simply to ban you — without notice — and send an email to the one pressing the charges and say “Don’t worry, Nice Avatar, evil Tao and Gwyn have been banned for SL forever and you can log in safely again”. But “Nice Avatar” can simply be an alt, created for the purpose of getting us both banned… and now things get complex, as Robin and Philip and others don’t have a clear system of appeals to see who has been banned illegitimately without the right to defend themselves publicly. Or, even if they set one up on the spot, this will be way hard to deal with, in the middle of tens of thousands of pending processes.

So we might very much fall into a downward spiral of witch-hunting and McCarthyism. As a content creator myself, and thus with a few items that could now be easily duplicated, I worry far more about McCarthyism than loss of sales. Because people can duplicate my content but not my *mind* or even my reputation — but all it takes is an alt to forge a case against me, AR me, and I’ll be out of Second Life in minutes.

For reflection, I’d like to suggest what the worse scenario is — a world just like the real world, where digital fraud happens every day; or a world where witch-hunting will be able to shut you out of SL completely without the right to appeal. As said, having lived under a dictatorship in my country, I know what is the worst of both scenarios — but the vast majority of the users in Second Life don’t. For them, preventing digital fraud *at all costs* is far more important than ensuring proper legal process, fair trials, the assumption of innocence until proven guilty, and the right to appeal.

17 11 2006

ive just copied your website and blog. im offering it on my site for advertising revenues i get. i expect a famous name like yours will generate at least 5000.00 for me this month. thanks.

doing this was so much easier than even using copybot, thanks,


17 11 2006

DRM means trusting nobody and it mostly affects your customer but not the ones who copy your stuff. They have a DRM-free version. Go to a filesharing site and you won’t see any DRM. And all the music is available nevertheless. Thus IMHO it does not make sense to start racing against hackers as the only one suffering would be your customers.

—oh, ive also changed all you thoughts to the exact opposite, since its easy to do in html.

so now your making me money and your “role” as “pundit” will work in opposite effect to “your” intentions.. glad to see you have no problems with that:)

see you in san trope


29 11 2006 » Blog Archive » Latest news

[...] But there’s little technically that Linden Lab can do to stop the copying, points out Programmer Tao Takashi. Encryption and digital rights management aren’t good options, since they’re easy to crack and annoy users. At Theory.isthereason, graduate student Kevin Lim says the whole Copybot episode reminds him of Star Trek’s replicator, which destroyed the Federation’s capitalist economy by making physical goods endlessly available. A scary thought – but Second Life’s creative traders will surely find a way to live long and prosper, no matter what. [...]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: