CopyBot Is Here To Stay

Understandably, there’s lots of talk about it and how should it be dealt with. Let me explain why it’s here to stay, and not fully fixable in any way.

First of all, the fundamental problem is that to display something in SL you need to transmit all the required data to display it. The sim needs to send you all the prims the thing is made of, all the parameters applied to it (size, shear, etc), and all the visible textures it has. Once you have this data you can automatically duplicate it by sending the commands required to build it to the server.

This isn’t possible to solve, at all. It’s not any more possible than making a song that can’t be taped. If the sound is played somewhere, that’s all that’s needed to record and later replay it. The same way, once you see somebody’s building or avatar in SL you already got all that’s needed to clone it, prim by prim.

Why it can’t be stopped

Lots of people suggested various ways of dealing with this. Here’s why they won’t work:


This solution seems to involve encrypting something as to make things not duplicable. This can’t be done. Encryption only works against an eavesdropper, and is completely useless against one of the parties in the conversation. As an example, good use of encryption can stop a third party from eavesdropping to your phone call. Nothing at all can prevent the person you’re calling from taping it. At the endpoints the data will always have to exist in its decrypted form for it to be useful to humans, and you can always copy that.

Protect the client

This suggestion involves SL refusing to work if you’re running something unauthorized. This won’t work just because the official SL client isn’t needed, they made their own. Thus, the users of it don’t have to even have the official executable, so they can directly avoid any “protection” it might bring with it.

Change the protocol

Make the CopyBot break by periodically changing how the client talks to the grid. This, at best, turns it into a competition. It’s also impractical. Making large enough changes to the protocol is hard, as trivial changes will be easily figured out. This means LL’s programmers would have to work on this constantly. This was already tried by several IM providers (such as Yahoo, I think) and the result was that the creators of third party clients would come up with a fix a couple of days later.

Sue the creators, ban them, take the site down

Well, first of all, there’s really not much to sue them for. You can’t sue them for copyright infringement because CopyBot is itself just a tool. Also, forbidding reverse-engineering may be irrelevant depending on where the creators are, as for example in Europe, reverse engineering for interoperability is allowed.

Even assuming you could take the whole thing down, it’s open source. I’ve got a copy of it here right now. That wouldn’t take it away, and wouldn’t stop from people continuing to work on it underground.

It’s also very impractical to sue or ban everybody using it, due to unverified accounts.


Not a solution per se, but some people seem to think that by raising hell LL will be forced to do something. And of course they will, but they won’t be able to fix it because this isn’t any more fixable than water can be made not wet.

I’d recommend against this, as LL is already perfectly aware of what’s going on, almost certainly knew this would happen eventually, and there’s no way for them to prevent it, so it’s useless and counterproductive to try to force them.

Liden Lab’s solutions

LL already found about this, and this is what they plan to do about it.

You may have heard us talk about “first use metadata”, that is a time stamp that is attached to your creations, including uploaded textures, that shows first use.

I’m not very sure how this is supposed to work, as cloning should result in a copy that’s “original” by the person doing the cloning.

We could work to reduce how much avatar/clothing data is downloaded, so that a copy can be made of the baked texture and shape but not the pieces. We’re interested in your thoughts on that option.

Sounds like a good thing, although it doesn’t sound like it’ll stop object cloning. I also wonder what the effect on modifiable avatars will be.

We can reduce incentives to copying content within the system, by preserving the creator attribution such as with creative commons licensing.

How will they do that, I wonder? Any metadata such as the original creator attached to prims could be simply ignored. Textures could be watermarked, though.

We could create hover text which would act like a garment label does, exposing both the first use metadata and also a brand name, reducing the incentive to copy by making it obvious that copying is occurring. If your work is “signed”, and clearly you developed it first, then the person who purchases the copy is not unlike the person who buys the fake Rolex off the back of a truck. Plus the signature becomes a recognizable asset and could be coupled with a landmark as a form of advertising.

This is certainly a nice idea, but again I have to wonder how will they do that. For this to work properly the metadata would be have to be duplicated along with the prim. How will they avoid people using their own metadata, so that they appear to be the original creators, or somebody else’s to shift the data to somebody completely unrelated?

I have to say that I have no idea how they plan to pull that one off, but if they somehow manage, I think it’s very much in the right direction.

My thoughts

Now, my personal opinion. As it should be quite clear already, I think this isn’t going away. The cat’s out of the bag, and we all have to get used to it. That’s not to say that nothing at all can be done about it, but there are no definitive solutions, and there are going to be changes.

Nevertheless, I don’t think the sky is falling just yet. This was going to eventually happen, and nobody can prevent it from happening. Any SL equivalent will have exactly the same problem. So what to do about it?

Make things that can’t be duplicated

Yes, really. Scripts can’t be cloned, or at least there’s no good reason for it being possible, so if they can be then that won’t last long. So people selling heavily scripted objects are probably not in an imminent danger. Of course I realize that this doesn’t help builders and avatar makers in the slightest. They’re in a quite nasty situation.

Add a “proof of authenticity”

LL already suggested that, although I’m not sure how’s that going to work. Guess we’ll have to see. Meanwhile, it’s possible to use the current facilities available to make a script that proves that an object is original, so long the script isn’t copied. It’s also possible to make “verifier” objects that could be freely given out so that anybody could check the genuineness of something without compromising the system.

This has its problems, and doesn’t fix the actual issue, but it may be a start. I’ll elaborate in detail later how to do this, but for the technically minded ones, my idea is to use CRAM-MD5 to prove that a script in the object knows a secret word without disclosing it.

Blacklist infringers

Let me start with saying that I’m biased here, as I work on something that could be used to implement it. Nevertheless, if authenticity can be verified, infringers could be put on some sort of black list, as a way to try to force them to pay.

I’m not very sure how well this would work in practice. Perhaps by pointing out in public people whose avatars are cloned could make it shameful enough that most people would not do that.

Any other ideas?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: