Silencing the Voice of God

Yesterday I had a lot of fun tracking down a spammer.

Sesh Kamachi IMed the Linux group asking how to find a location of an object that keep spamming messages. I gave him a tool I made for the purpose, which shows the last speaker’s name, owner (if it’s an object) and location. Sesh reported that this didn’t work, so I came there to check it out myself.

My theory was that perhaps this was some object he owned that used llOwnerSay. Just in case, I decided to hang around for a while. Finally I got the message:

[2007/08/08 17:51] VoG: Very early in the morning, the chief priests, with the elders, the teachers of the law and the whole Sanhedrin, reached a decision. They bound Jesus, led him away and handed him over to Pilate.”Are you the king of the Jews?” asked Pilate.”Yes, it is as you say,” Jesus replied. The chief priests accused him of many things. So again Pilate asked him, “Aren’t you going to answer? See how many things they are accusing you of.” But Jesus still made no reply, and Pilate was amazed. Now it was the custom at the Feast to release a prisoner whom the people requested. A man called Barabbas was in prison with the insurrectionists who had committed murder in the uprising. The crowd came up and asked Pilate to do for them what he usually did. “Do you want me to release to you the king of the Jews?” asked Pilate,knowing it was out of envy that the chief priests had handed Jesus over to him. But the chief priests stirred up the crowd to have Pilate release Barabbas instead. “What shall I do, then, with the one you call the

Turns out, this thing sends IMs to a list of avatars (I’m so lucky that they added me to it!), so objects listening for chat can’t hear it. There’s no good way of tracking this down with the standard tools or any scripts residents have available (though Lindens can). Fortunately, Linden Labs released the source to the viewer, and that makes it possible to do some really useful changes to the viewer.

From here there will be technical details on the SL Viewer code, but I’ll try to keep it understandable.

The function that processes IM messages in the viewer’s code is called process_improved_im and is located in the llviewermessage.cpp file. This function decodes the message from the grid with the IM data, and does what’s needed to show it to the user. Turns out, there is a lot of useful info in there that the user never sees. Here’s a part of it:


//XUI:translate - need to fix the full name to first/last
msg->getUUIDFast(_PREHASH_AgentData, _PREHASH_AgentID, from_id);
msg->getBOOLFast(_PREHASH_MessageBlock, _PREHASH_FromGroup, from_group);
msg->getUUIDFast(_PREHASH_MessageBlock, _PREHASH_ToAgentID, to_id);
msg->getU8Fast( _PREHASH_MessageBlock, _PREHASH_Offline, offline);
msg->getU8Fast( _PREHASH_MessageBlock, _PREHASH_Dialog, d);
msg->getUUIDFast(_PREHASH_MessageBlock, _PREHASH_ID, session_id);
msg->getU32Fast( _PREHASH_MessageBlock, _PREHASH_Timestamp, t);
//msg->getData("MessageBlock", "Count", &count);
msg->getStringFast(_PREHASH_MessageBlock, _PREHASH_FromAgentName, DB_FULL_NAME_BUF_SIZE, name);
msg->getStringFast(_PREHASH_MessageBlock, _PREHASH_Message, DB_IM_MSG_BUF_SIZE, message);
msg->getU32Fast(_PREHASH_MessageBlock, _PREHASH_ParentEstateID, parent_estate_id);
msg->getUUIDFast(_PREHASH_MessageBlock, _PREHASH_RegionID, region_id);
msg->getVector3Fast(_PREHASH_MessageBlock, _PREHASH_Position, position);
msg->getBinaryDataFast( _PREHASH_MessageBlock, _PREHASH_BinaryBucket, binary_bucket, 0, 0, MTUBYTES);
binary_bucket_size = msg->getSizeFast(_PREHASH_MessageBlock, _PREHASH_BinaryBucket);
EInstantMessage dialog = (EInstantMessage)d;
time_t timestamp = (time_t)t;

This code is the part of the function that reads the data stored in the message sent from the grid. There are some very useful things in there: from_id is actually the key of the avatar speaking. For objects, it’s the key of the owner, not the object’s own key. This already allows figuring out who is the spammer.

The position variable holds the coordinates of the speaker. This is very useful, now I can go right to the source and take a look at it. I added some code to dump this data to the log:


llinfos << "IM: from " << from_id << ": " << message << llendl;
llinfos << "Agent name: " << name << llendl;
llinfos << "Group: " << from_group << llendl;
llinfos << "Position: " << position << llendl;

I logged back into SL with the updated viewer and waited. I got another IM, which gave me the coordinates. I went there but failed to find anything. Then I realized that the spamming object wasn’t even in the same sim as I. Fortunately there’s another useful bit of data in there, region_id. This holds the ID of the sim the speaker is in. A slight problem is that this contains a key, which is a number identifying the sim, but there doesn’t seem to be any way to convert this into the sim’s name.

Something that helped here is that the viewer gets both the sim’s key and name as it moves from one to another. So it was easy enough to log both the speaker’s sim’s ID and the one I was in, and compare. It also helped a lot that the object happened to be in a nearby sim, as otherwise locating it would have been more challenging. I added some more code for dumping this info:


llinfos << "Region id: " << region_id << llendl;
llinfos << "Estate id: " << parent_estate_id << llendl;
llinfos << "Agent region: " << gAgent.getRegion()->getRegionID() << llendl;

Armed with this, I waited until I got another message. When I did, it was just the matter of checking out nearby sims, to find one with the same region ID. And indeed, the thing was right there:

Now that I had found it, I and some very annoyed residents who had been spammed for days could submit an abuse report on it.

I’m going to finish what I started and make it a feature of my viewer. The final version will be somewhat different. It’ll probably be an addition to the IM window, instead of messages dumped into the log. Meanwhile, anybody wanting to do this can just use the code in this entry, it’s really all that’s needed.

Edit: Fixed some code that apparently got broken by WordPress. Grr.

Advertisements

18 Responses to Silencing the Voice of God

  1. aEoLuS says:

    Interesting and very useful!

  2. Mako Minogue says:

    Boggles the mind as to what the moron that coded that device hoped to achieve with it…

    Thanks for the cooool detective work Dale!

    Mako

  3. MarcoJolo says:

    Nice work, and I see a few issues here.

    1. There apparently needs to be a sim2key style database akin to w-hat’s name2key.

    2. Should objects that “spam” others be “reportable” simply for sending IMs? Linden Labs restricts freedom enough as it is. Silencing is what mute is for. If it becomes difficult to silence an object, I think the better solution is better tools for users as opposed to censoring others’ thoughts, expressions, and any other penumbra within some ominous umbrella of “spam.”

  4. Dale Glass says:

    MarcoJolo:

    1. Yep, there will be. I’m on that.

    2. Well, there’s different kinds of spam, IMO. One thing is when a buggy/badly designed script keeps dumping junk on the public channel, and such. Muting here makes perfect sense.

    Things that are very intentionally set to spam everybody passing around are IMO in an entirely different category. And muting isn’t necessarily effective as everybody passing near gets spammed at least once before they can mute it.

  5. MarcoJolo says:

    2. The solution you’re putting forth places Linden Lab in the position of making the final value judgement on whether something constitutes spam.

    For example, what if instead of that religious passage, the “spam” message was important information about a security issue that was yet to be addressed by Linden Lab on its blog (“Hey, don’t rez no-copy objects on land you don’t have build permissions for. You’ll lose them. We’ve notified the Lindens and they’ll probably put something on the blog later.”). What if it was important information about health issues (“A just released study about breast cancer shows that more women are at risk than previously thought. You may want to consult a doctor…”)? Political causes? etc etc

    If the answer is to to report to Linden Lab, the solution becomes some Linden employee making some value judgement on whether health issue is important enough but a religious quote isn’t. Political cause A is ok but not political cause B. etc. This is not a good solution.

    Otherwise, it’s a Linden decision of how many lines are allowed? 2 every 60 minutes, vs 5 every 60 but each must be unique? It becomes a nightmare but at least it’s a technical solution that doesn’t involve an employee value judgement.

    But what if people want 10 lines every 60 minutes? What if people like religious quotes but not security alerts? ALL of this can be fixed without involving a Linden judgement by putting power into users, and allowing them for example to check off a box that says “don’t accept IMs from objects”, “don’t accept IMs from objects in 60 minute intervals”, “only accept IMs from objects from my friends list”, “add me to a BANLINK-style blacklisting device for known ‘spammers'”, etc etc. There are any number of technical solutions for this, even to fix some not-even-one-message rule. Let users decide for themselves. If a technical solution can fix a problem while preserving people’s freedoms, IMO that solution should be preferred.

    That first line can be very important in the case of security alerts or whatever. I do not want some Linden employee telling me, however, that resident A is allowed to send me IMs from objects but resident B can’t because he’s had too many warnings for “spamming” other residents. And I certainly don’t want other residents deciding for me through their abuse reports what messages I can receive or how many from others, even from those I’ve never even talked to before.

    In this case, a purely technical solution can both preserve freedom and user-choice as well as addressing this problem, by providing the tools to prevent becoming a recipient of unwanted “spam” in the first place, IMO.

  6. Yiffy Yaffle says:

    This sounds like a great feature. Who would have known there was more to a llInstantMessage then what we see? Thanks you. 🙂

  7. Dale Glass says:

    MarcoJolo: For your security issue, it’d be spam. LL already has a way to communicate those things to us by global notices. They can be instant and are global, unlike a script coded by some random resident which may or not be accurate, and which won’t be able to reach nearly the same amount of people. But LL obviously can do whatever they please, it’s their world after all.

    Breast cancer, political issues: spam unless I subscribed to it. If you feel like putting a banner on your land, go ahead, but I don’t want to get IMed with stuff like that when I’m nowhere nearby. Guaranteed AR if you IM me with that out of the blue, without me knowing who you are.

    Spam has a very simple definition: Mass sent, unsolicited messages. If I subscribe to security alerts, it’s not spam. If I subscribe to a religious quote service, it’s not spam. If I use a vendor and it sends me an IM to give me information about my purchase, or when an update is available, it’s not spam. If you send me any of that without me having requested it by getting my key from a list somewhere, then it’s spam and gets ARed.

    Only two criteria apply: Is it send en masse? And is it unsolicited? If the answer to both questions is “yes” then it’s spam.

  8. MarcoJolo says:

    “Breast cancer, political issues: spam unless I subscribed to it. If you feel like putting a banner on your land, go ahead, but I don’t want to get IMed with stuff like that when I’m nowhere nearby. Guaranteed AR if you IM me with that out of the blue, without me knowing who you are.”

    And I would consider none of those things spam, even if unsolicited and even if more people than me received it, which I think is the entire point. People have different definitions, and mine certainly differs. One important thing to remember is that if someone is successfully reported for this kind of thing, it affects more than just the reporter. It affects that person and every other potential recipient, not just those who would feel “spammed”. You may think you’re doing a public service (but I would disagree) or you may simply want to authoritatively sanction the person for “spamming” some mutable text on the screen, and you’re certainly entitled to that, and I appreciate that others would find them annoying.

    I have 2 questions:

    1. Do you or do you not concede that a technical solution (if implemented) could solve the entire problem for everybody including those who don’t want a single unsolicited message, and remove any need for reporting text spam?

    2. As someone who works client code as you’ve shown in this article, what led you to go out of your way to report the person rather than implement such a solution?

  9. Dale Glass says:

    MarcoJolo:

    1. No. A technical solution is not possible, since something sending a single IM to everybody in SL would be still spam, yet impossible to ignore. You’d need to get the IM first to know what to ignore, by which point it’d be too late. The only possible solution to this is mandatory opt-in to get IMs at all, which is impractical. Next round of IMs would of course come from a different object, evading the mute.

    2. See 1, a technical solution isn’t possible. If there was a technical solution, why do all my mail accounts keep getting spam? Much smarter people than you and I tried to get rid of it, yet it’s still there.

  10. MarcoJolo says:

    1. You mean that it’s a more practical solution or somehow an otherwise practical alternative for a subset of ~140 Linden Labs employees (according to USA Today 2/07) monitoring potential “spam” abuse reports from a subset of ~500,000 active users (7/07 stats), creating who knows how many lines of LSL source, especially in a world where throwaway unverified signups (which can be possibly be automated through the registration API) have access to the same scripting tools? And all these numbers are continuously increasing and growing at faster rates than Linden Lab employee counts. Responding to abuse reports, at least one living, breathing employee would have to look at the object and make a decision. If it’s not readily apparent whether the object sends something “en masse” or just to a few people, or whether the object sends “en masse” but keeps an internal “mailing” list and only sends to people who request it. Then the only proper solution would be to have a subset of the 28 engineers (USA Today) or whoever, who actually understand LSL (but probably have better things to do) and determine whether it really does fit the criteria for “spam”. Do you believe is more scalable this way and therefore more practical?

    So what is going to happen is what has been happening with other types of reports today: only responding when many people report the same issue, and either not bothering to look into the report at all, giving a perfunctory glance (both choices due to volume), or making a value judgments that are probably not based entirely on the validity of the report (such as because of volume or inability to determine how the source works without bothering an engineer every time a report comes up, or other factors), or whatever.

    For an example of another factor that makes “spam” indeterminable: imagine an object that asks an external database of consenting avatars whether residents within its vicinity should receive a message. A Linden Lab employee won’t be able to tell if the object really did have that resident’s name in the database, whether that resident signed up voluntarily or without knowing, and will that employee will have to make some value judgment on who to trust. Organized fraudulent reports could shut down legitimate services in other areas, this one included. All of this happens enough as it is already.

    One thing that should not be forgotten in all of this: people wouldn’t send “spam” unless it worked. For all those who cringe and immediately delete incoming email “spam” or trashes snail mail “spam”, there is a group that purchases the advertisements, or cherishes the quotes or whatever, sizeable enough to make the endeavor worthwhile. I believe they have as much of a right to receive information unsolicited as others have the opposite.

    2. And in those cases, there are likely dedicated groups of people whose main job it is to fight “spam” and where I would imagine keyword algorithms are far easier to employ, less taxing of servers (whereas trying to implement a working solution on real-time conversations is probably not viable). But there is an *enormous* difference between avatar instant messages and email, aside from the fact that it is easier to get a throwaway email account and wordwide email communications are in much higher volume than IMs in SL. I think that to say technical IM solutions are impractical because technical email solutions is impractical is missing the mark. I want to challenge the idea that it is impractical.

    Unlike email, avatars are not expendable in the sense that there can be a high social value associated with an avatar’s identity. Once that avatar’s objects are muted by someone, it’s difficult to remove the mute. That same is true with bans. Another account can be created, just like for email, but then the issue comes back down to: which is more practical, having a Linden Lab employee determine the new account’s “spam” status, or having a more powerful client.

    I will take the point that in every circumstance it is not possible to determine whether you really want a message (otherwise there could be a test for recent interactions with the object, the object’s owner/group, friends list, etc). It’s certainly not possible to tell whether you are going to be happy when you receive it either

    (which I assume is what you want because for determining spam, first you said “If you send me any of that without me having requested it”, and now you say “You’d need to get the IM first to know what to ignore.” Well, if you weren’t expecting it, then you didn’t want to see it. Why would you need to see the IM first to determine that?).

    Well, if you are walking in someone else’s mall, an object tells you Buy Stuff! You didn’t request it and probably didn’t expect it. Everybody else in the group you’re with got the same message , so it appears to be en masse. Should it be reported for “spam”? You might say, well, I was on their land, and it’s a store, I guess it’s not. Or maybe it was en masse, it was unsolicited, it should be removed and expelled from SL forever and the owner the object should be sanctioned (which is what a successful report would entail). It requires a value judgment by somebody and ultimately you want that somebody to be a random Linden Lab employee, not each individual who sees it to decide for themselves. You’re entitled to that, so we’ll just have to disagree with how we want our SL’s to be “lived”.

    And since I did agree that every possible IM can not be distinguished from what residents like to see and what they don’t (though I still maintain the practicality of it, given different interactivity tests, on the whole with a tradoff of occasional false negatives, and certainly more scalable than the Linden-run alternative), I’ll conclude by saying that although you addressed opt-in, you did not address opt-out (based on something meaningful like object owner, not object name), which I see as no less practical than a banlink or even trustnet, which you advocate. I will lastly reiterate my own point of view that it is preferable to have individual per-resident solutions that do not interfere with others’ freedoms, than to unnecessarily abdicate our own value judgments to another authority and have those judgments forcibly imposed on others.

  11. Dale Glass says:

    You mean that it’s a more practical solution or somehow an otherwise practical alternative for a subset of ~140 Linden Labs employees (according to USA Today 2/07) monitoring potential “spam” abuse reports from a subset of ~500,000 active users (7/07 stats)

    First, there are more authorities in SL than LL. If the land was owned by somebody else, I’d just complain to the landlord. Perfectly scalable solution, no need to involve SL at all, and I’ll probably get more of the landlord’s time than of LL’s, since indeed they have plenty things to do these days.

    One thing that should not be forgotten in all of this: people wouldn’t send “spam” unless it worked. For all those who cringe and immediately delete incoming email “spam” or trashes snail mail “spam”, there is a group that purchases the advertisements, or cherishes the quotes or whatever, sizeable enough to make the endeavor worthwhile. I believe they have as much of a right to receive information unsolicited as others have the opposite.

    Ahh, fundamental issue. Yes, spam is sent because it works. Then, the solution to it is to make it not work, by bringing down those who send it, quickly and efficiently. And sorry, I don’t give a damn about the tiny group who likes it. If they like it, then can go and subscribe to it. It’s a smaller burden to get the 1% or 2% who is interested to subscribe than to have the 98% wasting their time to get rid of it.

    Well, if you weren’t expecting it, then you didn’t want to see it. Why would you need to see the IM first to determine that?

    Err, it’s very simple. To block spam from you, I first need to know who to block. And I can’t know it’s you who needs blocking until you actually spam me, by which point it’s too late.

    Should it be reported for “spam”? You might say, well, I was on their land, and it’s a store, I guess it’s not.

    Well, duh. Of course not. It’s your land, you’re free to plaster it with ads if you want (so long landlord if any is fine with it of course). Now when I’m not on your land and haven’t asked for any sort of service, is when I don’t want to get any ads from you.

    I’ll conclude by saying that although you addressed opt-in, you did not address opt-out (based on something meaningful like object owner, not object name)

    Oh yeah, that’ll work. Have you looked at the SL frontpage? If even 1% of the SL population sent me something, I’d need to spend days to opt out of all of it. No thanks. And you can’t disagree much with this, given that the beginning of your post supports this position when you say how it’s impractical for LL to deal with it.

    Especially the part with throwaway accounts. Just what is the point in opting out of something sent by a throwaway account when it’ll never be used again anyway?

  12. Hey Dale. I could really use that client. We have had a VoG on our FairChang Estate for a while now and I just can’t find the damn thing.

    Please give me a link to the download so I can track the bugger down!

    Many many thanks

  13. MarcoJolo says:

    I was under the impression that all “spam” was reportable, but in order to reconcile this:
    “Only two criteria apply: Is it send en masse? And is it unsolicited? If the answer to both questions is “yes” then it’s spam.”

    with the mall “spam”, I see now you meant only certain kinds of “spam” is reportable. But now there are even two more criteria “when I’m not on your land and haven’t asked for any sort of service”, so I suppose now it depends on whether their land is a mall vs a house, because I assume you mean that a service is implicitly being asked for when entering a mall (which I’d probably disagree with as well). And if you’re a few meters outside the border vs a few within. And if the house doubles as the store…so many judgment calls you have to make, and I can probably guarantee everybody is going to have a different set of criteria. So your solution is to hand it to a Linden Lab employee to decide for everybody and mine is to let each of us decide for ourselves; I am personally not so upset by “a single IM” and the prospect of clicking a button that I want to silence another person from sending that message to other people and have their account sanctioned. I think we’ll probably not convince each other of the fundamental issue and just continue to have to disagree on that.

    Reporting to a landlord makes more sense and is more scalable (as long as they’re not turning around and reporting to Linden Labs after receiving the report, anyway). But the point becomes moot if the landlord says to just click ignore. Then you have 2 abuse reports to write instead of one (I guess the landlord becomes “enabler”). Either way, I concede that opt-in is not preferable when opt-out is available.

    And by opt-out I actually meant via a SpamLink, as it were (BanLink cousin). If it is practical for banning throwaway avatar accounts, it must be practical to muting their objects preemptively (and you now know owner’s key is already sent with the message data, so no protocol changes are even required).

  14. IntLibber Brautigan says:

    MarcoJolo: Heres a rule for your excuses about what constitutes spam: If its originating from an object not in my sim, then its spam, unless I own the object or have specifically opted into its services. If its in my sims, not owned by me, it is still spam if I didn’t opt into it.

    Free speech only constitutes your right to speak. You have no right to force others to listen…

  15. Ray13 Lowey says:

    ok i have this problem 3 days now..and today is the worse..it keeps going spamming..and i dont know how to stop it..it hides my main chat ..spamming with dirty words in green letters..i just want help how to stop it..but my english are not so good in some words and i might find difficultys..anyone can help pls search for my name in sl and explain to me what i can do to find this object and mute it..ty

  16. Ultra Pure Water Systems

    Ultra Pure Water Systems
    Ultra Pure Water SystemsWater purification system, filters, water softeners and quaility of. High content of heavy metals can cause acute or chronic toxicity to organism, affects the odour and external appearance of the water a…

  17. JeanneDilia says:

    Good afternoon I Want a lot of sex like role-playing games my nickname (Anya01)

    Copy the link and go to me… bit.ly/2wBKSBp

    8838151804428

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: