Security Focus had an article yesterday about the virus attack that hit Second Life last Sunday. Apparently, this was a self-replicating exploit of the ability to create objects in SL, which bogged down servers.
A few years ago in a fit of mental masturbation, some colleagues and I postulated an online environment incorporating elements of Neal Stevenson’s Metaverse, Freenet, grid computing, various virtual currency incarnations such as e-gold, and various obfuscation, security and communications technologies. Underlying the concept was the nature of a computer; a processor, a bus and storage. And if you combine distributed computing, distributed storage and the Internet, voilĂ , a big computer.
With this in mind, the idea was basically to create a totally non-judgmental, uncontrolled secure and anoymous failure-resistant platform for online transactions — for legitimate business, tax evaders, kiddie pornographers, whoever. However, the parallel with the Metaverse doesn’t just stop at its distributed nature. Given the seemingly rising trend in attacks hitting MMORPGs and online communities, the villain Raven’s actual “Snow Crash” virus in Neal Stevenson’s book is something I can see being prototypical for a pretty big problem.
Picture this: just like with telephones and the Internet, commerce will adopt any new medium as a functional part of its business technology. So let’s say you have a totally decentralized, purely reputation-based, entirely secure transactions network of the sort that we’re postulating. For argument’s sake, let’s assume someone figures out how to exploit weaknesses in some of the protocols and/or client software used by participants in this kind of environment.
Given that the idea is to create a generally lawless state (i.e. not run by a company or controlled by a government agency, but designed to allow a green field for pure commerce), someone _will_ figure out a way to grief — be it for reasons of gain, sabotage, or pure vandalism. How do you respond to this? You have no recourse to Linden Labs, WIPO or the FBI. A community at large may not be sympathetic to, say, a Citibank under concentrated attack, and even then the response may be slow and ineffective.
A solution that comes to mind are variations on William Gibson’s “Black ICE” (i.e. the sort of strikeback capability that’s often poo-pooed and illegal in the real world.) However, in most virtual communities, there’s not enough of a “pay to play” mechanism to make vandals fear retribution, that they might lose their investment, and even if such a thing existed, there’s too much room for abuse (remember, who controls this? Even if there is a governing body, do you trust them?)
Just some thoughts.
Recent Comments