Virtual World (In)Security
I happened across a Wired article yesterday entitled “Spies Want a Second Life of Their Own“. Long story short: some intelligence agencies (which seem to be multiplying; a new one is mentioned in the article) want a virtual world but can’t use Second Life because it’s insecure, and because they want to be able to “roll back” the conversation to see what led them to the conclusions they’ve drawn so far.
What was interesting about it was that they were talking about rolling back blog posts, emails, social network connections and all sorts of things. None of that has anything to do with virtual worlds directly (well, except in ProtoSphere’s case where it’s integrated, and Kaneva to a lesser extent) but, interestingly enough, there wasn’t a distinction made.
Yesterday I had mentioned a popular misconception about virtual worlds perpetuated by their fans (that Second Life can do anything), and now here’s another: that virtual worlds don’t have to be 3D environments. Guys, seriously, they do. Let’s not extend the metaphor so far that it loses meaning just so that we can congratulate ourselves for being lateral thinkers. Facebook, Myspace, and Weblo are not virtual worlds no matter how many elaborate and clever arguments are made to the contrary.
… but I digress…
What I found really strange here was that they didn’t talk about Forterra’s OLIVE. It was completely baffling. Not only are communications on the platform encrypted, but you can actually “replay” 3D interactions and watch them from different camera angles or points of view. It’s perfect for what they need it to do.
Instead, they’re looking at taking their Myspace clone (called A-Space, here’s an overview) and tacking on a 3D environment built from scratch called “A-SpaceX”. Yikes.
There are a couple of concerns here. First, security in a 3D environment is not easy. There’s a reason that very few platforms offer any kind of security guarantees in the first place. We’re talking about a lot of network traffic that has to travel quickly to be useful. Keeping that secure is something programmers often overlook when trying to get things working right.
Of even greater concern here is that you will always have security gaps if you add major components after the fact. The only way to make sure that communication between the 3D environment and 2D webspace is secure is to have an expert in the 3D space make sure it’s all compliant with web security standards. If you’re inventing something from scratch, there are no experts.
July 6th, 2008 at 7:01 am
I completely agree with the point about virtual worlds having to be 3D, they really do. Otherwise it’s just a social networking site and we all know that there are plenty of them already.
August 2nd, 2008 at 7:23 pm
Thanks !