Analysis of Gemini Cybernetics CDS

Mar 25, 2010 • pcl

There have been some rumors going around about a new third-party system for Second Life. The system attempts to detect avatars using third-party clients capable of duplicating objects without the creator’s permission, and the rumors are that it uses some kind of QuickTime exploit or other nefarious means to actually examine the contents of your hard drive or otherwise invade your privacy without permission. I decided to take a quick look to see what it’s all about.

The system in question is called GEMINI CDS Ban Relay and is advertised as a simple object which detects avatars entering your sim, and uses “a team of bots with special abilities” to determine if the avatar is “harmful.” If they are, it adds them to an external database, and can optionally ban or teleport them home. Entries in the database are permanent, so if an avatar has been considered harmful once, they are always considered harmful in the future. It claims to use several frequently updated methods to detect “illegitimate” clients.

The most obvious detection method, and the only one I discovered, is a script that triggers as soon as you enter a protected sim and tells your client to load up a special media URL. Using a tool like Wireshark or ngrep, it is trivial to watch the HTTP request.

Packet Capture

Broken down, the requested URL in my case was:

http://media.syscast.net/youtube.php
  ? licensekey = KBVaQkxGH1lDVRdBWA1GVEdaTFpQF1ReWUcREU9YEFxBRgxE
  & title      = BEYeQR8TAxxOLE8eBk0T
  & licensedon = B1IAQhUG
  & tvowner    = eBVbGUdLQFxeVA%3D%3D
  & videoid    = eEJVE0xDHwxZAUQSWBJFARMJV1RTE19BWUETGBMNQg0%3D

At a glance, the values are obviously all Base64 encoded – the trailing %3Ds on the last two fields are a dead giveaway. Decoding them doesn’t produce anything human-readable, though; one online service gives me “(ZBLFYCUAXFTGZLZPT^YGOX\AFD” for the first field.

It’s easy to decode them in Ruby, where we can play with them a little more:

irb(main):002:0> CIPHERTEXT = Base64.decode64('KBVaQkxGH1lDVRdBWA1GVEdaTFpQF1ReWUcREU9YEFxBRgxE')
=> "(\025ZBLF\037YCU\027AX\rFTGZLZP\027T^YG\021\021OX\020\\AF\fD"

irb(main):003:0> CIPHERTEXT.length
=> 36

36 bytes is the same length as a UUID in canonical form, so it’s a pretty reasonable guess that this is my avatar’s UUID encrypted somehow. The only real encryption facility LSL makes available is XORing Base64-encoded strings together. XOR has an interesting property: a ⊕ b = c ⇒ a ⊕ c = b; that is, if XORing some plaintext and some key produces some ciphertext, then XORing that ciphertext and the plaintext produces the key. Let’s give it a shot:

irb(main):004:0> PLAINTEXT = 'a27b84f0-2757-4176-9579-43a181d4a5a0'
=> "a27b84f0-2757-4176-9579-43a181d4a5a0"

irb(main):007:0> CIPHERTEXT.bytes.each_with_index {|v,i| key << (v ^ PLAINTEXT[i])}; key
=> "I'm trying to replace msmtp with smt"

That was easy enough. Using the key to decode the rest of the fields, we can see what is really being sent:

http://media.syscast.net/youtube.php
  ? licensekey = a27b84f0-2757-4176-9579-43a181d4a5a0
  & title      = Masakazu Kojima
  & licensedon = Numbat
  & tvowner    = 1269399503
  & videoid    = 1e8381fe7fdf727dce67632245c8dd6e

The second field (title) turns out to be my avatar name, followed by the sim name (licensedon), a UNIX time value (tvowner), and what looks like an MD5 hash (videoid). The time value is apparently used to prevent replay attacks: it is possible to immediately replay the request exactly and get a success response, but after about 30 seconds it causes an internal server error instead.

Visiting the parcel again to get another URL shows that only the time and MD5 hash change. Tampering with the values causes an immediate error redirect, which suggests that the MD5 hash is a signature to prevent forged messages. So, even though we could encrypt arbitrary values and send them, we’d need to know how the signature is generated for them to work.

The response from the server is innocent enough:

<!--
-->
<html><head></head><body bgcolor="#7f7f7f" leftmargin="0" topmargin="0"><img src="video-background.gif" width="2000px" height="2000px" border="0px" /></body></html>

The video-background.gif file is just a transparent 1x1 GIF image:

00000000  47 49 46 38 39 61 01 00  01 00 80 00 00 7f 7f 7f  |GIF89a..........|
00000010  00 00 00 21 f9 04 00 00  00 00 00 2c 00 00 00 00  |...!.......,....|
00000020  01 00 01 00 00 02 02 44  01 00 3b                 |.......D..;|

These are the only requests that are performed. Nothing nefarious appears to be taking place. There is no evidence of any kind of exploit, or the transmission of any kind of private information. So how does the service detect “illegitimate” clients?

The magic turns out to be in the “User-Agent” request header, which identifies the client. In my case: Mozilla/5.0 (Windows; U; Windows NT 6.0; chrome://navigator/locale/navigator.properties; rv:1.8.1.21) Gecko/20090305 SecondLife/Emerald Viewer (default skin)

By using curl to replay an old request, and simply replacing “Emerald Viewer” with the name of a random client from the Onyx project (NeilLife), I was able to get the system to ban an alternate account I created. Note that this worked even though the time value was old, and the HTTP response status was a 500 error, so it would appear that the system to prevent replay attacks is broken. Looks like they’re up to at least 1 false positive, even if it’s a technicality. Also note that the actual response body did not change, so there doesn’t seem to be any kind of exploit that is only sent to users of “bad” clients.

Using the same IP address and computer, I was able to go back to the same parcel on my main account with no trouble.

Conclusions

Despite all the subterfuge, the Gemini CDS system seems to simply rely on “illegitimate” clients to identify themselves in an HTTP request. The message encryption is trivial to break, and it would seem that is only a matter of time before someone cares enough to figure out how to forge the message signature. It is trivial to avoid detection by this method, though the system may employ additional detection methods: the common way for third-party clients to identify each other is by the unique texture UUIDs they use for skin layer protection, which is passive and undetectable.

There is no evidence that the system uses any kind of exploit or other nefarious tactic. The system does not appear to record any data other than the avatar and client self-identification information.

Mom_of_3 2010-03-25 03:28:41 AM

As a mother of three, this information helped greatly. I appreciate the writer and give my thanks. Great read would read again A++++++

Probleme mit dem GEMINI CDS Ban Relay 1.9.2 -Seite 14 - SLinfo.de - Social Network Second Life 2010-03-25 11:50:01 AM

[…] […]

>:3 2010-03-25 06:36:34 AM

IIRC it identifies you as an alt using a etag on the gif image, and will still ban you if you switch to an alt and use a different client

>:3 2010-03-25 07:41:06 PM

Heh, well I guess it would make sense to add it then.

memememe 2010-03-25 03:48:11 PM

More Likely the alts are detected via IP address, which is also available in the HTTP Headers.

pcl 2010-03-25 01:12:46 PM

I get the same ETag no matter what avatar/client info I provide. Also, it’s a static file on a shared host, doesn’t have an X-Powered-By header (the script does), and matches Apache’s normal ETag generation (inode-size-mtime):

Last-Modified: Mon, 15 Mar 2010 16:31:03 GMT ETag: "18b14059-2b-481d968347fc0" Content-Length: 43

irb(main):001:0> 0x2b => 43 irb(main):002:0> Time.at(0x481d968347fc0).utc => Mon Mar 15 16:31:03 UTC 2010</code>

That said, the client does send the ETag with future requests on other accounts, so it is possible and would be kind of clever and explain why the image is there.

pcl 2010-03-25 03:53:33 PM

As mentioned in the post, I returned on an alt using the same IP and computer, and was unaffected. So I think alts just aren’t detected at all. I would be interested if someone’s experience differs.

rei hax 2010-03-25 03:35:51 AM

this was my idea

Confused >. 2010-03-26 10:29:58 PM

I have been banned on all of my names. I used an “illegal client” months ago and have had it deleted off of my system for quite some time. I would be willing to do a desktop share with you and let you watch me create a brand new alt and log in with the regular SL viewer and watch me get banned. If it doesnt detect alts and only detects people who use “illegal” viewers then why do I continue to get banned?

Qie 2010-03-26 10:25:17 AM

Very interesting. But what about viewers that don’t respond to media commands? Is that where the bots come in? Or do we now think there aren’t any bots, really?

Also, are we sure it “protects” against the same account on different IP addresses? That would seem an obvious thing to do–except that it would be absurdly easy to stuff the database with spoofed reports that every account on the grid is running a naughty viewer.

Qie 2010-03-26 12:26:34 PM

Meh. Ignore all that. I misunderstood what exactly was being replayed, so spoofing wouldn’t be easy at all. (Wish I could delete the comment now.)

Questionator 2010-03-26 08:58:01 AM

So does that mean that using a script you can add any avatar name to that ban list that you want?!

Questionator 2010-03-26 08:18:16 PM

could you not just encode other user names with the given password and add these arguments to the youtupe.php?

Tweets that mention Analysis of Gemini Cybernetics CDS « try all your chance -- Topsy.com 2010-03-26 02:22:19 AM

[…] This post was mentioned on Twitter by Maggie Leber, Tony Agudo. Tony Agudo said: A technical analysis of Gemini CDS: http://blog.pclewis.com/2010/03/analysis-of-gemini-cybernetics-cds/ […]

pcl 2010-03-26 02:51:08 PM

It would appear so, but only if you were able to forge the message signature (videoid). The signature could be something simple like llMD5String(SECRET + uuid + avatar + sim, time), or it may not even be an MD5 hash at all. You would also need to control the User-Agent header, so it would not be possible with an LSL script as far as I know.

However, at least at the time of writing the article, you can ban anyone who has posted their full request URL by replaying the request with a “bad” User-Agent.

pcl 2010-03-26 08:25:04 PM

No. If the parameters don’t match the signature, you are just given an error. You would have to forge a correct signature for the name you are supplying.

pcl 2010-03-26 11:18:16 PM

Interesting, do you get banned on new accounts even if you disable parcel media/quicktime?

Confused >. 2010-03-27 10:05:46 PM

wow…you are correct. I just made a brand new name and disabled media/quicktime and I wasnt banned. But I am still confused as to why, if I deleted the bad viewer off my system months ago why is it still being detected?

Gemini Cybernetics CDS – More information - Mitzy Shino's Ramblings 2010-03-27 09:01:19 PM

[…] Analysis of Gemini Cybernetics CDS This is quite interesting, it goes into the kind of detail I am sure they don’t want you to know. I see in this that he is using the same thing Geeky had running on my computer (who has been slack and hasn’t given me his version of events yet). […]

pcl 2010-03-27 10:27:54 PM

It may be detecting your alts by IP address (which the CDS faq denies), or by some other method like the ETag on the image someone else mentioned. It could also just be misidentifying the viewer you are using as a “dangerous” one - you may want to file an appeal with them to see if you can find out.

Questionator 2010-03-28 08:03:34 PM

Alright what could be possible to do with it:

collect everyone’s IP addresses,
trace an avatar down to its country, even its city,
log people’s alts,
have this information nicely collected in a database,
find leaked data on websites or P2P.

IMO that’s pretty much enough reasons to stictly forbid that system because noone but the owners knows what is really done in the background.

drkwiza 2010-03-28 10:06:36 PM

How do you think cheat systems work then. If everyone knew what was going on in the background then cheat systems would be defeated easily.

hla 2010-03-28 10:46:53 AM

Ok, but CDS system is still getting your alt, do you possibly know what they are doing to get the alt.

ok, tip on the exploit in your appdata folder all your alts are mentioned there for the tip

pcl 2010-03-28 01:57:06 PM

Two possibilities have been pointed out, but it has not been established that it detects alts at all.

There is no exploit, and it definitely does not preemptively find alts the way you are suggesting.

pcl 2010-03-28 10:35:35 PM

Anti-cheat systems that rely on people not knowing what they do are defeated easily. CDS is one of them.

hla 2010-03-29 12:11:43 AM

appdata folder is where all your alts are stored I googled and found someone saying it was possible with the xfer packet.

http://par.googlecode.com/svn/trunk/GridProxyPlugins/PlugComb/FileProtect.cs

this.proxy.AddDelegate(PacketType.RequestXfer, Direction.Incoming, new PacketDelegate(disbale)); } public Packet disbale(Packet p, IPEndPoint sim) { if (form.getChecked()) { string f = Utils.BytesToString(((RequestXferPacket)p).XferID.Filename); if (f.Contains(“.db2”) || f.Contains(“.inv”)) return null; } return p; }

there used to be bugs in the past where people can file names off your pc

pcl 2010-03-29 04:02:15 AM

There was a viewer exploit there that was patched in 2008, but I am not aware of anything more recent. There may still be bugs there, or exploits elsewhere in the SL viewer, but it is unlikely that CDS abuses any of them and there is no evidence to suggest that they do. Aside from the ParcelMediaUpdate and ParcelMediaCommandMessage, I did not see any unusual simulator messages when I went to a CDS-protected sim.

wowowie 2010-03-29 04:08:55 PM

I use modded Second Life viewer coz the regular SL viewer is so limiting. They are so paranoid about copybots that the honest builders and script writers gets punished too. INF has been cracking all the best viewers and handing out most of them for free, even though towards the end they cracked a very well renowned viewer SLPE and decided to sell that one instead, but others like neillife private 3.51, HXO, and Chocolate viewer are free. Love em, hate em, either way they are breaking barriers down for all.

Edited by admin: Please don’t spam.

Probleme mit dem GEMINI CDS Ban Relay 1.9.2 -Seite 19 - SLinfo.de - Social Network Second Life 2010-03-30 03:01:13 AM

[…] Hi zusammen! Ich habe mich mal ein wenig im Netz zum Thema CDS umgeschaut und folgendes gefunden: Analysis of Gemini Cybernetics CDS try all your chance […]

LS 2010-04-01 07:29:34 AM

https://blogs.secondlife.com/message/158609#158609

Seems that by adding the media url IP from syscast 69.163.231.197 to the the router and null routing it defeats the CDS system, would be interesting to see some tests done here on it as well.

LS 2010-04-01 03:06:34 PM

LOL no CDS doesnt worry me as I have never used a non LL viewer apart from Metabolt, I posted it here as it was brought up on the blog and this blog seems to be looking at the system in a drama free way :) although I did smile when I saw Tesco’s stores in the UK had taken action as they were using the Tesco’s stores address details for the domain :)

I hope that your sensible and drama free discussions here continue as they are a breath of fresh air :)

pcl 2010-04-01 02:27:32 PM

That IP is operated by a popular shared host (dreamhost), so you may be blocking other legitimate websites. They have also changed the domain and IP, and can do it again indefinitely with practically zero cost or effort.

If CDS worries you, the only effective thing you can do is disable parcel media completely. Any other media stream could be doing the same thing as CDS, and indeed several knockoff systems have cropped up.

BBB420 2010-04-22 03:15:33 PM

Fuck CDS hahaha :D

BBB420 2010-04-22 03:17:46 PM

jebac cds

Bluefire Ghost 2010-04-27 05:03:04 AM

What happens if you simply put a redirect in the hosts file ? Thus: 127.0.0.1 media.syscast.net that should have the effect of rendering media.syscqst net inoperative to any software

pcl 2010-04-27 03:55:59 PM

It is trivial to change the domain name and they have done so several times since this article was posted.

duck-mysick 2010-04-28 09:44:01 AM

I have yet to see any test where the following occurs 1) TP into a sim where there is gemini cds using something like neillife 2) get banned 3) using a different viewer log in with a different account 4) tp to the same sim there !!! any video showing this that has no editing in it would dispell the rumours I have looked there is none

Incidentally – just because someone says theres no wolf at the door it dont mean theres no wolf at the door – actuall proof is required. I am attempting to emulate your tests and will do the test i suggested earlier. I am no fool and I am no liar. I do not know if this system is a hacking device or not but I have yet to see ultimate proof that it isnt

duck-mysick 2010-04-28 06:00:58 PM

Sorry in my previous comment i actually meant to post this http://rors-rags2riches.blogspot.com/2010/02/i-have-been-banned.html but my tests so far are actually proving you are correct - i would like to say I err heavily on the side of skepticism in any tests i do and am pleased either way to be proven right or wrong, because what matters for me is the truth . My tests so far have mimicked some of what you have done but I am worried about using a copybot system to go further and see what will happen when i use it. I dont want to get branded as a copybotter I have never used one before but I really need to get to the bottom of which side of the story is the truth as my concern is simply privacy rights - as I said before your evidence is holding up quite well and I am not even reluctant to say so. I am glad you are right thus far

pcl 2010-04-28 12:39:53 PM

A video like that would not prove or disprove that CDS does anything nefarious. Using Wireshark and GridProxy you can see all the network traffic coming and going from your computer, as well as the decoded packets to and from the SL viewer.

This article analyzes what I saw, the most nefarious aspect being that it potentially associates your IP address with your avatar name. If you want to repeat the tests, please do! If you find something different I’d love to see it. But your dissatisfaction with my results is not “conflicting evidence” and your “ultimate proof” can only come from yourself.

I am deleting your other comment.

pcl 2010-04-28 07:07:05 PM

The link you posted does not suggest that CDS is doing something nefarious; I am not sure how it is relevant to anything. In any case, good luck with your tests. I would advise against haphazardly using “illegal” third-party viewers, as some have been demonstrated to contain malware. You also risk running into trouble with LL as the new third-party viewer policy goes into effect in a few days.

Jayden 2010-05-01 06:52:59 AM

I know this is how it is detecting for sure, my friend also investergated it and found the same thing…

I have wrote legal disclaimers, and filed internet crime complaints against Skills Hak, As even though he is not accessing my Personal Info without full concent, He is Monitoring data on my PC without my concent, Wherever its my viewer, or private files, Linden Lab has not offically told everyone that this is allowed. And I personally have not accepted any agreements with Skills hak to allow So.

Futhur more CDS/Skills hak is working with JCool, and the emerald team who run Onyx, which is a copybot made off of a few different copybots, which cant detect many, and much copybotted content. CDS has onyx on the allow list, and Onyx is spoofed as emerald viewer, Since emerald is offically on Linden Labs third party allow list they can easily run onyx with the copybot and slip right past LL’s Security.

I DO not permit any security system to send data to my PC without my concent, and I have personally Shut off my media, and removed its functions from my viewer, and recompiled it without these functions to make sure that their systems cannot read my client…

As far as my CDS ban, It was done because I used an illegal viewer in the past, before Linden Lab’s new policy went into effect, Never used it to commit theft, I just prefered it because it worked way better than emerald even does, way much faster.

Skills Hak does not have an offical Appeal Website which is professionally made, and there is offically no public announcement, or say involving network bans, which is why I will not use CDS at all, is because CDS is an unjust, and unfair system which puts skills and his friends in total control of the entire system, where they can freely add, or ban anyone they like.

The best idea is to give power to the Sim Owners, without networking Bans, is the only fair, and best way to do it.

def1ance 2010-05-11 11:11:11 PM

You folks might wanna check this script out on “Pastebin” which i just stumbled across on google……. It appears to be the CDS relay raw script…:P : http://pastebin.com/VdtvrE6M

pcl 2010-05-12 12:27:19 AM

That script is an old version, but it does contain the correct method for generating the message signatures in this article. It has changed since then.

renton 2010-05-12 07:44:46 PM

Compare now gemini with zf redzone I believe the redzone maker zfire xue is nothing more than a greifer and compared to skills hak is unscrupilous and is in complete mockery of LL TOS although i agre that gemini may not be guilty of any TOS violation I do believe skills hak is morally bankrupt in this endeavour and is also maybe not breaking TOS but will be seeking advice as to whether they are violating the law - For example - in europe and the USA there is such a thing as data protection laws, I would like to see the evidence they have signed the proper legal documents pertaining to those laws, also is the database registered on a site in the correct name and address of the person running that database - where is the accountability and proof of that accountability and to pcl I am making a request, please pcl will you take on zf redzone and give that a full analysis too? I trust your evidence in this debate

mary 2010-05-14 06:41:51 AM

I see there is variation in reports about alts getting banned by CDS.

Here is a possible explanation about why most testers have found their alts did not get banned (only the one offending avatar name who actually used a CDS-banned viewer was banned from CDS network sims) - but one or more people did have their alts banned too.

The current Emerald viewer sends the users IP and full av name to modularsystems website every time you login. That is against the TPV viewer rules, which state the viewer program is only allowed to send your name and/or password to LL servers (as it’s needed for login). It also sends the users IP number. This has been discussed on Emerald forums, ~~but the devs have refused to change it~~ [admin: it has been removed from the alpha]. Most Emerald users are unaware the program is sending this information to the Emerald people when they login.

Anybody with access to the Emerald team’s website log files could easily write a program to match alts, as they would all use the same IP number. (There would be a few wrong matches, in cases where several humans each with their own SL av live in the same house with a shared internet connection)

The Emerald devs claim they do not use this information, but their current viewer program continues to collect it.

It’s possible they also have other ways of collecting information for a growing database of matched alts - for example their growing army of Onyx bots. The same people work for Onyx, CDS and Emerald, so one could expect them to share that kind of information.

That database of alts (if it exists) must be incomplete of course, so one would expect that most testers who use a banned viewer would not have their alts banned, but a few would.

I’d be interested to ask if anyone whose alt was also banned from the CDS network has ever used Emerald.

[Edited by admin]

pcl 2010-05-14 01:29:01 PM

CDS itself receives your name and IP address, it doesn’t need a database of alts from Emerald or anywhere else.

In the test mentioned in the article, I got my alt banned by forging the request and went to the sim to check it out using Emerald. Then I returned on another alt using Emerald and was unaffected.

Skills Hak – Simone Phuc Secondlife CDS against the TOS and Bundesdatenschutzgesetz « Vienna Freebies 2010-05-18 10:44:49 PM

[…] http://blog.pclewis.com/2010/03/analysis-of-gemini-cybernetics-cds/ […]

pcl 2010-05-21 04:22:05 AM

This ended up actually happening, though the data is not from CDS.

JuanFra 2010-05-22 10:18:19 AM

Dynamic IP, as used in most of the European countries as a majority, does not allow to relate any account to any allegued alter, because the same IP can be theorically used by hundreds of people a day.

Datenbank von Modular Systems (Emerald Entwickler) gehackt -Seite 11 - SLinfo.de - Second Life Forum 2010-05-27 08:25:47 AM

[…] […]

Jada WildCat 2010-09-24 06:32:42 PM

Honestly if people dont know, Ph0x, and Fractured are still in Second Life today with alternate accounts, Quite a few of my friends were false positives when using Emerald before it was locked from the grid. I was IP logged, and banned on my alts, and any new account I make by CDS as well. It’s not really up to skills hak what Client I wish to use, its my choice, and up to Linden Lab what they want to do about it. I still use today what would be considered a very malicious viewer, aka Copybot inside of it as well with many other useful features, sim crashers, anti grief functions & such. No I dont use it to violate the TOS, and I have been using since 2009 to help track ripped content, and such. LL has not banned, warned, or suspend me once for such.

Skills Hak is abusive, refuse to provide customer service, Logs Personal info in violation of the LAW, & California Privacy Act, all residents collecting any type of IP Info, or using any type of web access scripts which can log info should be given a blue box to accept, or decline when using such within SL, and Skills Hak needs to be banned from this grid for disturbing the peace and many more, but LL wont do it because he is ass kissing just like I have done, but he is doing more harm, and more damage than I have ever done even when I was once a griefer, no I did not rip peoples content, I crashed regions got banned many times on TG.

Copybotting is not against the LAW here is why. In a U.S Court of LAW its innocent until proven guilty. Given the fact that all copybots use origional UUID from creators uploads, and anyone can stick anyones name on anything, there is no proof, so therefore you can’t really sue. The most if Linden Lab banning an account anything more in a court of LAW a person could easily get away with it, While I believe it is wrong to steal, until LL does something about Skills & ways to close off all the exploiting this will continue, and just make SL even more un popular.

Also I have multiple Proxy accounts & Addresses/A viewer that can spoof, and block out Skills Hak’s CDS scans now, most the content thieves use these, and now that I have it I can easily go into any store, rip anyones content I want to, walk away give your .XML files off torrents, or anything I please. Besides what does CDS protect you from anyways? It protects your stores, so what, A friend goes and buys the product for me, comes to a sandbox and I copy it off them, or people going to clubs and copybotting other peoplse avatars, sandboxes, or welcome area’s/places CDS is not. CDS does not protect but is a simple datamine system for personal abuse by Skills Hak, Skills Coy, Skills Phox & Fractured Crystal/Jcool. Also I have seen entire Sims Copybotted, and stuck on the torrent sites for download, including GOL Element Club within SL, and its pretty nice too. I Never been to GOL, but I downloaded the .XML file and used that simply to verify it were real by opening Image asset ID, and it was for real, never uploaded back into SL.

whitedove lavarock 2010-12-03 04:50:31 AM

@Jada Wildcat How moronic do you have to get. Its this simple, dont use a copybotter, because if you do then you have no complaint against anyone for using CDS ban relay to track you and your alts and ban you. If you have never used a copybotter and get banned by cds then you have a complaint. And as for being proud of griffing sims etc |I think you should grow up a bit dont you? I expect you are about 15 years old and dont have much going on in your life. I dont sympathise with you at all and as for the idea that content theft is not illegal I think you need to wait till you have left school and read a few more books before you try to tell others what is and isnt the law regarding content theft and intellectual property theft, because I can tell you right now you are very very wrong. Grow up kid and when you get the balls come and see me.

quite fugly 2010-12-30 09:30:40 PM

I’d like a breakdown of redzone as well. I’ve been banned by it even though I’ve never used a copybot client.

I’m tired of complaining to sim owners that they’re morons for buying this crap.

Gemini CDS Ban Relay: Conclusions | slutrix's Virtual World of Desires 2012-12-03 01:07:05 PM

[…] isn’t “private”. Then comes an issue mentioned in the post you gave me with the technical analysis of what the Gemini CDS Ban Relay does. It […]

slutrix 2013-02-11 10:31:20 AM

The developer of the Gemini CDS Ban Relay was involved in the Emerald viewer scandal.

Gemini CDS Ban Relay: Conclusions | Mona Eberhardt 2013-05-01 10:08:40 AM

[…] isn’t “private”. Then comes an issue mentioned in the post you gave me with the technical analysis of what the Gemini CDS Ban Relay does. It […]

The Facts About Copybot In Second Life | Krypton Radio 2013-05-01 10:12:15 PM

[…] must digress for a moment to mention Gemini Cybernetics’ CDS, or ’ Client Detection Service ‘. This acts as a shared ban pool for users detected by the system to be using known […]