ScienceSim leaves hypergrid

At a time when hundreds of new hypergrid-enabled worlds are coming online, it may seem surprising that some are turning off hypergrid access.

The Intel-backed ScienceSim has  recently backed away from hypergrid teleports, citing security concerns.

(Image courtesy Intel.)
(Image courtesy Intel.)

According to Shenlei Winkler, the CEO of the Fashion Research Institute, hypergrid teleports have been shut down due to a variety of security concerns.

Winkler runs some of the most high-profile regions on ScienceSim, and has received attention for her innovative work in pushing the boundaries of OpenSim. She also administers the land grant program on ScienceSim, which provides free virtual land to non-profits.

Hypergrid teleports allows visitors who don’t have accounts on a grid to visit with their off-grid avatars. It also allows these visitors to get content and take it back to their home grids. Both of these were a potential security concern, she said.

“The security issues with hypergrid are well known,” said Mic Bowman, the principal investigator from Intel who is leading Intel’s research in support of ScienceSim.

Another potential security concern with hypergrid is that ScienceSim users may be able to hypergrid out to visit grids run by hackers. These malicious grids may then steal inventory objects, or even delete objects from users’ inventories.

So far, no cases of such malicious grids have been reported.

In addition, any region owner can also take advantage of the management functionality built into OpenSim to give themselves “god status” and steal objects. This problem isn’t limited to hypergrid — it is a potential liability whenever total strangers are allowed to connect their own regions to a grid.

“This situation is the kernel of the belief that open grids are hopeless for a virtual-goods economy,” says the OpenSim wiki entry on hypergrid security. However, the entry goes on to add that similar issues exist on the World Wide Web as well, and that hasn’t stopped the growth of e-commerce.

In fact, the Internet is rife with security issues. Return email addresses can be spoofed. Emails are not encrypted and can, theoretically, be intercepted. Hackers set up fake websites that take over your browser — or steal your banking information.

Hypergrid security issues are minor in comparison, and, as a result, more destinations continue to enable hypergrid teleports.

According to Christa Lopes, 240 publicly reachable simulators are now registered with her Metaverse Ink search engine. Lopes, who is the inventor of the hypergrid, is also a professor of informatics at the University of California, Irvine and the creator of the Diva Distro of OpenSim, which is an easy way to create a standalone grid. The Diva Distro grids are, by default, hypergrid enabled.

SECURITY PRECAUTIONS

The lack of reported security problems doesn’t mean that the threats aren’t out there. If you don’t want to be the first to fall victim to a malicious grid, you can take the following precautions:

  • When traveling to an unknown grid, use a backup avatar, one without many assets in its inventory. All OpenSim grids currently offer free avatars, so there’s no extra cost to creating a new account — it just takes a little time. An avatar that’s not weighed down by too many belongings may also travel better, according to some reports.
  • If a stranger asks you to put up a link to their grid, check it out first before putting up a hypergate or a link region. They could be a hacker — or, slightly more likely, to be a spammer. Today, though, the odds are that they’re simply someone new to the OpenSim universe and are out there looking to make some connections.
  • Implement group access permissions on those parts of your own grid you don’t want to have accessed by strangers. For example, your company office building might be only open to employees, but anyone can come to the lobby and conference areas.
  • If you have valuable content that you sell to the public, keep an eye on the major distribution channels to ensure that thieves aren’t making money off your work.