Obscurity is not security

Back in the early days of Internet technology it was feasible to have “security by obscurity” — putting up a document on the Internet, say, but making the address so complicated that nobody would be likely to stumble upon it by accident.

That was in the days before decent search engines, of course. Today, if put a sensitive document out on the Web unencrypted, chances that that someone will find it and either secretly exploit it, or publicize it and humiliate you.

With the hypergrid, that small window of “security by obscurity” does not exist.

I’ve met a few folks recently who’ve put up grids, enabled hypergrid teleports so that they themselves can travel in and out, but closed off public logins until they were ready for official launch.

How do I know their intent? They told me: “Those regions are on the hypergrid, but I’m not publicizing them yet.”

I’m going to do them a favor, and not publicize them either. But I am giving those guys a heads up: if your region is on the hypergrid, it will start showing up in search engines, in grid lists, and in other locations — and in our directory.

Now, those were private regions, not of significant interest to the readers of this publication.

But in the the last couple of days, I’ve found two under-development grids — one owned by a university, one by a government-affiliated group — that require visitors to apply for user accounts before they can get into the grid, and they only approve access for those people who have a reason to be there. But the hypergrid access is wide open. The folks who helped the second group set up their grid tell me they meant to do it this way, but it’s hard to understand the logic behind the decision — why restrict direct logins and account creation, but allow any stranger to just teleport in?

A giant question mark in the middle of the sea -- a deliberate plan to amuse hypergrid travelers?
A giant question mark in the middle of the sea -- a deliberate plan to amuse hypergrid travelers who think they've stumbled into a secret government grid? Or does this innocent-looking concrete construction hide an alien autopsy laboratory? Obviously, we prefer the latter explanation.

If you don’t want public access to your world, it’s not enough to make the hypergrid address obscure. It’s too easy to find it. For example, OSGrid lists the hypergrid addresses of its regions on its Website, as with this listing for Hypergrid Market Middle region. Googling “loginuri 8002” returns more than 7,000 results with login instructions for individual private OpenSim grids. Many of these can be converted into hypergrid addresses by simply replacing the “:8002” at the end of the address with “:9000” — the default access port for individual regions.

Furthermore, once someone has visited a region through directly logging into a grid, they can find out its hypergrid address by clicking on Help-About in the menu. This can make it easier for them to come back and visit later, but if they post that address online anywhere at all, then Google will pick it up sooner rather than later.

Now these are just the obvious, straightforward ways that average users can find hypergrid addresses without particularly trying. Any day now — better yet, given the recent pace of OpenSim development, any minute now — someone is going to come out with a Google-style search engine that goes out and spiders the Internet looking for active hypergrid destinations. That is, if Google doesn’t have a skunkworks developing this tool already.

The upshot is: if you’re on the hypergrid, people will find you. Maybe not immediately, but eventually and, given Murphy’s Law, when you can least afford it. OpenSim — and Second Life regions, as well — are particularly susceptible to denial-of-service attacks, for example. A region can go down, for example, if a too many people try to visit at once. And by “too many,” I don’t mean millions, as with a Website. I mean, “more than 25 or 50.”

Having a private grid protects companies from having their important meetings being disrupted either by accident, or by “griefers.” This protection is rendered moot, however, if hypergrid is enabled.

There are some legitimate use cases for allowing hypergrid while restricting logins. For example, some grids only hypergrid-enable one or two public-facing welcome regions. Hypergrid travelers can then stop by and visit these areas, without the grid administrators having to worry about creating separate user accounts for all of them, or managing their passwords, inventories and profiles. Members of the public can teleport in from other grids without having to create new accounts, and can then learn more about the company, attend public events, or pick up virtual promotional items. Meanwhile, approved users can log in directly and roam the entire grid. This requires careful use of access controls, however, to ensure that hypergrid visitors don’t just walk, fly or use local in-grid teleports to get to sensitive areas.

Her at Hypergrid Business, we’re big supporters of the hypergrid — we think it’s the next 3D Web. As far as we’re concerned, the more grids and regions are hypergrid-enabled, the better.

But we’re also big supporters of business, and that requires a certain measure of security, and marketing a business means projecting a consistent image to customers and partners. So if your message is that you’re security-conscious, and are restricting login access, don’t dilute this message by allowing unrestricted hypergrid teleports. The converse also applies — if your message is that you’re open to the public, and anyone can get in easily and for free, then restricting hypergrid teleports negates that message.

Our recommendations:

  • If the goal of your virtual world is to serve the public and to reach as many people as possible, consider enabling the hypergrid and allowing inbound teleports from other grids.
  • If the goal of your virtual world is to provide content and services — such as training programs and meeting facilities — to a small, controlled group of users, then consider closing hypergrid access and allowing only direct logins from approved users.
  • If you’re setting up a mixed-use grid for both public access and internal staff, consider running two separate grids instead. Schools and corporations already do this on the Web, with an Intranet behind the firewall for internal access, and a public-facing marketing and information Website. Similarly, an OpenSim installation can run behind the firewall for internal use, and a separate, public-facing grid can run with hypergrid enabled. Alternatively, a single grid can run in mixed-use mode, with some regions hypergrid-enabled and other regions kept private. Additional security can be created by setting access controls on sensitive areas.
Maria Korolov