The Media Filter is designed to help protect you from malicious media streams that might be used to gather information about you as you travel around Second Life (such as capturing your IP address alongside your avatar details in an attempt to identify any alts you may have and link them to you).
It has been specifically designed to warn you when your Viewer has been asked to accept an incoming media stream request, allowing you to determine whether or not you wish to receive the stream before it connects to your Viewer.
This tutorial is designed to provide an overview on how to use the Media Filter, and to provide guidelines on what to look for in suspicious media streams.
The Media Filter itself is available in most third-party Viewers, but is not available in the Linden Lab “official” Viewers.
My personal thanks to Sione Lomu, for developing patch and Pyske Phaeton for providing additional notes on what to look for in suspect media stream requests.
Enabling the Filter
By default, the Media Filter may be active from the moment you install a Viewer that includes it (you may even see it display a pop-up the first time you log-in to a Viewer that uses it – see “Using the Filter”, below).
However, should you find you need to turn it on, or if you wish to ensure it is active, follow the instructions below.
The Media Filter can be activated via the Viewer Preferences, as follows:
- Cool VL Viewer: EDIT->PREFERENCES->COOL FEATURES->MISCELLANEOUS
- Dolphin Viewer 1: EDIT->PREFERENCES->ADVANCED->MISCELLANEOUS
- Imprudence: The Filter is automatically enabled; no action required.
- Phoenix Viewer: EDIT->PREFERENCES->AUDIO & VIDEO
- Dolphin Viewer 2: ME->PREFERENCES->SOUND & MEDIA
- Firestorm Viewer: The Filter is automatically enabled (AVATAR -> PREFERENCES -> SOUND & MEDIA to disable)
Make sure ENABLE MEDIA FILTER/MEDIA FILTER (INCREASED SECURITY) is checked.
- If it is, take no action and close the Preferences window
- If it is not, check it and click APPLY and close the PREFERENCES window.
Using the Filter
Note: The Media Filter only works if you have media enabled. If you have previously disabled media but now wish to use the Filter, you will have to re-enable media first.
The Media filter activates in two ways:
- Automatically, on encountering a media stream trying to connect to your Viewer
- When you click on the music / media PLAY button, and media is available.
Either way, a pop-up is displayed on your screen:
The pop-up displays the URL of the media stream and a series of buttons:
- ALLOW: allow your Viewer to connect to the stream. You should only click on this if you feel the media stream does not harbour a potential threat (see What Do I Block?“, below).
- WHITELIST: if you recognise the media stream as being from a safe source, click on this button to add the stream to your Viewer’s Whitelist. This will prevent the pop-up appearing when you encounter the stream in the future
- BLACKLIST: use this option to block the stream and add it to your Viewer’s Blacklist. The stream will be blocked automatically whenever it is encountered in future, without generating the pop-up
- DENY: if you are unsure about the stream, and do not want to risk exposure, click this. The stream will be blocked for the duration of your stay.
Editing Your Lists
There may be times when you accidentally add a stream to your Blacklist or Whitelist and wish to remove it. Here’s how:
Bring up your Media Filter Editor:
- Dolphin 1 Cool VL: VIEW -> MEDIA FILTER
- Imprudence: EDIT -> MEDIA FILTER
- Phoenix Viewer: PHOENIX -> MEDIA LISTS
- Dolphin 2 Viewer: ME -> MY MEDIA FILTERS
- Firestorm Viewer: AVATAR -> PREFERENCES -> SOUND & VISION -> click EDIT LISTS
The media filter editing window, similar to the one show below is displayed (From Dophin 1.x):
Any URLs you have listed will be displayed in the left or right pane of the window.
To remove a URL from either list, click on the URL to highlight it, then click on the respective REMOVE button under the list.
To manually add URL to either list:
- Click on the ADD button under the required list
- The New Domain box is opened
- Enter the URL you wish to add to your list and click the ADD button to the right of the box
- The domain will be added to the list.
Some Viewers allow you to completely clear both lists using the CLEAR LISTS button. Where this is the case, remember that both the Whitelist and the Blacklist will be cleared.
A short video (specific to the Cool VL Viewer) has also been produced, that provides a basic overview of the Media Filter.
What Do I Block?
One of the issues of the new patch, of course, is knowing precisely what might be an attempt to harvest information from you. So what should you be looking out for?
As I’m not a technical expert, I asked those who are to give some broad brushstrokes on what to look out for in the pop-ups. Pyske Phaeton, himself the creator of very excellent (and completely non-invasive) security orbs, was good enough to provide the following examples of both good and potentially bad stream requests:
The main aim of the bad people is to send information about you to their server. Therefore the longer the URL the more chance it contains your information.
For example the following URL doesn’t obviously contain any extra information that looks like it might be data about you:
However, something like the following example becomes more suspicious:
Is 123 a way of tracking you, or is it a music selection from a larger collection? We don’t know.
The next two examples become even more suspicious:
- http://18.104.22.168:8000/music?m=2342hdd922adattaaaa8syd7stdfssfff&x=122dgf r
What is that data on the end of these? The long strings of letters and symbols might be obscuring data about you.
The longer the sequence of the URL after the first single / the more information it is potentially sending and therefore the more suspicious you should become. However, there are some pointers.
If I look at the current URL for my post I am doing I see:
The data on the end of this URL makes sense: I am creating a new reply and the post is number 1175291. I can therefore trust this.
Similarly, if I go to YouTube and play a video I see:
This also makes sense: I am playing video NLmsiaN5dZM and I used the feature topvideos.
So, when it comes to evaluating media stream URLs, the two questions you should ask yourself are:
- Is the length of the URL suspiciously long and
- Does data in the URL make sense or does it look suspiciously obscured.
Examples of what you might see:
The above is a “safe” media stream URL (it actually is for Martini in the Morning, a popular stream in SL, run by the ever-generous Brad “Martini” Philbin. As such, you could allow it, and even add it to your Whitelist).
This is altogether more suspicious, as Pyske’s notes suggest: the long string after the main URL, together with a php statement suggest that it is going to do more than just stream music – probably best to click Deny.
A Word on the Whitelist / Blacklist and Viewer Installations
Note that the media stream whitelist and blacklist are stored in an XML file (.XML in the Viewer’s installation folder). If this file is deleted, all saved media streams will be lost. To avoid this, make sure you copy / move this file to a safe location when updating / deinstalling your Viewer.
- It is probably better to deny all media requests for those sims you rarely visit.
- If you have specific venues you enjoy – clubs, etc., – then use the media patch to examine incoming requests. Generally, the music stream will be obvious (and probably the only one to pop-up).
- Only Whitelist those streams you know are safe: your home parcel music stream, club streams you can absolutely trust (because you know the owners).
- Remember that this media patch only protects you from attempts to obtain data from you via a media stream. It does not prevent scripted objects obtaining information about your avatar such as you make available through your Profile. Such information is regarded as being “public”, and as such, is open to use by scripted tools.
- If in any doubt at all about filtering media requests – disable your media settings.