1:

Instead of using server space limited to 45 stored skins, why not replace the entire skin DL system with a P2P (Peer2peer) system!

This way, skins wont ever have to be stored on a central server, they will simpy be cross-transfered between drivers (peers)!


And along with all the other benifits of P2P technology etc. yadda yadda!




BUT....




Some of us want our skins visible but not shared!

There is alot of drivers that want to show off their skinwork WITHOUT someone else slapping it onto their car!

So, if possible, downloaded skins should be encrypted (Like the default skin textures in FlightSim2004/X etc for aircraft models!)

The DL textures for skins declared as PRIVATE would be unviewable in an image viewer because the data in the JPG/DDS is encrypted!

Encryption keys for these files could be tied in with LFSUsernames or whatever else could be used to decrypt the files when they nead to be loaded again! Its possible to do this in memeory without leaving an exposed 'valued' skin around!


I think this would be nice. I have skins I want to use on track, but I dont want anyone EVER getting a hold of the files! Im pretty sure teams will want to privatize their skins too!


Just a pleady suggestion!

Quote from CodieMorgan :

Instead of using server space limited to 45 stored skins, why not replace the entire skin DL system with a P2P (Peer2peer) system!

You loose moderation.

Quote from CodieMorgan :

So, if possible, downloaded skins should be encrypted (Like the default skin textures in FlightSim2004/X etc for aircraft models!)

Everything that is encrypted needs to be decrypted for use and thus is inherently unsafe:
1. Because it can be read from memory (you can't keep it permanently encrypted in memory - it has to be shipped off to the graphics card in some format it understands)
2. Because encryption is reversible, unlike a hash

P2P is always going to create security risks, especially if you want it running in the background while you're doing other things. It'd be very easy for someone who knew what they were doing to stick a spyware app or keylogger in there to go un-noticed.

Unless the method of skinning changes (which I can't really see, at least for now), your skins are always going to be vulnerable to people "stealing" them. The only thing you can do is not post full resolution versions of your private skins, meaning whoever tries to steal them will be stuck with the lower resolution versions, or at the most 1024x1024 (I skin at 2048).

TBH, I don't think skin stealing happens all that often anyway, so it's not something I really worry about much.

people aren't gonna try to extract a skin from memory! Thats too much effort!

The idea is to simply prevent them from ever actually having someones 'personal skin' in hand in original state!


I guess MD5 could be a great way to encode files, using some LFSW generated value as the 'key'!

I double someone will try to break open and MD5 hash encoded file either, they would build ther own skin's 10x over before they get past that!

"Even if they have 512 skins... I don't even want my private ones on their cars in any resolution whatsoever! But i still want people to see them"!

A different way to describe the issue!

Quote from CodieMorgan :

people aren't gonna try to extract a skin from memory! Thats too much effort!

Aren't they?

Quote from CodieMorgan :

I guess MD5 could be a great way to encode files, using some LFSW generated value as the 'key'!

MD5 is a hash. One way - which means its useless for what you're proposing.

If you want your skin "private", don't upload it to LFSW, simple as that. If you only want a few trusted people to see it, give it to them personally.

Problem solved.

Skin protection has been discussed in depth before, there is just no secure way of doing it and while keeping the system as simple as it already is. In the end it will all be a waste of time to code... Arguing over someone using your private skin online???? Come on, it can't get any lamer than that, it's just a skin.

If anything, be proud.

yeah i do alot of skinning when im not racing and i dont like the fact that someone else gets my skin without me approvong it. it kinda pisses me off accually.

Quote from Tweaker :

If you want your skin "private", don't upload it to LFSW, simple as that. If you only want a few trusted people to see it, give it to them personally.

Problem solved.

Skin protection has been discussed in depth before, there is just no secure way of doing it and while keeping the system as simple as it already is. In the end it will all be a waste of time to code... Arguing over someone using your private skin online???? Come on, it can't get any lamer than that, it's just a skin.

What if we want everyone to see it without them using it...

... problem not solved!

For some its not just a skin... its art!

The P2P idea doesnt appeal to me imo, in the Drivers Republic (alpha?) its an absolute nightmare.

and yeah. I most of the time release my skins publicly anyway, and if anybody nicked my skins i would just be quite proud that they wanted it. Unless its a team skin, i dont see the big deal.

Another problem with p2p is that two passive connections cannot connect to each other. So what happens when all clients are passive is lots of error messages and white cars.

I am sorry for all people that said there is no solution...because I have it

We all agree encryption is a bad solution, but why ?
Because it is client-side, and we can't trust a client

So the simple solution is a SRM (Skins Rights Management).
When you upload your skin to LFS World, an advanced algorithm will check if the skin is not already uploaded by someone else (not by checking the filename but by checking the picture itself !).

If it is not already uploaded, the author of the skin become the one who uploaded it. Once you uploaded it, you can manage the rights on this skin directly on LFS World : you can put it viewable for all users / few users / 1 user / no user and "usable" for all users / few users / 1 user / no user.

For the viewable part, it is easy, if you don't have the right to see it, it will not be downloaded when you join the game (DEFAULT_SKIN on other clients)

For the usable part, it will not change anything for any user, the skin will still be downloaded to "skins_x" folder and a bad user can still copy it to "skins" directory and play online with it ! BUT every users (except himself) will see his skin as a blank skin or even better "I_steal_a_skin.dds"

How it works ?
It's simple, when the bad user copied the skin from "skins_x" directory, he didn't renamed the filename (because he wants other people see his nice skin freshly stolen)...so the LFS server also know the name of the skin and an algorithm will just check if the LFS username has rights to use this skin [on the LFSWorld database] : if he doesn't he will send to all other clients to load "I_steal_a_skin.dds" instead of the good "dds" file

So as you can see it is server-side protection and it's way better than encryption because the bad guy don't even know that his skin is not show on other clients

Not a bad idea. Sounds like a lot of work though.

Quote from XtremDriver :

So the simple solution is a SRM (Skins Rights Management).

Just what the world needs... MORE DRM

Sorry but DRM = BAD and there will be work arounds. All someone has to do is change part of the skin and its not the same. If the DRM didn't let me upload a new skin I had created because it thought it might be a protected skin because it was too similar to someone elses then I would be miffed.

Too much effort or too little gain.

Nobody is selling skins, there is no proffit in it so why implement a system that will have huge holes, flaw and probelms to solve a sort of non problem.

It would be a constant fight to keep working, solve false positives etc etc etc. DRM is flawed.

Quote :

why not replace the entire skin DL system with a P2P (Peer2peer) system!

That would involve router NAT setup being mandatory just to connect as a player. If you dont know what a NAT is, dont ask for it to work this way, if you do then you realise why it is a bad idea.

Quote :

people aren't gonna try to extract a skin from memory! Thats too much effort!

It's easier to decode a skin from RAM than to load a non-documented format, ie: If LFS replaced the skin format with its own proprietry image format then it would be cracking not by loading the image file, but by ram scanning it. Once loaded all images are effectively BMP format 4 bytes per pixel, RGBA). This would happen not because people want the skin, but because its possible - hackers are like that .

However I do agree that 'reasonable' protection is all that is needed for private skins. The fact that downloaded skins are .dds already prevents all but 'reasonably knowledgeable' people from converting it to .jpg to use in their skins folder. Skin theft in LFS does now involve some knowledge, and I think that is all that is required - because any more protection than LFS has already got isnt likely to achieve any more and just adds more hurdles in the way of legitimate use.

Quote from Becky Rose :

That would involve router NAT setup being mandatory just to connect as a player. If you dont know what a NAT is, dont ask for it to work this way, if you do then you realise why it is a bad idea.

Roll on IPv6

Quote from Becky Rose :

That would involve router NAT setup being mandatory just to connect as a player. If you dont know what a NAT is, dont ask for it to work this way, if you do then you realise why it is a bad idea.


It's easier to decode a skin from RAM than to load a non-documented format, ie: If LFS replaced the skin format with its own proprietry image format then it would be cracking not by loading the image file, but by ram scanning it. Once loaded all images are effectively BMP format 4 bytes per pixel, RGBA). This would happen not because people want the skin, but because its possible - hackers are like that .

However I do agree that 'reasonable' protection is all that is needed for private skins. The fact that downloaded skins are .dds already prevents all but 'reasonably knowledgeable' people from converting it to .jpg to use in their skins folder. Skin theft in LFS does now involve some knowledge, and I think that is all that is required - because any more protection than LFS has already got isnt likely to achieve any more and just adds more hurdles in the way of legitimate use.

Yeah... but LFS mod/tool sites need to stop publicizing DDS converters right next to SKINZ...

Quote from Bob Smith :

Roll on IPv6

OMG its bob smith! Whooo... You are the smartest man alive!