Loading any external asset should use "Host Access" permission system

[copygirl]

Is your feature request related to a problem? Please describe.

I'm still new to Resonite and don't know all the ins and outs, so excuse me if I get something wrong.

From what I understand, there already exists a system for certain (web) requests being make from ProtoFlux or components to external services, asking the user if they want to allow this request to go through.

This same system doesn't appear to be used for loading in assets such as external images (I've heard) or videos in a video player. (External in the sense that they don't come from Resonite cloud servers or directly from other users in the session.)

Describe the solution you'd like

• Any request or connection to an external server being made should use and follow the same existing permission system, and require the user to consent first.
• Certain domains (such as YouTube, for playing videos) could be enabled by default.
• The Host Access permission system may need to be extended with an option to remember the domain for all future access requests, if a user would like it to be remembered. (The current dialog does not appear to have an option to remember or not, so I don't know the default behavior here.)
• The list of permitted domains should be able to be accessed and edited in settings or similar.
• It appears the above features are already present and would just need to be applied to this scenario. However, it might be nice to have the option to just give permission for a certain session, rather than permanently (until manually removed), and I might suggest for this to be the default.

Describe alternatives you've considered

For a user? Firewall or VPN, I suppose. There is also the option of using the ResonitePrivacyShield mod.

Some people have raised concern about the permission requests potentially "nagging" too much, however I would personally still prefer people being made aware of these outside connections being made, and then perhaps providing a way to turn off any future permission requests and simply blanket allow them regardless of the target domain, if they really don't care.

However, too many requests might be an indication of bad design, too. Instead of saving game progress in the cloud, I've already seen of the farm world you've showcased, which simply stores game progress as an item you can save to your inventory, for example. Therefore it might not be a bad idea to "nag" people about these permission requests, to make developers think differently. Ideally, only very few domains should need to be whitelisted for a mostly nag-free experience.

Additional Context

Both a friend of mine and me are users of Second Life, though I myself have never delved too far into it. Second Life is server-side (even its movement) and typically the expectation is that another user can't find out your IP address. However, you can play music steams from the web, as well as make interactive surfaces that display a web page, from what I remember. This can, and has, been used to grab users' IP addresses and doxx them, for example. So typically this requires you to accept a prompt, or click the interactive object first.

Now, I understand that IP addresses in Resonite are NOT private information. After all, its networking is based on peer-to-peer architecture. However, I think there's a difference between the trust you put in other people joining your session, especially since you can control the access level, and an item or world making a connection to the outside without your knowledge or permission, even if you are in a private session all on your own.

This could be just one of multiple steps towards more default security and privacy in Resonite, making it more robust for larger audiences that could include more notable people, creators, streamers, etc. and limit the damage that bad actors can do.

Requesters

copygirl, capitalthree

[jae1911]

As a reference, this was discussed on Discord starting with this message: https://discord.com/channels/1040316820650991766/1154514007479287942/1254008838512709696 (requires account)

[XDelta]

Several domains are already allowed by default. ("resonite.com", "google.com", "imgur.com", "reddit.com", "youtube.com", "facebook.com", "twitter.com", "wikipedia.org", "wikimedia.org", "discordapp.net") and will show in the settings, you can revoke these permissions if you want to and they will prompt again when needed or deny the permission and you won't be prompted

Currently allowing a domain will allow it until you revoke access to it later in your settings.

The list of allowed domains is in your Settings under Security > Host Access Permissions

The number of prompts you'll see diminishes pretty quickly as you allow/deny them to the point where they can be somewhat rare. (even if you use the mod to show a lot more of these prompts)

There is a mod to make this the case should you want to have this before it is improved and implemented which can be found here https://github.com/hazre/ResonitePrivacyShield/

[copygirl]

@XDelta Sounds like an additional "Allow asset downloads" option would be all that's needed for a user to be able to track and review the permissions they have given, in relation to my suggestion, so that's good news to me!

[FlameSoulis]

I can confirm that if I reference an image from my own website, this does not do a permission check, and the resource is loaded from the domain. Note, this isn't saying 'copy and paste the URL as an upload' but rather as the source URL. I used this kind of idea as a means of obscuring certain items outside of the cache or the system itself.

[Frooxius]

This is something that we were planning to add at some point. One of the reason for the list of default allowed websites is so pasting images/videos from big websites (like Imgur or YouTube for example) just works, but some more unknown servers don't.

It will take a bit to integrate this into the asset system however, but it can be done.