It’s pretty new and has been mentioned in the previous dev blogs…
The idea is to make a better fallback system that shows the persons avatar in a lower quality form so you can get an idea what their avatar actually looks like instead of viewing a default brush.
Nope.
So excited for imposters! Is there any documentation or internet articles on how they work at a more technical level?
ripper will find a bypass just like cheaters in video games they find ways! people just need understand just don’t get you’re hopes up!
But are you doing something against the people that reupload a ripped avatar?
had one of my avatars ripped and uploaded to VRC as an puplic version. and everytime i reported that person nothing happend, the avatar was still uploaded and the person who uploaded it was still trusted rank. iw would be nice to get at least some information about that and if you actually will do something that our avatars then at least will not be used by others to maybe damage us (mine was visible in a video).
Double thumbs up in support of making rippers lives harder! Keep the good things coming! 
well 1 its a unity based game so ripping will always be a thing
2 the files arent encrypted in any way (as in they are cached on users pc in the vrc cache folder so any unity asset ripper can get them so people with the knowledge can easily rip and put the model back together plus they arent encrypted on vrcs servers either so anything that can get the vrca files/asset can be used to rip/reupload them [seen this by a copy of vrc users in discords/heard it in public worlds/seen it first hand with a few of the models i have/friends have]
3 even if they did encrypted them there will always be away around it some how so ripping will always be a thing no matter what you/devs do
the promoted world is pretty awesome ive checked it out with friends a bunch of times and even on low end systems it still looked/ran fine
While it’s positive to hear VRChat’s future is secured, I’m disappointed that the team hasn’t joined hands with other major Unity developers to speak out against the changes that they have announced.
Make sure you wait a second or two after the first person goes through else you sometimes end up with VRC making multiple sessions/instances rather than you joining the one created by the first person (at least this is how you used to be able to avoid the issue - I thought it created the session as soon as you make a portal now but now 100% certain).
Very very good indeed, kepp it going, can’t wait for the improving quality.
I agree and I’d like to see an official answer as well about it.
Making the impostors system sounds awesome, can’t wait to see it live, keep up the amazing work, cheers 
Thanks for all the hard work you guys are doing! I know it can be rough with feedback especially with the gigantic ripping issue going on but a lot of us really care about you guys behind the scenes making all of this possible for the community! Thank you! 
I wonder if the worldID:instanceID combo is already available with the new VRChat world SDK ?
I really need this feature to the static portals on my worlds.
type or paste code here
The avatar files are available on VRChat folder completely unprotected in full plaintext form. If that doesn’t classify as “no security” I’m not sure what does.
Please, do better than this. At least make rippers work for it, if only a little bit.
Sincerely,
A user that has had nearly all of his personal avatars ripped already
At a certain point of universal agreement on something I think it’s fine if not everyone has to stand on the table and sing a song.
Encrypt the cache files to really give rippers a headache, anything else will not be efficient, unless you allow us to choose who can see our avatars (that means our avatar files will never touch ripper’s pcs)
All I can think of is that basic AES128 encryption is sufficient.
Modern CPUs are capable of decrypting it very quickly.
However, this security is still not enough.
This is because if the EAC can be broken
As long as the entire compiled C++ lib is still running in stable memory, it is still possible for a tool to capture the password.
Whether or not the password is protected in some way, and protecting that password with other passwords is not necessary because it is useless when it happens on a malicious computer.
The two paths I can imagine are that the decryption process must ensure that the instructions can dynamically migrate through memory and remain efficient, even though it’s just an AES cipher, I’ll give you the example of the cheat engine, which is something that everyone here who might be playing a single-player game would try to use to make it easier.
Dynamics can be made significantly more difficult to avoid being found by filtering, but there are still more advanced tools and greater overhead to catch, but there is a very large memory overhead, and the time consuming nature of a large memory overhead is difficult to minimize.
The other route is to try and work at the driver level and use Microsoft systems and firmware TPM’s etc. to try and create a quarantine area where only signed drivers are allowed to be modified, this ensures that the original files are decrypted and transferred to the application which ensures that the passwords are not leaked and probed.
However, there is still a price to pay. After all, the malicious system is in their own hands and they don’t need to break the difficult chain of trust, they can just create the signature of the malicious driver for a few tens of dollars at most.
While the content will still end up in the application, and most static addresses will probably still capture the content, it may be more crippled, which ensures that the asset won’t be too available to give up stealing.
There are still parts of the asset that can be stolen, such as the mesh as long as the shape, or texture is partially removed, but the loss is much less.
We also have to protect network packets, because once unpacked the content is clear text
If the tool is efficient enough, the packet may be disassembled and intercepted much faster.
You may be able to capture the password just by analyzing the structure
So regarding “just because we don’t talk about a thing or because we miss a release date doesn’t mean something is dead smh”, is this also true of Player Persistence? I haven’t heard or seen mention of it in awhile.
Not looking for a whole post about it, but just knowing whether it’s still in the pipeline somewhere would be appreciated.
Please do it the way you described earlier. It will open up a LOT of possibilities for world creators. I’ve been dreaming about this for years!