Playground Security Q&A
@BennyKok
2022-08-27

Privacy and security are at the top of our mind at Playground.

We do our best to provide a secure collab tool for you and your friends. Check out the following Q&A and see if they can ease your concern!

Common Questions

  1. Will you (Playground team) or others be able to get my Live2D model?
  2. Will my friend (inside the room) be able to get my Live2D model?
  3. How will Playground handle the model with Twitter sign-in?
  4. How can people access my room?

1. Will you (Playground team) or others be able to get my Live2D model?

Playground does model encryption with AES-GCM 256-bit protocol before sending it to your friends in the room. To prevent any third parties from reading your model data, the decryption key is generated locally and only shared with people in the room via end-to-end encryption with ECDH (Elliptic-curve Diffie–Hellman) Protocol. The encrypted model file is only stored temporarily on the server, it will be removed right after the person left a room. With these measures, anyone without your permission and invitation, will not be able to view and see your model.

A graphical representation of how playground handle user model with anonymous user.
A graphical representation of how playground handle user model with anonymous user.

2. Will my friend (inside the room) be able to get my Live2D model?

When you invite your friends to your room, your model decrypt key will be shared via end-to-end encryption, and their instance of Playground will be allowed to load and decrypt your model for display. However, the model won't be accessible from the user interface, even opening the developer tools panel, the model files isn't accessible.

3. How will Playground handle the model with Twitter sign-in?

Over time, we observed a lot of users having slow upload speed with their models, therefore we introduced the model cache feature with Twitter sign-in for authentication. In this case, the encryption flow remains unchanged, only the encrypted model is cached on our server to allow users to quickly join a room without the need of uploading their model again. The model encryption key is tied to the user account privately, allowing signed-in users to switch from OBS to Chrome seamlessly.

After all, users have complete control over the model cache, and it can be removed at any time from Playground.

Clear all model cache (server + local) immediately
Clear all model cache (server + local) immediately

4. How can people access my room?

You can invite any person to your room by sharing the room link, therefore the room link must be shared with caution, you can add extra security by adding a password to the room to control who has access.

Setting up room password
Setting up room password

Playground now has introduced a room access token that by default generated upon room creation. The access token is appended to the end of the room link, preventing any uninvited persons or people trying to join in random room sessions.

Room access token generated randomly for each room
Room access token generated randomly for each room