Month: February 2011

LL to make “concerted effort” on content protection

Posted on by Inara Pey

Stroker Serpentine and those involved in the class action against Linden Lab over content protection have reached an out-of-court settlement with the makers of Second Life.

During a recording of Metaverse TV’s Grumpy Old Avatars, Stroker stated:

“We settled the lawsuit with Linden Lab. We settled amicably, and reasonably, and we’re anticipating a concerted effort on Linden’s behalf going forward towards content protection and the rights of content creators and at least being aware of the fact that there is a lot of content theft going on out there.”

Precisely what this means for SL as a whole is unclear. That settlement has been reached would indicate that both sides realised they had slim chances for an outright “win”. That action of some description is now anticipated on the part of Linden Lab is clear. Quite what that action will be remains to be seen.  One wonders if the shelved Content Management Roadmap may get a dusting-down; if it does, then it needs to be given a long, hard look. The first cut wasn’t that impressive.

The legal department at Battery Street seems to have its hands full right now…

RedZone and security: separating fact from fiction

Posted on by Inara Pey

The mills continue to churn on the matter of RedZone and its ilk. As such, I thought I’d pause for breath and try to sort some of the wheat from the chaff for those still confused. I’m deliberately avoiding any attempt to delve deeply into the more questionable aspects of RedZone and its data-gathering, and focus on the raw facts in the hope of illuminating the bare bones of why RedZone has little or no legitimate use in matters of security.

Myth 1: RedZone prevents copybotting

No, it doesn’t. It doesn’t even deter copybotting. RedZone attempts to identify known malicious viewers – which sounds good until you consider the following:

  • Anyone seriously engaged in content ripping (aka copybotting) knows how to hide the identity of the Viewer they are using so that it appears to be perfectly legitimate – thus RedZone cannot identify it. They can therefore create an alt, enter a sim, be scanned a “legal” and still copy items on display
  • Copybotting existed long before the Viewer was open sourced. As such, while the Viewer is the most convenient way to rip content, it is not the only means. The code for content ripping is still available to those that want to use it. There are also software applications that can be used for certain types of content theft. RedZone cannot even detect such activities – much less stop them- RedZone cannot even detect, much less stop them
  • RedZone works on the assumption that the Copybotter will actively engage in theft within the shop. Some may – and will likely avoid detection, as noted above. However, the simplest way to copy something is to legitimately buy it and then rez and copy it away from the store, rendering RedZone pointless.

So, don’t be fooled. In terms of “stopping copybotting” RedZone will be about as effective as using a wet paper bag to stop a bullet. At L$3999 a pop, that’s an awfully expensive wet paper bag…

Myth 2: RedZone prevents griefing by alts

RedZone is no better than any non-invasive (and cheaper) security tools for stopping griefing. In many respects, it is actually worse.

Much is made of RedZone’s ability to “identify alts” and so “stop griefers returning”. While this makes good reading, let’s look at the facts.

RedZone uses a method of obtaining avatar data and IP addresses (through a media stream exploit) and then compares results, the “theory” being that if two avatars have the same IP address, they “must” be alts of one another. BUT…the system ignores the fact that the vast majority of IP addresses currently in use are dynamic and can be changed frequently.

For example, I can turn my router off for 3 or more minutes, and when I power it back on again, I have a “new” IP address assigned to me by my ISP – an IP address that was previously been used by someone else possibly in the same general geographical location as me, but certainly using the same ISP.  This means that potentially:

  • *If* I were a griefer, I could avoid detection on a sim using RedZone simply by forcing my ISP to assign me a new IP address and then creating a throw-away alt.  There is a better than even chance that RedZone would not detect me, leaving me free to go about my dirty business
  • As someone who does not engage in griefing, I could be innocently accused and convicted of the crime, simply be because my ISP has assigned me a dynamic IP address that was previously associated with a “griefer”

RedZone further fails to acknowledge the existence of “block” IP addressing – such as might be used within an office building, or in an apartment block or by an Internet cafe, and so on. This means that if *one* person is identified as a “griefer” on that IP address – then all users of that IP address “must” be alts of the “griefer” – and are therefore banned.

And if that weren’t enough – RedZone does not distinguish between accounts on the same IP address. Thus, if one person in a household decides to do something silly, then can end up being banned as a “griefer”  – along with the rest of their household.

Proponents of RedZone will say this is acceptable – in other words, condone “guilt by association” – for the “greater good”. Yet all they are actually doing is potentially banning customers from their shops and patrons from their venues. Again, the genuine / serial griefer can circumvent RedZone as easily as the serial copybotter.

Myth 3: RedZone provides better land security features than other systems

No, it doesn’t. For general land security – keeping out unwanted visitors, preventing “casual” acts of “griefing”, removing troublemakers, etc., RedZone offers no more than can be found – free of charge – in the land tools available at parcel level, or at estate level if you own a sim. Using the land tools you can ensure:

  • Residents with no payment info logged with LL (directly or via PayPal) cannot access their land
  • Residents who are not Adult Verified cannot access their land
  • Residents who are not Adult Verified and have no payment information registered cannot access their land
  • Only members of your own Group can access the land.

These options alone should deal with over 99% of potential issues around security. And even if there is the occasional issue with a troublemaker, all parcels have a simple-to-use Ban List.

Similarly, griefing objects can be taken care of  simply by:

  • Restricting object creation / rezzing to Group members only
  • Restricting object entry to Group members only
  • (Worst case) restricting script running to Group members only.

These three steps alone eliminate the means by which the majority of griefers operate.

Sim owners can similarly restrict access to their sims – and in the case of residential sims, restrict access to multiple Groups if they wish, to save having everyone living on the sim a member of “their” Group.

If, for whatever reason, estate / land tools don’t work for you, then there are a number of items out there specifically developed for land security, none of which require your visitors / friends to be surreptitiously scanned. I’ll name two here, because I’ve used them for the last 4+ years at both parcel and sim level with great success:

  • Psyke Phaeton’s outstanding PDS Home Security orb – offers both parcel and sim-level solutions
  • Thomas Conover’s Land BodyGuard HUD, which provides sim-wide protection plus remote access to functions (you don’t have to be on your sim to ban someone, similarly, you can ban someone who is not physically present on the sim at the time of banning (because, say, they’ve created mischief and run away). It can be fully integrated with the SIM Radar system, if required – and both for half the price of RedZone. Find both in-world here.

These are just two systems. There are many more. All are cheaper that RedZone, and all carry out their functions without the need to covertly scan your visitors, as stated, nor do they lead to additional angst and drama over people being incorrectly accused of being alts of one another or having information about them stored on a third-party database outside of SL (which would most likely cause them considerable upset were they to be told this is in fact the case).

The facts that do count with RedZone

  • It cannot prevent copybotting. The most it can give an a false sense of security
  • It may deter the odd griefer, but not those who make griefing a habit
  • It offers an expensive solution to the problem of land security costing far more than dedicated land security tools that offer the same functionality
  • As a basic “security tool” RedZone is invasive of people’s privacy that sends avatar information to an insecure 3rd party database. As such, and given its use is detectable, all it is liable to do is encourage people to stay away from those stores / venues where it is used.

As I said, I’m not using this post to delve into the deeper and more distasteful elements of RedZone or the unethical behaviour of its creator following recent revisions to the Second Life Community Standards. These are all public knowledge. Rather, I’m hoping this post will simply give pause to those who have RedZone, or who are considering it, so they can ask themselves if it is really worth L$3999 when something costing L$750 will do the job without embroiling them in the wider aspects of the RedZone situation.

Linden Lab remove 1.2x and Snowglobe from Downloads

Posted on by Inara Pey

It went unannounced and pretty much unnoticed – except possibly by Boy Lane.

The end of the official Viewer 1.x moved a step closer mid-February, when both it and Snowglobe were removed from the official Viewer download page.

LL have apparently informed TPV developers that the date they officially stop supporting Viewer 1.x hasn’t been agreed as yet, but this move suggests it is drawing closer.

Data scraping: update

Posted on by Inara Pey

The media patch mentioned for Phoenix has, as reported earlier, now arrived in Henri Beauchamp’s Cool VL Viewer, in a somewhat modified form.

And already it is proving its worth for those concerned with attempts by others to scrape and gather IP addresses for the purposes of match – or simply gathering avatar information in general for the purposes of profiling & possible stalking.

  • Theia Magic, had a run-in a while ago with a club owner who was either somewhat economical with the truth during their exchange – or was playing a game of “place the RedZone, removed the RedZone, place the RedZone again when no-one is looking”. As it seems that, despite his loud denials as to running RedZone, he does in fact have it deployed and hidden. Given he’s been trolling the “old” official forums loudly denying he has or would use RedZone, getting caught out has obviously left him with the produce of several chickens on his face – or at least, that’s how I look upon the “colourful metaphors” he employs in his exchange with Theia.
  • The Hair Fair that has been running of late and has been widely advertised also appears to be running RedZone. Whether it is the organisers or an individual store is unclear; however, the patch flagged aggressive media stream pushing that resolved to the RedZone server as soon as a number of people using Henri’s Viewer arrived. The interesting thing here is that Greenzone failed to give any alerts.
  • Theia has now started a list of in-world locations that are attempting to deliberately mask their use of RedZone (see link above). So much for the RedZone Challenge initiated by Ciaran Laval in an attempt to gain transparency.

Quickware (another spying tool) has been linked to the IP Address 193.93.174.118.

Elsewhere, and connected with the use of the new patch, A “new” mystery domain has now been revealed as popping up frequently around the grid, again aggressively pushing a media URL onto people arrival at stores and venues. URL resolves to a domain called m.sparkgap.info (IP 69.163.222.23). It is unclear as to precisely what this is doing: speculation points to it possibly being related to CDS, but this is far from confirmed.

Caution certainly dictates both of these IPs are added to your firewall for blocking purposes – and in the case of m.sparkgap.info, added to your host file if you are technically-minded. Prior to the release of the media patch, there was speculation that it would probably uncover a lot more in the way of mysterious use (as opposed to outright misuse) people build around media streaming. m.sparkgap.info may yet be the tip of the iceberg.

Finally, Itazura Radio has some fun at the RedZoners’ expense while making some very valid points (sorry I cannot embed; EMI apparently get ticked off with me if I try).

And Cummere Mayo provides some excellent advice for those wishing to lose friends and alienate people.

A new working week commences tomorrow; one in which the new Community Platform is unveiled. This could well be a testing time for the Lab in terms of measuring up their actions against the words of their new CEO.

Further Information:

  • The humongous SLU thread on the subject (now with summaries!) – it is a monster, but an enlightening and addictive read
  • Henri Beauchamp’s Cool VL Viewer with media patch
  • Theia Magic’s blog with RedZone listings
  • no2Redzone – the latest information, information on blocking the RedZone site, etc.
  • My original post, with further links (and some repeats)
  • JIRAs on the subject of privacy – all worthy of your vote and watch):
    • SVC6751 -Make parcel_media_agent_command and similar request user permission
    • SVC 6793 – Establishing an opt-out system to prevent tracking
    • VWR24746 – RedZone security violates ToS, exposes private information & is being misused
    • VWR-24807 – Add abilityto filter cookies into the browser (Viewer 2.x)

Privacy: words and deeds

Posted on by Inara Pey

When talking to Dusan Writer recently, Rod Humble made a very interesting statement:

Privacy is extremely important for anyone putting themselves out there, expressing themselves, or expressing a side of themselves through an avatar. People don’t want other people to connect the dots from their avatar to their real life person – or even, for that matter, to an alt. One of the ethical obligations we have is to protect people’s privacy

“People come to Second Life because they want a story, they want to be in a story….and we have an ethical obligation to protect that.

I’m not so sure that the conventional wisdom makes any sense. Yes, it might be technically easy to track people and all that. But in the long-term I’m optimistic that we’ll see the pendulum swing back in the other direction towards more privacy.

And granted, while it can be read at least two ways, LL Board member and investor Mitch Kapor appeared to see the light on matters of privacy when he tweeted:

“The more I learn, the more I see how the whole biz side of social networking is built on surreptitiously stealing personal data”

As regular readers here are only too aware, there has been much of a to-do about RedZone and its data-harvesting & drama/griefing capabilities (I simply cannot refer to it as an “anti-Copybotting tool” due to it being an abject failure in this regard). As has been seen, Linden Lab have made a move to partially close the door on things, although they’ve not – as yet, at least in this affair – gone far enough (and at this point it is only speculation as to whether they’ll go further in this particular matter).

However, the issue of user data – beyond what we volunteer to reveal in our Profiles  – being harvested is still an issue whether or not a single tool and HUD are on the market or not. Viewer patches will help, a clear-cut policy is needed – and users themselves need to be empowered to be able to make a clear-cut choice in matters of privacy.

Ann O’Toole has hit upon one way in which the latter can be achieved, and has raised a JIRA on the matter.

This is an elegant solution because it provides every single user in SL with a choice as to what happens “under the covers” with any data which is linked to them outside of Profile information. As such, it dovetails perfectly with Rod Humble’s stated views on privacy within and beyond Second Life – indeed it encourages the swing of the pendulum to which he alludes –  and curtails the act of surreptitiously stealing personal data which appears to have Mitch Kapor somewhat concerned about in his Tweet.

So – I urge you all very strongly to go visit SVC-6793 and add your weight to those voting / watching the issue – it really is in your best interests to do so.

Hamlet’s credibility takes a plunge

Posted on by Inara Pey

I’m going to have to start a RedZone category at this rate!

Hamlet Au over at New World Notes wades into the mess of the RedZone furore and – well, rather makes a mess of things.

Trying to play down the situation, Hamlet engages in the very worst kind of journalism imaginable, including:

  • Playing down the number of votes on the JIRA: “The JIRA thread has less than 1500 “votes” from Residents who consider the request valid and important…”
  • Quoting Samuel Linden from a “related” JIRA: “We do not consider IP gathering to be an actionable security exploit”
  • Overlooking the broader (and primary) issues around this tool – that of the potential for avatar / alt profiling, stalking, etc., while falling back on the hoary old “your IP Address is public” excuse: “Oh yeah, before you weigh in with your comments about Redzone’s IP address tracking software, keep in mind that if you post here, this Typepad blogging software lets me, well, track your IP address.”
  • Attempts to make light of the whole situation as being meaningless with a quip about a Second Life band, “And while we’re at it, how much of a concern is this for Redzone, the popular Second Life industrial band of the same name but no apparent relation to the program?”

Quite what prompts this display of “journalistic” arrogance is beyond me.

In referencing the JIRA and dismissing it as having “only” 1500 votes, Hamlet deliberately overlooks the fact that for much of the past month the SL General Discussion forum has been awash with complaints and concerns around RedZone and its potential for abuse, thus demonstrating that there is far wider concern than those who use and understand the JIRA.

Furthermore, it may “only” be 1500 votes – but that still puts it right up there among the top-ranking JIRA, and this does account for something, even with LL abandoning voting themselves – or is Hamlet stating user thoughts on any matters within SL aren’t worth a thing?

Then there is the quote from Samuel Linden. While it is genuine, the JIRA itself is over twelve months old and as such, Hamlet’s use of Samuel’s comment is really playing a game of misdirection here; particularly when any such comment has been overtaken by the changes made to Section 4 of the Community Standards – changes that Hamlet, as a journalist prepared to actually investigate the matter he is opining on should be fully aware of.

But just in case it has somehow slipped his attention, let me provide a handy quote aide-mémoire for him:

“4. Disclosure

“Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about your fellow Residents without their consent — including gender, religion, age, marital status, race, sexual preference, alternate account names, and real-world location beyond what is provided by them in their Resident profileis not allowed. Remotely monitoring conversations in Second Life, posting conversation logs, or sharing conversation logs without the participants’ consent are all prohibited.”

IF this were just a matter of IP Address gathering, there wouldn’t be a problem; again, those objecting to RedZone have made this abundantly clear. But RedZone does far more than this, as well all know. It seeks to match avatar account information with IP Addresses in an attempt to link alts.

In other words, in case you still don’t get it Hamlet, RedZone harvests alternative account names and attempts to correlate them to real-world location via the IP Address – and this is most expressly not allowed.

Of course, Hamlet isn’t going to see an issue with RedZone because he’s too caught up in the world of Facebook, where Mark Zuckerberg and his idiotic notion that “the age of privacy is over” rule. Indeed, he is utterly dismissive of the idea that any of us have a right to privacy, “Right now, I’m inclined to think it’s a deep concern mainly to a vociferous minority who are vigilantly protective over their privacy. And, of course, Copybot and alt account users.” Nice.

And by the way, Hamlet, I saw exactly what you did there – linking those who wish to maintain a degree of privacy around their SL activities directly with the nefarious acts of “Copybot users”. Nice to see NWN stoop into the worst kind of tabloid trickery.

However, I’ll leave it to Ordinal Malaprop to make the most astute and accurate summation as to the value and accuracy of Hamlet’s piece:

“I really don’t think that anybody who can’t tell the difference between the implications of a website being able to record self-identified (i.e. basically an/pseudonymous) IPs if people choose to submit comments, and those of a system that collects IPs without awareness let alone consent which are automatically tied to a unique identifier, should be writing articles like this.”

Indeed.