RedZone – security, scam, or scraping?

A while back I wrote about so-called Client Detection Systems and their potentially odious nature, as well as the potential for such tools to lead to a raising of “hostilities” within the Second Life Community.

Just why such “tools” are actually pointless in the “war” on Copybotters has been excellently reviewed by Janck Antonelli – and I strongly urge anyone considering any such system to go read her commentary before parting with their cash. It could mean more than saving pennies. That Copybotters can circumvent CDS tools so easily tend to point to such tools being both a placebo for store owners, lulling them into a false sense of security whilst also being fairly regarded as a scam: money is changing hands on the basis of an easily circumvented promise.

One of these CDS system in particular has become the subject of intense debate on the official forums – as just one thread on the subject shows. Redzone not only has the word FAIL stamped across it in terms of Copybotting “protection” for the self-same reasons Janck raises – it is actually an exceptionally odious tool because it steps well beyond the realm of attempting to “stop” Copybotters and move well into the realms of possible stalking  /griefing.

Why do I say this? Well, for a number of reasons. The one that is causing the most concern is the fact that RedZone attempts to connect avatar information with IP addresses. The creator justifies this as a mean to help “identify” “copybotters”. However, both the gather of IP address and the creator’s justification are unpleasant on a number of levels:

  • It makes the highly inaccurate assumption that because two avatars have the same IP, they must be alts of one another – failing to take into consideration factors such as dynamic IP addresses (such that the IP address your ISP assigns you today could be assigned to Joe Schmoe’s – someone you have never met or associated with anywhere – tomorrow)
  • It fails to take into consideration that some buildings (colleges, offices, apartment buildings, Internet cafes) may have an homogenized IP address – thus everyone logging in from such locations will all appear to be “alts” of one another
  • Thus, through these assumptions, it promotes guilt through association: if A is on IP address Y, and flags as a “copybotter”, then if B shows up with the same IP – then even if B is not an alt, they are still a Copybotter, and thus should be banned.

Worse, by scraping this level of information and making it available, RedZone is presenting the unscrupulous the ability to grief and / or stalk – and potentially bring the stalking into the real world. The risk here is that while the majority of us are protected to a degree by dynamic IP addressing, such addresses are not totally random;  they have a degree of regional relevancy. This is particularly true for people using local (“homegrown”) ISPs to connect to the web, as is often the case in large countries like the United States, where and ISP may reach no further than the county or city in which it is based.  Thus, those who access this information, if they are so-minded, could use it to focus down on another individual’s area of residence or work. True, no actual RL information is captured per se, but t6hat is no reason to completely dismiss the concerns surrounding RedZone’s ability to collate avatar / IP information and make it available to whoever is willing to pay $17 USD for it.

While RL stalking may appear to be a worst case scenario, the matter of in-world stalking /griefing is not: it’s a very immediate risk. Redzone apparently has some 8 million records (according to RedZone’s rcreator) of avatar movements across the grid stored within it, logged by, among other things, avatar name and location scanned. In other words, sufficient information for someone to monitor and even track the movements of any number of residents were they so minded.

Things wouldn’t be so bad if the creators of the tool limited themselves to recording only the information relating to “positive” scans by their tool – i.e. Viewers that indicate they are potentially malicious, and that data relating to negative scans is discarded without ever being stored. But this isn’t the case. RedZone retains information on every single avatar scanned. This is gross overkill, and no reasoning on Earth can justify it as being purely in the interests of stopping Copybotters.

Assuming, of course, we can take the creator at his word, and this isn’t all hype. While one can accept 8 million records of user movements (after all, these will be individual avatars logged time and again over possibly dozens of sim over a period of some 18 months), other statistics published by the tool’s creator are somewhat more questionable. Take for example, the fact that out of those 8 million scans, the tool has only ever recorded 2,000 hits on Viewers classified as “Copybotters” – but that as a result, over 63,000 avatars have been recorded on the RedZone banlist; put these together, and it would appear that each of the 2,000 “positive” scans is running 31.5 avatars! This is suggestive of one of three things:

  • Guilt by association is the mainstay of this tool, rather than any “accurate” identification of Copybotters, or
  • The figures confirm avatar / IP matching is a complete FAIL, leading to thousands of inaccurate bans, thus damaging the businesses the tool is supposedly protecting by denying them customers, or
  • The figures are wildly exaggerated, enhancing the potential that the tool is little more than a scam with some unpleasant “benefits” for the less-than-scrupulous.

Beyond all this, is the unshakable feeling that this tool is about stalking and griefing: the creator, in advertising it, makes it clear that it can be used to “identify” alts, and lto list functions that griefers would find very welcome: the ability to attack (cage, etc.), users outside of the area “protected” by the tool; the boast that the tool can eject users and crash their Viewer in the process, etc.

It’s also hard to dismiss the tool as an enabler of stalking / griefing when “pro RedZone” users post to the forums boast they can use the tool as an attachment and “come after” those speaking out against it (to say nothing of the ability – if true – for them to set out “sim hopping” and gathering data on avatars which can then be perused in the hope of “outing” alts and creating further grief).

Theia Magic provides advice on how to help reduce the risk of RedZone grabbing your own information and provides a list of stores / sims running RedZone, should you wish to avoid them. In her notes, she references the GreenZone HUD; note that this will not actually prevent you from being scanned by RedZone, but it nevertheless useful in two ways:

  • It warns you if a location you have teleported is running RedZone. While have, in turn, already been scanned by RedZone, this nevetheless helps you to note and avoid such locations in future (and remember, if you have media streaming disabled when scanned, RedZone will not capture your information)
  • It helps to confirm the location you are in is “RedZone free”, thus allowing you to enable, say, music streaming – particularly useful if you are visiting a club and wich to hear the music (just remember to disable media once more before teleporting elsewhere!).

Thus, while limited in scope, GreenZone is a useful freebie to have.

Blocking communications with the RedZone website is more effective – but relies on the RedZone creators using the same domain for their information-gathering, or ensuring you are updated should the domain change. However, there are concise instructions for doing this on both Windows machines and Macs and for Linux machines.

There are JIRAs open on the matter – not specific to RedZone itself, but aimed at stopping the kind of behaviour used by such tools – and these are certainly worth voting on (before voting on JIRAs goes away) or – God help us – watching).

In raising concerns about such tools via the JIRAs, we should possibly focus on the in-world impact of such tools, rather than linking back to IP logging etc. While the latter is a worry, it is not one that particularly concerns Linden Lab, as evidenced be statements from the likes of Samuel Linden (Feb 2010) who, when responding to concerns about IP logging and Viewer 2.x, said: We do not consider IP gathering to be  an actionable security exploit. This has been possible for quite some  time with 1.23 and earlier viewers. Obviously, there is a world of difference between clicking on a shared media prim that links to an external website  – which amounts to “volunteering” your IP address, etc., – and someone deploying a tool thank actively harvests such information without your knowledge and making it available to others are vastly different concepts. Sadly, I tend to think it’s going to be hard to get Linden Lab to acknowledge them as such.

Hence why emphasis on the in-world problems / risks / threats presented by such tools would potentially be preferable – particularly where issues can be directly linked back to ToS / CS violations. They would in theory be a lot harder for LL to justify ignoring.

For myself, I’ve actually battled over posting on this subject for the last several days. To be sure, I don’t like RedZone, but I’m aware that these matters can become so highly charged they can spiral out of control into a flame fest. However, having witnessed the attitude of those attempting to defend RedZone, I’ve been moved to publish and be damned; there is simply no genuine justification for a tool as extreme as this being in-world – and I’m certainly less than sanguine about ending up on its malodorous database.

It is because of this latter risk – winding up on someone’s dirty little database – that I’ve largely disabled media screaming on my Viewers ever since Gemini CDS reared its own ugly head (although for a time I *did* keep media enabled while on my home sim – possibly unwisely given the Onyx bot farrago that accompanied Gemini). Given the RedZone situation, I now also use GreenZone and I restrict myself to the in-world browser and keeping cookie acceptance turned off in the Viewer. I appreciate that these precautions are by no means foolproof, but they do help limit my exposure to RedZone and (with the exclusion of GreenZone) to other similar tools that might be floating around out there. And Like Theia and others, I will be dropping any store that I have frequented in the past which sprouts a RedZone device with a note politely noting why they have lost my custom.

And I’d urge you to do the same – protect as far as you can, and write.

I’d also like to address any potential user of RedZone on the matter of the tool they are using: if RedZone’s creators are collating information on SL users based on a scripted device you are deploying on your land – how much more information might they be gathering on you each and every time you log into their website?

Further Information

Website investigating RedZone (Forceme Silverspar)

Theia’s notes on disabling media

Instructions for blocking the RedZone website communication with your computer*:

* Will only work for the current RedZone domain. Keep an eye on Forceme’s website for any possible moves made by the RedZone creator.

GreenZone HUD on SL Marketplace (free).

Location for testing your IP is hidden from tools using the media exploit (Surl).

Store Lists:

JIRAs on the subject of privacy:

SLU discussion on the subject (warning: lengthy, but worth-while reading)

Note: post revised after the initial publication, due to the fact that in a blonde moment, I hit PUBLISH rather than SAVE DRAFT.

ADDENDUM – Feb 15th.

Concerns have been raised that GreenZone may itself be compiling a database of its own (see comments below). While initially cynical of this – the conclusion seemed drawn on the misunderstanding of an IM exchange posted on SLU in which the term “list” is used; I have nevertheless contacted GreenZone’s creator, Fart Admiral to request clarification.

Fart has confirmed that, indeed, a static list is maintained of all locations running RedZone. Essentially, the GreenZone HUD scans for RZ objects and if it identifies one, the location of the object is recorded, together with the Ownerkey and sent out to the GreenZone server. Separately to this, the GreenZone HUD triggers an alarm.

Fart assures me that absolutely no information relating to the GreenZone user is transmitted or stored.

Obviously, even what is transmitted may be objectionable, and could be construed as putting GreenZone into the same basket as RedZone. That is not my call to make publicly, but rather for anyone reading this article and considering GreenZone to weigh for themselves before making their decision.

Advertisements

16 thoughts on “RedZone – security, scam, or scraping?

  1. Ciaran Laval

    The Jira displayed a very disturbing issue on whom watches the watchers, something extremely ugly happened that quite frankly never should have happened. LL need to sort that out first and then ban this TOS violating device.

    Like

    Reply
    1. Inara Pey Post author

      I’m frankly not surprised. The level of outright threats levied against those discussing this tool on the forums is disturbing in itself: “I could wear RedZone, come to you sim and do X, Y ,Z … but of course I wouldn’t, wink, wink” is not acceptable behaviour. Nor, I would hope, is printing avatar names and linking them as “alts” of one another, as has also been done.

      As to the tool being in violation of the ToS; that’s actually questionable, unfortunately. LL have stated they don’t see IP harvesting as an issue. The data being gathered also isn’t being published on their website – which *would* be in violation of the ToS. Sadly, this is where things went awry back in the dark days of Gemini CDS and Oynx. That said, ToS violations or not, this tool and its advocates have proven unsavoury enough in their use of the information being culled to warrant a ruling from LL that does see such tools made subject to removal and the banning of those creating them.

      Like

      Reply
      1. Sam Ermintrood

        This tool is against TOS . 8.3 (i) and (iv)
        Also it is not just about harvesting IP addresses but what they do with the information they receive. in this case cross referencing (profiling).

        Like

        Reply
        1. Inara Pey Post author

          Actually, I never said it was “just” about IP addresses, and specifically focused on the way this tool can be used for direct profiling / cross referencing of avatars, hence: Redzone apparently has some 8 million records (according to RedZone’s rcreator) of avatar movements across the grid stored within it, logged by, among other things, avatar name and location scanned. In other words, sufficient information for someone to monitor and even track the movements of any number of residents were they so minded.

          To me, such cross-referencing is potentially the greater concern, as it requires much less effort on the part of those so-minded to correlate the information into something they can use (which again is not to belittle the IP address angle).

          As to the ToS; I agree, section 8.3 should apply; however, Linden Lab apparently – and have for well over 12 months – determined this not to be the case, either for RedZone and the likes of Gemini CDS (which was the subject of similar coverage and concerns back in 09/10). Hence, there is a question mark here, whether we like it or not – and let me be clear, I *don’t*. LL are frequently far to ambiguous in the way they opt to interpret their own ToS. Hence again why I state outright in the main article, …emphasis on the in-world problems / risks / threats presented by such tools would potentially be preferable – particularly where issues can be directly linked back to ToS / CS violations. They would in theory be a lot harder for LL to justify ignoring.

          Put simply, we need to keep putting the dichotomy evident here right in front of Linden Lab until they do take the appropriate action; not just with RedZone, but any other tool of its ilk.

          Rest assured, I’m on the same page as you in this matter.

          Like

          Reply
  2. Boy Lane

    Oh…..you’re on it too 🙂

    Simplest solution so far to get rid of Redzone

    In Windows add the following 2 lines to your hosts file:
    127.0.0.1 isellsl.ath.cx
    127.0.0.1 isellsl.com

    In Linux
    Add the same in IP form to /etc/hosts.deny:
    ALL: 76.104.212.177
    ALL: 184.82.109.195

    Done.

    *Hugs*
    Boy

    Like

    Reply
    1. Inara Pey Post author

      Boy,

      Yup. I’ve been following for a while now. Thanks for the fix, I’ve actually linked directly to Silverspar’s instructions (Mac and PC) and the Linux instructions from the body of the post. What I’ll do is re-iterate them under FURTHER INFORMATION to make it clearer.

      Like

      Reply
  3. Boy Lane

    Hmmm….may not be entirely correct what I wrote for Linux. If the connect to isellsl.xyz is only outgoing and not triggered by an incoming connection in the first place or some two-way exchange of data, this will fail.

    But Linux also has a hosts file that should work the same way as in Windows. Can’t try that in the moment. So the solution with the outgoing firewall may be the safer way, although pretty much overkill if one doesn’t have one installed already.

    Like

    Reply
    1. Inara Pey Post author

      Hmmm… I’m going to play Devil’s Advocate here for the time being, as people are jumping to conclusions all over the place. I’ll contact the creator of GreenZone and see what clarifications can be obtained, and print an Addendum to my article based on the response I get.

      Like

      Reply
  4. Resident

    If LL allowed IP bans and sim owners to ban non official viewers, they wouldn’t have huge stores like Redgrave, gizza and Nicky Ree to name just a few trying to protect their work.

    Fact is redzone does block bad viewers and the alts of those users and that’s what creators need right now…

    Like

    Reply
    1. Inara Pey Post author

      RedZone has *some very limited success*. Period.

      I have nothing against tools that legitimately assist store owners in the fight against content ripping – and yes, in many respects, better tools and support is needed from Linden Lab.

      However, RedZone goes far beyond what is required for protection and strays directly into the realms of data harvesting, enabling stalking, and providing the potential to grief through the tools it provides.

      There is no justification for the creators of RedZone to maintain a database (by their own admission) of some 8 million records on avatars that have been shown *by their own tool* to be entirely free from anything to do with content ripping.

      There is no justification for the creators to make this information available to all and sundry who pay $17 to access this information and use it to their own ends.

      There is no justification for the creators of this tool to turn it in a HUD that expressly permits users to travel the grid and attempt to data harvest other avatars in grids visited.

      There is no justification for the creators of this tool to provide the means to attack / cage / eject avatars even when said avatars are “outside the zone of protection” provided by the tool.

      There is no justification for the creators of this tool to provide a means of avatar ejection that (as they boast) will generally crash the attacked individual’s viewer.

      In the age of dynamic IP addresses there is no justification for either the creators or users of this tool to promote the concept of guilt by association. THAT is akin to me saying that because *you* live in the same apartment building as, say, someone convicted of drink-driving *you* must therefore be guilty of the same crime & should thus be banned from the road.

      RedZone is at best a placebo – and that is being generous. At its core it is a tool that promotes and assists malicious behaviour.

      Like

      Reply
    2. Anonymous

      Sigh.

      Evidently you have no clue what you are talking about, Resident. Leave it to those of us with an understanding of how such things work, or rather, fail to work. There’s a wealth of information out there about why IP banning is useless and how to change viewer ID. Go educate yourself.

      Like

      Reply
  5. ABigFatDuck

    These systems need to be banned from Second Life along with their creators if they refuse to remove the names from their database unless people sign up, or Opt-in with an option to Opt-Out.

    Also know that the creator of CDS was an Emerald Developer

    [remaining section of post removed by Inara Pey]

    Thankies.

    Like

    Reply
    1. Inara Pey Post author

      Hi,

      Yes, I’m aware of Gemini CDS – indeed I blogged on the subject when it first turned up with the equally odious “Viewer crash” freebie that the creator of Gemini CDS gave away.

      I have removed the reset of your post because, while I have every sympathy for what happened to your friend, I do not wish this blog to become the potential site of comment wars between individuals, as has become the case elsewhere. I hope you understand.

      Suffice it to say that RedZone, Gemini CDS and their kind *should not* be a part of Second Life – there is simply no justification for them in-world. They largely fail to protect from Content ripping, they exploit fear and they undertake unwarranted data harvesting.

      Like

      Reply

Have any thoughts?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s