RedZone – security, scam, or scraping?

A while back I wrote about so-called Client Detection Systems and their potentially odious nature, as well as the potential for such tools to lead to a raising of “hostilities” within the Second Life Community.

Just why such “tools” are actually pointless in the “war” on Copybotters has been excellently reviewed by Janck Antonelli – and I strongly urge anyone considering any such system to go read her commentary before parting with their cash. It could mean more than saving pennies. That Copybotters can circumvent CDS tools so easily tend to point to such tools being both a placebo for store owners, lulling them into a false sense of security whilst also being fairly regarded as a scam: money is changing hands on the basis of an easily circumvented promise.

One of these CDS system in particular has become the subject of intense debate on the official forums – as just one thread on the subject shows. Redzone not only has the word FAIL stamped across it in terms of Copybotting “protection” for the self-same reasons Janck raises – it is actually an exceptionally odious tool because it steps well beyond the realm of attempting to “stop” Copybotters and move well into the realms of possible stalking  /griefing.

Why do I say this? Well, for a number of reasons. The one that is causing the most concern is the fact that RedZone attempts to connect avatar information with IP addresses. The creator justifies this as a mean to help “identify” “copybotters”. However, both the gather of IP address and the creator’s justification are unpleasant on a number of levels:

• It makes the highly inaccurate assumption that because two avatars have the same IP, they must be alts of one another – failing to take into consideration factors such as dynamic IP addresses (such that the IP address your ISP assigns you today could be assigned to Joe Schmoe’s – someone you have never met or associated with anywhere – tomorrow)
• It fails to take into consideration that some buildings (colleges, offices, apartment buildings, Internet cafes) may have an homogenized IP address – thus everyone logging in from such locations will all appear to be “alts” of one another
• Thus, through these assumptions, it promotes guilt through association: if A is on IP address Y, and flags as a “copybotter”, then if B shows up with the same IP – then even if B is not an alt, they are still a Copybotter, and thus should be banned.

Worse, by scraping this level of information and making it available, RedZone is presenting the unscrupulous the ability to grief and / or stalk – and potentially bring the stalking into the real world. The risk here is that while the majority of us are protected to a degree by dynamic IP addressing, such addresses are not totally random;  they have a degree of regional relevancy. This is particularly true for people using local (“homegrown”) ISPs to connect to the web, as is often the case in large countries like the United States, where and ISP may reach no further than the county or city in which it is based.  Thus, those who access this information, if they are so-minded, could use it to focus down on another individual’s area of residence or work. True, no actual RL information is captured per se, but t6hat is no reason to completely dismiss the concerns surrounding RedZone’s ability to collate avatar / IP information and make it available to whoever is willing to pay $17 USD for it.

While RL stalking may appear to be a worst case scenario, the matter of in-world stalking /griefing is not: it’s a very immediate risk. Redzone apparently has some 8 million records (according to RedZone’s rcreator) of avatar movements across the grid stored within it, logged by, among other things, avatar name and location scanned. In other words, sufficient information for someone to monitor and even track the movements of any number of residents were they so minded.

Things wouldn’t be so bad if the creators of the tool limited themselves to recording only the information relating to “positive” scans by their tool – i.e. Viewers that indicate they are potentially malicious, and that data relating to negative scans is discarded without ever being stored. But this isn’t the case. RedZone retains information on every single avatar scanned. This is gross overkill, and no reasoning on Earth can justify it as being purely in the interests of stopping Copybotters.

Assuming, of course, we can take the creator at his word, and this isn’t all hype. While one can accept 8 million records of user movements (after all, these will be individual avatars logged time and again over possibly dozens of sim over a period of some 18 months), other statistics published by the tool’s creator are somewhat more questionable. Take for example, the fact that out of those 8 million scans, the tool has only ever recorded 2,000 hits on Viewers classified as “Copybotters” – but that as a result, over 63,000 avatars have been recorded on the RedZone banlist; put these together, and it would appear that each of the 2,000 “positive” scans is running 31.5 avatars! This is suggestive of one of three things:

• Guilt by association is the mainstay of this tool, rather than any “accurate” identification of Copybotters, or
• The figures confirm avatar / IP matching is a complete FAIL, leading to thousands of inaccurate bans, thus damaging the businesses the tool is supposedly protecting by denying them customers, or
• The figures are wildly exaggerated, enhancing the potential that the tool is little more than a scam with some unpleasant “benefits” for the less-than-scrupulous.

Beyond all this, is the unshakable feeling that this tool is about stalking and griefing: the creator, in advertising it, makes it clear that it can be used to “identify” alts, and lto list functions that griefers would find very welcome: the ability to attack (cage, etc.), users outside of the area “protected” by the tool; the boast that the tool can eject users and crash their Viewer in the process, etc.

It’s also hard to dismiss the tool as an enabler of stalking / griefing when “pro RedZone” users post to the forums boast they can use the tool as an attachment and “come after” those speaking out against it (to say nothing of the ability – if true – for them to set out “sim hopping” and gathering data on avatars which can then be perused in the hope of “outing” alts and creating further grief).

Theia Magic provides advice on how to help reduce the risk of RedZone grabbing your own information and provides a list of stores / sims running RedZone, should you wish to avoid them. In her notes, she references the GreenZone HUD; note that this will not actually prevent you from being scanned by RedZone, but it nevertheless useful in two ways:

• It warns you if a location you have teleported is running RedZone. While have, in turn, already been scanned by RedZone, this nevetheless helps you to note and avoid such locations in future (and remember, if you have media streaming disabled when scanned, RedZone will not capture your information)
• It helps to confirm the location you are in is “RedZone free”, thus allowing you to enable, say, music streaming – particularly useful if you are visiting a club and wich to hear the music (just remember to disable media once more before teleporting elsewhere!).

Thus, while limited in scope, GreenZone is a useful freebie to have.

Blocking communications with the RedZone website is more effective – but relies on the RedZone creators using the same domain for their information-gathering, or ensuring you are updated should the domain change. However, there are concise instructions for doing this on both Windows machines and Macs and for Linux machines.

There are JIRAs open on the matter – not specific to RedZone itself, but aimed at stopping the kind of behaviour used by such tools – and these are certainly worth voting on (before voting on JIRAs goes away) or – God help us – watching).

In raising concerns about such tools via the JIRAs, we should possibly focus on the in-world impact of such tools, rather than linking back to IP logging etc. While the latter is a worry, it is not one that particularly concerns Linden Lab, as evidenced be statements from the likes of Samuel Linden (Feb 2010) who, when responding to concerns about IP logging and Viewer 2.x, said: We do not consider IP gathering to be  an actionable security exploit. This has been possible for quite some  time with 1.23 and earlier viewers. Obviously, there is a world of difference between clicking on a shared media prim that links to an external website  – which amounts to “volunteering” your IP address, etc., – and someone deploying a tool thank actively harvests such information without your knowledge and making it available to others are vastly different concepts. Sadly, I tend to think it’s going to be hard to get Linden Lab to acknowledge them as such.

Hence why emphasis on the in-world problems / risks / threats presented by such tools would potentially be preferable – particularly where issues can be directly linked back to ToS / CS violations. They would in theory be a lot harder for LL to justify ignoring.

For myself, I’ve actually battled over posting on this subject for the last several days. To be sure, I don’t like RedZone, but I’m aware that these matters can become so highly charged they can spiral out of control into a flame fest. However, having witnessed the attitude of those attempting to defend RedZone, I’ve been moved to publish and be damned; there is simply no genuine justification for a tool as extreme as this being in-world – and I’m certainly less than sanguine about ending up on its malodorous database.

It is because of this latter risk – winding up on someone’s dirty little database – that I’ve largely disabled media screaming on my Viewers ever since Gemini CDS reared its own ugly head (although for a time I *did* keep media enabled while on my home sim – possibly unwisely given the Onyx bot farrago that accompanied Gemini). Given the RedZone situation, I now also use GreenZone and I restrict myself to the in-world browser and keeping cookie acceptance turned off in the Viewer. I appreciate that these precautions are by no means foolproof, but they do help limit my exposure to RedZone and (with the exclusion of GreenZone) to other similar tools that might be floating around out there. And Like Theia and others, I will be dropping any store that I have frequented in the past which sprouts a RedZone device with a note politely noting why they have lost my custom.

And I’d urge you to do the same – protect as far as you can, and write.

I’d also like to address any potential user of RedZone on the matter of the tool they are using: if RedZone’s creators are collating information on SL users based on a scripted device you are deploying on your land – how much more information might they be gathering on you each and every time you log into their website?

Further Information

Website investigating RedZone (Forceme Silverspar)

Theia’s notes on disabling media

Instructions for blocking the RedZone website communication with your computer*:

• PC and Mac
• Linux

* Will only work for the current RedZone domain. Keep an eye on Forceme’s website for any possible moves made by the RedZone creator.

GreenZone HUD on SL Marketplace (free).

Location for testing your IP is hidden from tools using the media exploit (Surl).

Store Lists:

• Theia’s list of RedZone-Free stores
• Theia’s list of stores using RedZone

JIRAs on the subject of privacy:

• SVC6751
• VWR24746
• VWR24764

SLU discussion on the subject (warning: lengthy, but worth-while reading)

Note: post revised after the initial publication, due to the fact that in a blonde moment, I hit PUBLISH rather than SAVE DRAFT.

ADDENDUM – Feb 15th.

Concerns have been raised that GreenZone may itself be compiling a database of its own (see comments below). While initially cynical of this – the conclusion seemed drawn on the misunderstanding of an IM exchange posted on SLU in which the term “list” is used; I have nevertheless contacted GreenZone’s creator, Fart Admiral to request clarification.

Fart has confirmed that, indeed, a static list is maintained of all locations running RedZone. Essentially, the GreenZone HUD scans for RZ objects and if it identifies one, the location of the object is recorded, together with the Ownerkey and sent out to the GreenZone server. Separately to this, the GreenZone HUD triggers an alarm.

Fart assures me that absolutely no information relating to the GreenZone user is transmitted or stored.

Obviously, even what is transmitted may be objectionable, and could be construed as putting GreenZone into the same basket as RedZone. That is not my call to make publicly, but rather for anyone reading this article and considering GreenZone to weigh for themselves before making their decision.