Yesterday, while in-world, I was in IM with a friend, and I mentioned developments regarding the RedZone farrago. The question that came back, after I gave a 3-line summary, was: “Why are you hung up on all this?”
The question wasn’t followed-up with the usual “but IP Addresses are public, blah, blah,” (irrelevant), or simple platitudes – it was a question to why it affects me so deeply, given I tend to move around SL without the benefits of media anyway (doubly so now, as my friend knows – as does so herself).
To be honest, the question gave me pause. Why am I so all-fired angry about RedZone and Quickware and the rest? Drama is a part of being in SL, and the very nature of the platform means it will always bring out the worst in some people – so why let it get so under my skin?
Well, simply put, because the platform does enable people to abuse one another so readily. RedZone is created by “zFire Xue” – but who the hell is “zFire Xue” – other than (to you and me), a totally anonymous individual who – ironically – hides behind avatar anonymity while trying to “out” you and I in terms of linking out avatar details with our RL locations.
Worse still is the loudest proponent of RedZone, someone who bangs on about his “right” to use it, denigrating all who oppose his as “griffers”, revels in his ability to create mischief – and yet hides behind the veil of the anonymous pseudonym “Crackerjack”. That such people are empowered by their anonymity (and fail to see any contradiction between their own use of pseudonyms while seeks to “out” others), and use it as a weapon against others on the grid pisses me off.
While Linden Lab have responded – are responding – to this latest situation, I’m also equally pissed off with them.
Security within Second Life has always been lax; while there have been many (and very excellent) reasons for opening up things like the Viewer to open source, encouraging in-world development, looking towards potential business uses of the platform, the Lab has always taken a far too simplistic approach to matters, trying to having a all-in-one solution (the main Grid) attempt to meet a plethora of markets and uses they’ve repeatedly scampered after.
As a result, they’ve been lax in properly identifying the risks to security and privacy inherent in many of the decisions they’ve made, and policy and terms of service have been left woefully ineffective when it comes to dealing with serious concerns. Again, one only has to look at the contradictions in ToS 8.3. and 4.3 with the RedZone farrago to see how contradictory their own legal documents are in these matters.
It has always been this way; I have no idea if it is “west coast culture” (as some claim), or the “Tao of Linden”, a complete lack of concern (so long as the dollars roll in) or pure ineptitude that repeatedly prevents Linden Lab grabbing issues such as this by the balls and simply doing the right thing and stopping it. What I do know is, it is wearing people down. People have left SL over this latest controversy. Others are giving up and retrenching, reducing land holdings, minimising their financial exposure and the rest, simply because the Lab fail to grasp the nettles in their backyard and remove them.
Even now, with a revision to the community standards in place, we’re still seeing creators of these scanning tools working hard to try to get past the ToS, the new media filters and the likes; yet they continue to request ARs on a case-by-case basis.
Many reasons have been theorised as to why this is the case – but the fact is, as I’ve said elsewhere, technical solutions ain’t gonna solve this problem – or any other problem where users within SL get an elevated sense of entitlement they believe allows them to violate the ToS (or indeed, simply come up with a flim-flam system that appeals to those with such a false sense of entitlement in order to get them to part with their cash). If this issue is to be resolved, it’s going to require a clear-cut policy statement from Linden Lab. Period. It’s a policy statement that has got to be enshrined as a part of the ToS, and put up in lights for all to see. It needs to a clear Thou shalt not backed by the unequivocal reality of permabans.
And if we’re honest here, the RedZone situation has more than demonstrated what needs to be done – yet all we get is a token (and unadvertised) change to the Community Standards relating to the sharing of gathered data; not its collection.
And this is another reason I’m pissed off: tools like RedZone already have the potential to allow sick minds to start profiling avatar movements. RedZone even has a HUD users can wear that has the potential to gather information on avatars they encounter. Even with the “sharing” aspect being “disallowed” under the CS, these tools could still be used to gather information – and make it available outside of SL – for those wishing to stalk, spy and grief, as I mentioned in my original post on this matter.
We need a policy that simply outright bans the use of such tools unless used in very tightly proscribed circumstances. Don’t get me wrong – I’m pleased that LL have made some moves on this matter; it’s great that they are adopting the media filter. But unless and until they draw up a clear-cut policy on situations like this, the problem isn’t going to go away, and more and more innocent users are going to fall afoul of those who would prey on them.
And that brings me to the core reason why I’m so “hung up” on RedZone. Last night, after my friend had asked me her question, I dived into the ongoing discussion on the subject over at SLU, and I read this:
“Well I haven’t logged in a while over the head of all of this. It’s hard to be fancy-footed and carefree, skipping to whatever music is playing when in the back of your head you’re wondering if you’re being scanned or if there’ll be an argument just around the corner. Shouldn’t worry too much I know but sometimes we’d just like everything to be perfect in the world if only for a moment. Forlorn hope possibly and no doubt a little rose tinted but imagination brings those expectations for me in SL and hope is such a hard one to let go of.
“I’m even downloading the Windows SDK to build snowstorm just so I can get some of that nirvana back sooner rather than later. And no, I’ve very little clue what I’m doing other than following outdated wiki pages and scouring snippets. I hear ‘geek’ is the new sexy so it may serve a purpose in the end.”
This simple statement cuts to the heart of the entire matter: Second Life should be a world where our imaginations can be set free, where we can feel secure enough to wander, explore, enjoy, experiment and simply be without the constant worry of who might be lurking around spying, scraping, scanning and pawing at us. Of course, we cannot ever be totally secure – you don’t even get that in real life – but we should have the confidence that those who effectively provide and safeguard Second Life – Linden Lab – are actually ensuring our safety as far as they possibly can.
But they’re not as yet, and their track record suggests they won’t. That hurts people such as the poster above. It hurts you and it hurts me. And that’s why I’m so “hung up”.
Inara Pey: Living in a Modemworld 
I have ran into something simmilar in various places, people asking why they should care. Of course, I give them a littany of reasons to that since they have asked for it.
I also am now keeping media and such turned off in my clients for the time being. Not because I am in any realistic danger — there are several layers of blocks between my machine and the known servers — but because unless enough people do that LL will not see it as a big deal to resolve ASAP. Which means the users that are oblivious to the potential problems will be the ones hurt.
LikeLike
It’s the fact that trying to get LL to listen and for once be *pro-active* in stemming the problem once and for all is akin to taking one’s head to a brick wall that gets me.
But c’est la vie, I guess.
LikeLike
I do not think I can ever feel the same way about Secondlife as I once did. I enjoyed those more innocent times, and although it is only weeks ago, it already feels like a time long in the past.
Secondlife will never be the same for me again.
LikeLike
You know, Inara, your post reminded me of some things that Rod Humble said in a recent interview: “Privacy is going to be popular again” (I’m not quoting him verbatim…). I think that this is the major issue here. RedZone is doing little more than what Facebook is doing with its 600 million users, who, in their majority, have absolutely no clue about what is being done with all the profiling data they have — and at least in Facebook’s case, we know that its CEO is a sociopath, a thief, a lier, and his company is mostly backed up financially by the Russian Mafia 🙂 Strangely enough, the whole world — at least what the media writes — doesn’t care about that at all and we all continue to use Facebook daily…
The “privacy is outdated” stance that Facebook (and certainly Google too) has promoted world-wide and that has been so easily accepted by uncountable millions is pretty much the same thing that RedZone is using to drive their success as a commercial product. However, at least until recently, Second Life was one of the last bastions of privacy on the ‘net; unlike pretty much everything out there, Linden Lab has made some serious privacy implementations in their architecture, and this, in turn, has attracted privacy-conscious individuals to this virtual world, which naturally expect that pro-privacy philosophy to prevail. I believe this is the main reason why RedZone’s stance shocks us so much (while we shrug away what Facebook and Google are doing with our private data).
Rod Humble has now a golden opportunity to increase his pro-privacy campaign by making a clear statement about what is allowed and what is not. And I agree, it’s not something to be enforced technically (which is impossible), but through policies. The problem is that LL is traditionally so, so bad at enforcing any kind of policies…
LikeLike
Well… a couple of things here.
RedZone is actually very different in many respects to Facebook, and it is a little inaccurate to suggest otherwise. Many of those who are most adamant in their use of RedZone actually bend over backwards to try and hide the fact that they do. The creator of RedZone is on record as not only trying to further hide what his devices do, but also attempting blackmail in threatening to take his database “public” if Linden Lab attempt to take action against him.
Leaving aside your comments on Mark Zuckerberg – comments which I trust are tongue-in-cheek and not intended to be taken seriously by anyone reading this blog – the fact remains that Facebook is answerable as a corporation. The creator of Redzone is most certainly not. He is an individual hiding (ironically enough, given what his device does) behind a wall of anonymity (albeit a thin wall it may be, considering he’s registered himself as an LCC and thus is easily traceable).
As to Rod Humble’s comments on the matter of privacy, which I’ve commented on elsewhere. , I personally do look upon these as hopeful, and I would like to think that his view on privacy may well have encouraged the likes of Soft Linden to step up to the mark and deal with the immediate issue with RedZone and devices of its ilk (remembering that several others have now been completely removed from the Grid and their creators have had their accounts cancelled).
Where policy is concerned, there is an on-going discussion around this that has grown out of the entire RedZone issue. People at LL are aware of this discussion; and while it is not the place for users to define the company’s policies and position to them, many are committed to running with a open, constructive dialogue that may possibly yield something of benefit going forward.
LikeLike
This is all part and parcel of growing up and being maturing, in this case it’s a virtual world that is growing up and maturing and with maturity comes a sense of loss of freedom, just as we were once kids without a care in the world now there are cold hard realities.
If you look at something like Ebay, you’ll see there that people bemoan the old days, when it seemed more fun, but it was also a place where cheats could try and prosper, where fake goods were sold to the detriment of the real brand and they had to act.
There will be more of this from LL if Second Life survives, if it grows we’ll see more and more rules required and people having to be more and more aware of security issues.
LikeLike
Not sure I entirely agree – at least where this matter is concerned.
That there were issues was clear at least 12 to 18 months ago – if not before that. The attitude has not been one of innocence on LL’s part, but rather laxness, frankly.
Companies are prone to do the absolute minimum necessary in many areas of their operations – and that is accepted. The fact remains, that LL were getting very clear warnings about the risks involved in the way they handle media, but that steadfastly refused to address the issues at all. Whichever you call it, that doesn’t amount to innocence.
The only “innocence” that is being lost is that of users who are being sold on the idea that LL are doing as they should: acting as gatekeepers and guardians on their own platform. They simply need to stop being minimally reactive and start being demonstrably proactive in matters that do adversely impinge on their customer’s use and enjoyment of their platform.
LikeLike
There did seem to be a security through obscurity issue, people had to badger LL a bit as I recall to even point out the security hole in MOAP, they did mention it in a blog post.
LL can only do so much, I guess on one hand they want people to be secure and on another they don’t want to scare people off, it’s striking the right balance, they probably should have a working group for it.
You can be sure you disagree, I don’t bite….often!
LikeLike
Numerous ways have been suggested overcoming the current issue, as you’re aware from watching the SLU thread(s) :). Some of them could even spin coin for LL.
The problem is not “LL can only do so much”; it’s “LL won’t even move on the problems they face in anything approaching a strategic manner”.
I’m not suggesting an overnight solution – but this problem isn’t exactly an overnight thing, blasting out of nowhere. No should it be the find of thing left to users to pick up on, frankly.
LikeLike