Month: March 2011

Restoring confidence

Posted on by Inara Pey

Just how widely known is the RedZone issue?

One could argue that it is constrained to a few hundred people – the Greenzone group, those that blog about the situation and those that participate in or watch the SLU Epic Thread. Many are involved in all three, making the count apparently smaller.

However, go in-world, and it is clear that a lot of people are aware of the issue. Talk comes up in Groups, Notecards are being distributed, advice given, and so on. CouldBe Yue, a long-time resident is spearheading a Twitter / Facebook campaign to make sure the word on issues of privacy is spread outside of Second Life itself – and is in full view of Linden Lab employees – including Rod Humble. Whether this is advisable or not, given the aggressive tone, is hard to say. It could so easily backfire, if one is honest.

That said, Rod Humble actually took time out to make a couple of appearances of at SLU: the first to publish a couple of comments in a thread designed to poke gentle fun at him; the second to make it clear he is aware of the levels of concern by sitting in on the Epic Thread itself – not contributing, just quietly watching.

Many are getting decidedly upset that despite all that has happened, RedZone remains available in Second Life. As such, innocents unaware of all that has happened may well be getting sucked into the scam. Some are already writing Rod Humble off as a CEO; others are demonstrating more patience.

But…one thing is clear. Confidence is being hit. Privacy issues cannot be ignored. Not only do they impact individual users in terms of their enjoyment of the platform, they threaten to destabilise one of its major selling points: – the ability to enjoy rich media content and performances by live artists all over the world.

If people simply shut down their Viewer’s ability to deliver media, or repeatedly keep hitting DENY on their Media Filter, than music of any kind in SL is going to be a major casualty. As it is, determining what may be a genuine music stream and what may not, isn’t particularly easy for the non-technical. Ergo, unless some positive action is taken, there is a risk more and more people are simply not going to risk accepting unknown media streams – and could well stop going to venues and shows.

As I’ve already commented, it is time for LL to stop playing whack-a-mole in these matters.

But, what, precisely can they do? Viewer 2.x doesn’t have the Media Filter, so any public statement could, at the very least, result in people stampeding away from it to third-party viewers. At worst it could result in panic in general, a further loss of confidence and very negative tabloid headlines (“Linden Lab admits Second Life wide open to hackers and fraudsters!”).

Some have said the lack of action on RedZone specifically is due to an on-going Federal investigation. Well, this may be so; but I can hardly see the Feds saying to LL, “No, you can’t protect your users from this scam, because we need to do X, Y and Z.” Let’s face it, LL can block and ban any item or individual howsoever they like, without having to give a specific reason – and removing the items from in-world is hardly going to bring any Federal (or other) investigation screaming to a halt.

It’s far more likely that RedZone is still there because, despite all his faffing around in the past, the creator has, technically, made the device compliant with the revised Community Standards. But really, this is no longer reason to allow the device to continue in-world.

It has been established the database has been hacked; the exact status of the database is unclear data has been shared – not intentionally, perhaps, but that just makes things worse, whatever the reason for the hack.

Therefore, anyone still using the product is putting their own details and information relating to anyone else entering their land without the benefit of the Media Filter potentially at risk. Therefore, it is simply in the best interests of all concerned to ensure RedZone is removed from all in-world locations.

Right now, the longer it remains, the longer people are going to stay focused on it, and the greater are the chances that SL’s – and LL’s – reputation is going to suffer greater damage, be it through tabloid reporting or through Twitter and Facebook campaigns.

I still have faith in Rod Humble. He walked into the middle of this mess, and so it’s going to hit him hard. I would also like to believe that he genuinely believes his own comments on matters of privacy. As such, and in order to start rebuilding confidence, I’d strongly urge Rod to:

  • Have RedZone removed from the grid. Now. Whether or not it is in violation of the ToS and / or the Community Standards is no longer relevant.  The database behind it has been compromised; it is no longer clear if the database is up or down, or even under the control of the individual who created it. As such, the risk to those both using the device and those being unwittingly scanned has potentially increased exponentially
  • Made sure adoption of the Media Filter in Viewer 2.x is accelerated. Make it a priority. Get a Viewer updated out into the world with the Filter included. People can wait a little longer on things like VWR-1037, but the Filter is a must
  • Made sure the release of the Media Filter with the patch is fully and properly covered: go out and blog yourself. Explain some of the issues – no need to be alarmist – describe what steps have been taken; get Torley to give a short tutorial on the Filter
  • If you’re comfortable with it, give an indication of what, internally, LL are looking at doing in the future to further strengthen the platform.

Beyond this: make sure that you address issues around the matter of data collection. Looking at the sharing of data simply isn’t enough. Sure, there are circumstances where you’d like third-party organisations to be able to collect demographics and other information; there are also user-run services that you doubtless find valuable – as we do – such as Tyche Shepherd’s Grid Survey that need to be allowed to continue. But such cases can be ring-fenced. Checks and balances can be defined.

You have a ToS and a set of Community Standards and a Privacy Policy that stand as a triumvirate guarding the entry portals of Second Life – but they are either somewhat contradictory in terms (ToS 4.3 and ToS 8.3 being the clearest examples of this), or they simply take on a one-sided approach of safeguarding Linden Lab.

If you truly care about your users, take the time to overall the ToS the CS and the Privacy Policy and make them a cohesive set of documents that protect Linden Lab and offer your users a reasonable expectation of security and privacy as they go about their Second Lives. Be transparent. People will trust you more for doing so.

Privacy: a new storm brewing?

Posted on by Inara Pey

As people await for Linden Lab’s response to the weekend’s revelations around the on-going RedZone Affair, it now seems a new issue is starting to cause concerns.

Darrius Gothly reports that he was recently sanctioned by the moderators of the new Community Platform.  The whys and wherefores of the sanction aren’t important. Was is important, and somewhat worrying for people is that rather than simply send him an e-mail warning him of his “violation” of Community Platform rules, the moderator instead uploaded a screenshot of Darrius’ post complete with Darrius’ IP address to a publicly-accessible photo-hosting website.

Again, it matters not whether IP addresses are “public information”; no-one is disputing that. What is of concern to many is that:

  • The IP address is displayed at all, and can be seen by anyone using the website
  • The image hosting website’s own ToS  itself makes it an offence to display such information

Others who have received similar moderating e-mails have found the same – and they’ve found it relatively easy the use the information supplied in the image URL to poke their way into other photosets on the site itself.

Questions are being asked within the Linden Lab forum – although it is far too early to expect an answer right now. Of those questions, Qie Niangao asks the correct one:

“Umm.  A more basic question:

“Why on earth would any moderation action on the provider’s own platform require a screenshot, ever?

“To cite a particular post in communicating with a contributor, embed the text, title, and time of the post.  That should be a one-click operation, same as a screenshot, without incurring the overhead of shipping a screenshot out to a cloud service.

“What conceivable value does a screenshot add?  Are they trying to show embedded images that may have triggered moderation?  (A screenshot is an absurdly bloated way to do that, too, but I’m not sure that’s even what they’re trying to do.)”

Indeed. Why is a screenshot even be necessary, much less a screenshot that must then be uploaded to an external site?

As Qie states, the moderators should have sufficient access to the Platform to be able to cite the relevant details of a violation and e-mail the person responsible directly. And even if a screenshot is required as “evidence” – why not simply attach it to an e-mail to the person responsible?

There really shouldn’t be a need to post such to a public website, as Qie further notes:

“So… how did screenshots get into the moderation workflow?  Is that brain-damage inherited from Lithium? or layered on top by LL? or by another third party contractor to LL?

“I mean, once they made the basic mistake of using screenshots at all, then there’s the choice of cloud service to store the bulging bit bags of pixels, and obviously whoever chose this provider wasn’t paying much attention.  I just think they shouldn’t have needed such a service in the first place.

“(I’m somewhat less interested in the idea of masking out the IP address before pushing the screenshot; we’re just extra sensitive to IP addresses these days, but in fact none of the information on those screenshots should be hosted on an unsecured site.  “Across the street” they’re having fun paging through shot after shot of other companies’ dirty laundry, so you can be sure other companies’ customers are laughing at the SL forums shots, too.)”

Again, whether or not IP addresses can be regarded as “public information”, this seems to be an inordinately crass approach that has been taken in informing people of any forum “wrong doings”. If it is simply a matter that moderators have been improperly trained, then it needs to be addressed fully and properly with the minimum of fuss, and LL need to issue a short statement that the matter has been rectified.

If it is a matter of policy for Linden Lab to handle these matters like this, then it really does call into question as to what the heck is going on in Battery Street – as there is no conceivable reason for matters to be handled this way at all.

Addendum March 14:

In response to concerns raised, Amanda Linden posted the following:

“Hey all, Thanks so much for flagging this. I have let the moderators know that displaying this kind of personal information–in any form–including screenshots–is not acceptable. Please accept my personal apology. We are still working out the kinks re: moderation and greatly appreciate this kind of input. Stay patient with us while we work through the issues and find the right moderation levels–all with the ultimate purpose of having a lively, productive dialogue on Second Life.

“Cheers, Amanda Linden”

Which is good news. However, one hopes that LL actually determine why there was such a failure in basic training of employed / contracted moderators.

Had the moderators been volunteers / users elected to the position who had had insufficient training, fair enough, but the fact remains that full and proper training should have been received by any and all contracted moderators, and LL should have sought to ensure this to be the case. If the moderators are in-house, then LL should have ensured full a proper training ahead of time.

It’s simply beggars belief that someone could send out a warning, yet not know how to attach a screen cap to it.

Let’s hope this is an end of the matter.

Time to end the whack-a-mole

Posted on by Inara Pey

As reported earlier, the RedZone situation has been blown wide open. However one looks at the video that was released last week, the data passed to the Alphaville Herald, and everything that lays behind them; it would appear that all roads lead back to isellsl.ath.cx domain and the avatar of zFire Xue.

Indeed, it now appears that zFire, in another guise, is behind the so-called “Knights of Mars”, an “organisation” promising to get avatars banned from Second Life – no matter what the reason – for a fee; even boasting that their activities are against the ToS (“Is this against SecondLife’s TOS? You bet!” screams their FAQ).

All-in-all the evidence – to those outside – is damning. One would hope that it is enough for Linden Lab to take the appropriate actions, and sooner rather than later.

It’s not even as if this is a sheltered incident. Over the past week, locating and stopping so-called “alt detectors” has become something of a game of whack-a-mole; and poor Soft Linden has been the one stuck at the machine clouting heads:

  • Following the changes to the Community Standards, the creator of Quickware Alt Pro, another device intended to links alts, tried various methods to circumvent LL’s revised position on sharing information gathering within Second Life – efforts which eventually earned him, at least one of his Alts and his device a ban from Second Life
  • Following this, the imaginatively named “Jacks Sparrow” of “Sparrow Industries” popped up with another “alt detector”, quickly pressed into use by those looking to replace RedZone, as Theia Magic reported at the time
  • At the same time, a further “alt detector” turned up on the Marketplace, made by one “Gzoa Resident”. Whether genuine or simply an attempt to cash-in on the perceived need for such Right now, technical  tool, the device was pulled by LL after multiple ARs were filed.

So three systems in a space of days, collecting and sharing data; tip of the iceberg, anyone?Meanwhile, Gemini CDS is still very much out there, collecting data. Who knows what else is out there?

And here is where the system falls down at present: Linden Lab have only proscribed against the sharing of collected data. This really isn’t the issue; the issue is the collection of said data.

As the hack of the Emerald database showed, just before the entire Emerald thing blew up around a year ago – as this RedZone situation demonstrates now – allowing anonymous individuals across SL to quietly gather data and funnel it out of SL into their own databases and servers is unacceptable in it present form. It either needs to be outlawed entirely, or steps need to be taken to ensure people are both aware of what is about to happen and have a means of preventing it from happening prior to any attempt at gathering data being made. And this needs to be properly backed up by a clearly-defined Privacy Policy intimately hooked to the Terms of Service such that anyone found to be either circumventing the “right to decline” or using the data other than for its intended purpose will be immediately banned from Second Life.

Reactive efforts – as mighty and as welcome as Soft Linden’s exploits have been (the man has been a hero in this entire situation) – are now not enough.

Even on its own, the RedZone situation, as this news spreads, is going to severely dent people’s confidence in Second Life as a platform and further shake users’ faith that Linden Lab has, as far as possible, got their back covered when it comes to reasonable expectations of privacy.

In a week when RedZone has continued to rock the boat, when Gemini CDS has begun to emerge as still being in widespread use, when Quickware, Sparrow and the “Gzoa” items all pitched up / got whacked, LL remained stubbornly silent on matters, other than Soft’s lone voice on the JIRA (and who out of the majority of SL residents, study the JIRA regularly?). At the same time, multiple questions around RedZone and alt detection raised on the new Community Platform were shut down – hard.

Within Linden Lab there has always been something of a permissive attitude towards many things. Frequently, it’s taken a court case or two to shake the company out of lassitude. People point to Philip Rosedale as the “cool dude” and cite things like “West Coast attitudes”; the Lab itself talks in terms of the (iteself ideological) “Love Machine” and the hippy-ish “Tao of Linden”. They make for really good human interest reads; they make for cosy employee feelings. They frame the Rosedale dream and vision of Second Life.

And they need to stop.

Whack-a-mole is no longer an option – if it ever was. Linden Lab have been trying to a good number of years now to get the platform taken seriously. Unless they grab this particular nettle properly and excise it from their lawn, they are not only going to further damage the credibility of the platform to the world at large, they risk tearing the community itself apart with suspicion and doubt.

People are already avoiding the use of media in their viewers; and while Sione Lumo’s Media Patch is gaining wider acceptance in the Viewer community, the fact is  – again, as I keep on hammering – technical solutions are not the key. Not only are they potentially hard from the non-technical community to grasp, they are a potential threat to the economy (no media = no live music) and they are a challenge to all the little skiddies out there who see such tools as something to be “gotten around”.

Linden Lab need to make a stand. Now. They need to stop with all the Ta0y lovey-dovey. They need to straighten out the ToS and the Community Standards and get themselves a fully-rounded Privacy Policy that completes the triangle. A Privacy Policy that, rather than simply trying to absolve them of any blame if Things Go Wrong, actually sets out the expectations of privacy their users can reasonably expect when signing-up to their service. They need to eliminate contradictions in the ToS around sections 4.3 and 8.3.

Idealism had its place once, back when Second Life was starting out; but the fact is, if the company really wants to be taken seriously, if it really wants to try to leverage the likes of Facebook and the rest, then it needs to do more than simply looking like it means business.

It needs to start acting that way as well – not least where the user base is concerned. If they don’t then Second Life runs a serious risk of being ever-increasingly marginalised as viable platform, and will haemorrhage users as they leave to join those platforms that demonstrate a willingness to meet their expectations.

RedZone database hacked

Posted on by Inara Pey

The last few days have seen some mysterious goings-on around RedZone.

  • A video emerged that purportedly showed someone closely associated with RedZone taking to his girl friend / another user and boasting about how he was attempting to scam the user names and passwords of RedZone users to see if they could be used to access SL accounts
  • This video was posted on YouTube some seven months ago, but was only pointed to (apparently anonymously) this week
  • The video was linked to a number of other videos that appear to have come from the creator of RedZone and a group of friends – channels subscribing to them included “Insanity Productions”, the “company” behind RedZone
  • Attempts to track the links between videos, etc., were countered by attempts to hide them / take them down from YouTube – almost as if someone were attempting to cover their tracks
  • Denials and counter-claims were put out by the “RedZone Camp”, citing, among other things, that YouTube and Google themselves had been hacked, that the video was a fake, and that the timestamp on it had been altered
  • zFire Xue then threw down a public challenge for someone to attempt to hack his computer.

Guess what?

It appears someone did. Some of us were on the epic SLU thread when his system went down – keeping us going for hours in speculation. Today, all became clear when the Alphaville Herald published a confirmation. And it appears some 1.6 million individual IP addresses are held in the database, complete with geolocation tools for pinning them down – pretty much as claimed in the video that surfaced earlier in the week.

And it appears that his activities are not limited to RedZone users; screen shots hint that he may well have been acting against users of his Prim Animation tool as well.

Already the news is spreading – and it is hard to see how “zFire” and his cohorts can wriggle free of this.

The evidence might be faked – but if so, it is rather elaborate, and one might suggest Occam’s Razor be applied to any explanations that try to explain this leak away via convoluted logic.

Certainly, this would not suggest that Linden Lab may well need to take a closer look at precisely what is going on around data harvesting, as information such as this going into the public domain is not going to do the reputation of Second Life – of Linden Lab – a lot of good.

Back when I first commented on RedZone, I asked the users of that system a question:

I’d also like to address any potential user of RedZone on the matter of the tool they are using: if RedZone’s creators are collating information on SL users based on a scripted device you are deploying on your land – how much more information might they be gathering on you each and every time you log into their website?

Well, it looks like we all have the answer.

Media Filter due in Phoenix this weekend

Posted on by Inara Pey

Jessica Lyon took time out to pop into the SLU forum today to announce that this weekend will see a maintenance release of Phoenix that includes the new Media Filter.

This release is coming ahead of the planned update to Phoenix, and apparently as a result of the evolving situation regarding devices that seek to obtain avatar and other data via covert means using a media streaming exploit.

Meanwhile, Firestorm looks set to include the Media Filter with the release due on or around the 20th March, again as indicated by Jessica in the recent Phoenix Office Hour.

A Note on the Media Filter

The Media Filter has been developed in response the a number of in-world items that seek to covertly obtain information on avatars and their users. It was initially developed by Sione Lomu, specifically as a result of the recent RedZone farrago. The code has since been adopted by third-party Viewer developers and has been accepted into Project Snowstorm for inclusion in Viewer 2.x.

I’ll be publishing a tutorial on how to use the Media Filter when the Phoenix update is released, together with links to all Viewers currently supporting the filter.

Tutorials will also be made available through a range of in-world sources as the Media Filter comes into wider availability.

Why I’m pissed at RedZone

Posted on by Inara Pey

Yesterday, while in-world, I was in IM with a friend, and I mentioned developments regarding the RedZone farrago. The question that came back, after I gave a 3-line summary, was: “Why are you hung up on all this?”

The question wasn’t followed-up with the usual “but IP Addresses are public, blah, blah,” (irrelevant), or simple platitudes  – it was a question to why it affects me so deeply, given I tend to move around SL without the benefits of media anyway (doubly so now, as my friend knows – as does so herself).

To be honest, the question gave me pause. Why am I so all-fired angry about RedZone and Quickware and the rest? Drama is a part of being in SL, and the very nature of the platform means it will always bring out the worst in some people – so why let it get so under my skin?

Well, simply put, because the platform does enable people to abuse one another so readily. RedZone is created by “zFire Xue” – but who the hell is “zFire Xue” – other than (to you and me), a totally anonymous individual who – ironically – hides behind avatar anonymity while trying to “out” you and I in terms of linking out avatar details with our RL locations.

Worse still is the loudest proponent of RedZone, someone who bangs on about his “right” to use it, denigrating all who oppose his as “griffers”, revels in his ability to create mischief – and yet hides behind the veil of the anonymous pseudonym “Crackerjack”. That such people are empowered by their anonymity (and fail to see any contradiction between their own use of pseudonyms while seeks to “out” others), and use it as a weapon against others on the grid pisses me off.

While Linden Lab have responded  – are responding – to this latest situation, I’m also equally pissed off with them.

Security within Second Life has always been lax; while there have been many (and very excellent) reasons for opening up things like the Viewer to open source, encouraging in-world development, looking towards potential business uses of the platform, the Lab has always taken a far too simplistic approach to matters, trying to having a all-in-one solution (the main Grid) attempt to meet a plethora of markets and uses they’ve repeatedly scampered after.

As a result, they’ve been lax in properly identifying the risks to security and privacy inherent in many of the decisions they’ve made, and policy and terms of service have been left woefully ineffective when it comes to dealing with serious concerns. Again, one only has to look at the contradictions in ToS 8.3. and 4.3 with the RedZone farrago to see how contradictory their own legal documents are in these matters.

It has always been this way; I have no idea if it is “west coast culture” (as some claim), or the “Tao of Linden”, a complete lack of concern (so long as the dollars roll in) or pure ineptitude that repeatedly prevents Linden Lab grabbing issues such as this by the balls and simply doing the right thing and stopping it. What I do know is, it is wearing people down. People have left SL over this latest controversy. Others are giving up and retrenching, reducing land holdings, minimising their financial exposure and the rest, simply because the Lab fail to grasp the nettles in their backyard and remove them.

Even now, with a revision to the community standards in place, we’re still seeing creators of these scanning tools working hard to try to get past the ToS, the new media filters and the likes; yet they continue to request ARs on a case-by-case basis.

Many reasons have been theorised as to why this is the case – but the fact is, as I’ve said elsewhere, technical solutions ain’t gonna solve this problem – or any other problem where users within SL get an elevated sense of entitlement they believe allows them to violate the ToS (or indeed, simply come up with a flim-flam system that appeals to those with such a false sense of entitlement in order to get them to part with their cash). If this issue is to be resolved, it’s going to require a clear-cut policy statement from Linden Lab. Period. It’s a policy statement that has got to be enshrined as a part of the ToS, and put up in lights for all to see. It needs to a clear Thou shalt not backed by the unequivocal reality of permabans.

And if we’re honest here, the RedZone situation has more than demonstrated what needs to be done – yet all we get is a token (and unadvertised) change to the Community Standards relating to the sharing of gathered data; not its collection.

And this is another reason I’m pissed off: tools like RedZone already have the potential to allow sick minds to start profiling avatar movements. RedZone even has a HUD users can wear that has the potential to gather information on avatars they encounter. Even with the “sharing” aspect being “disallowed” under the CS, these tools could still be used to gather information – and make it available outside of SL – for those wishing to stalk, spy and grief, as I mentioned in my original post on this matter.

We need a policy that simply outright bans the use of such tools unless used in very tightly proscribed circumstances. Don’t get me wrong – I’m pleased that LL have made some moves on this matter; it’s great that they are adopting the media filter. But unless and until they draw up a clear-cut policy on situations like this, the problem isn’t going to go away, and more and more innocent users are going to fall afoul of those who would prey on them.

And that brings me to the core reason why I’m so “hung up” on RedZone. Last night, after my friend had asked me her question, I dived into the ongoing discussion on the subject over at SLU, and I read this:

“Well I haven’t logged in a while over the head of all of this. It’s hard to be fancy-footed and carefree, skipping to whatever music is playing when in the back of your head you’re wondering if you’re being scanned or if there’ll be an argument just around the corner. Shouldn’t worry too much I know but sometimes we’d just like everything to be perfect in the world if only for a moment. Forlorn hope possibly and no doubt a little rose tinted but imagination brings those expectations for me in SL and hope is such a hard one to let go of.

“I’m even downloading the Windows SDK to build snowstorm just so I can get some of that nirvana back sooner rather than later. And no, I’ve very little clue what I’m doing other than following outdated wiki pages and scouring snippets. I hear ‘geek’ is the new sexy so it may serve a purpose in the end.”

This simple statement cuts to the heart of the entire matter: Second Life should be a world where our imaginations can be set free, where we can feel secure enough to wander, explore, enjoy, experiment and simply be without the constant worry of who might be lurking around spying, scraping, scanning and pawing at us. Of course, we cannot ever be totally secure – you don’t even get that in real life – but we should have the confidence that those who effectively provide and safeguard Second Life – Linden Lab – are actually ensuring our safety as far as they possibly can.

But they’re not as yet, and their track record suggests they won’t. That hurts people such as the poster above. It hurts you and it hurts me. And that’s why I’m so “hung up”.