Some time ago, LL opted to shift their method of accepting foreign payments away from PayPal. A deal was struck with Dragonfish – which in a sort-of bizarre twist, given LL’s attitude towards gambling – is operated by 888 Holdings the, er, online gambling giants.
There have been numerous issues with the payments system (which also appears to be linked to Cassava Enterprises, another subsidiary of 888 Holdings, registered in the tax haven we call Gibraltar). Now it appears as those woes might be growing.
As reported on the official forum, members in Europe using the payment system towards the end of last year are finding themselves subjected to directed mail shots to the e-mail accounts that they have specifically set-up for use with Second Life. What is more worrying is that in at least one instance, the mail sent to the SL-related mail account has called the recipient by their real first name. Elsewhere, another use who has used a partner’s Credit Card to make payments to LL via Dragonfish has found themselves receiving directed e-mail to their SL-related e-mail account addressing the card holder by name.
Frank Ambrose (FJ Linden) has attempted to pour oil on troubled waters by suggesting that those affected have been victims of malware / spyware on their own computers, and that no data has been leaked via Linden Lab or their “third-party” operative (Dragonfish). However, an increasing number of people are doubting this explanation, due to the number of coincidences concerned, perhaps the biggest of which is that the directed e-mails (mis-named “spam” in the forum posts) are from – wait for it – another on-line gambling organisation.
In other words, someone possibly in competition with 888 Holdings.
As Que Niangao points out in the thread, while it in not entirely above the realms of possibility, for FJ’s explanation to hold, the compromised computers used by those receiving the e-mail need to have been infected by some very elaborate spyware / trojan / key-logging system. However, a more reasonable explanation might be that the issue lies at the other end of the pipe and that while no-one is accusing 888 / Dragonfish / Cassava of deliberately passing on user information, it is possible that their own systems have or were compromised at some point.
Either way, it would seem that a more involved investigation is warranted – and neither Linden Lab nor 888 have anything to lose by ensuring the matter is fully and properly checked.
There is a danger in issuing what can be read as trite / suspicious and almost throw-away explanations (as some on both the forum and on Twitter are treating FJ’s response). That is that is deepens the belief that Linden Lab does little more than pay lip service to matters of privacy. This feeling has been rife among the user base for a good while now, and has been exacerbated by recent events around RedZone.
While no-one expects LL or 888 to hold a hand up and admit the specifics of any leak (should one have occurred), one does expect them to work fully and properly to ensure that all fears and concerns that their might be a leak are properly alleviated, and evidence given that customers’ data is in fact secure. If there has been a breach that is not connected to customers’ own computers, then it is also in LL’s best interests to ensure they understand what has occurred and when so they can inform users of the appropriate actions they need to take, if any.
A “Thanks but not our problem,” response – which is how FJ’s reply tends to read – doesn’t really help anyone.
Inara Pey: Living in a Modemworld 
It’s standard practice to assume that in cases like these, where only a vast minority are (vocally, at least) reporting a problem, to assume that the issue is client-side, as Spyware is FAR more common than something internal on the processing end.
Additionally, the UK and the EU (Dragonfish’s HQ), have some of the strictist laws regarding payment processing/online data storage. It would be hideously unlikely that the cause of these breaches is directly connected to the processing company.
It’s a shame it’s happened, and it’s responsible to say “Check this out, there might be an issue here”, but I don’t think there’s any cause for any animosity toward any of the corporate bodies involved here, at this point.
(Also, there’s a wealth of evidence to suggest CONTRARY to your claim that LL only provide ‘lip service’ to privacy. I would recommend you research this more.)
LikeLike
I’m not making any “claim” relating to LL’s attitude towards matters of privacy. In fact, I don’t even present my personal position in the matter. I certainly don’t project any “animosity” the corporate bodies concerned.
I’m simply observing what has been posted in the forum and the reaction it has caused both there and across the likes of Twitter.
LikeLike
I don’t know where your reply went. It was definitely here once.
I think by making this into an ‘issue’ rather than letting it resolve with the handful of people involved, is a handy way for some post-Redzone authors to get blog hits. Especially when they add buzzwords like ‘leak’.
At second reading, your post reads kind of weirdly, like a commentary on a forum thread. Initially I presumed that you were using the thread as a basis and adding your opinions on top (which is where I assumed the animosity came from), but if you’re just providing commentary on the thread then… sure.
LikeLike
Aha, I see it now. My bad. 😀
LikeLike
Yup, it’s a commentary upon a thread couple with a general observation.
People do give LL a bad shake where privacy is concerned – and in some respects, they are absolutely right to do so, as RedZone demonstrated. (In that instance, the *users* pointed out the potential for media to be exploited numerous times, and concerns were either ignored or given a flippant response.) As such, there is a danger that FJ’s response *could* be taken as “more of the same”.
LikeLike
Thanks, but not our problem seems to be LL’s response to quite a few things. Each time I see it, I cringe. The customer may not always be right, but I think the loose management structure of LL makes it too easy for their employees to give this sort of lazy response. It always reflects badly on the company.
LikeLike