Category: Opinion

Restoring confidence

Posted on by Inara Pey

Just how widely known is the RedZone issue?

One could argue that it is constrained to a few hundred people – the Greenzone group, those that blog about the situation and those that participate in or watch the SLU Epic Thread. Many are involved in all three, making the count apparently smaller.

However, go in-world, and it is clear that a lot of people are aware of the issue. Talk comes up in Groups, Notecards are being distributed, advice given, and so on. CouldBe Yue, a long-time resident is spearheading a Twitter / Facebook campaign to make sure the word on issues of privacy is spread outside of Second Life itself – and is in full view of Linden Lab employees – including Rod Humble. Whether this is advisable or not, given the aggressive tone, is hard to say. It could so easily backfire, if one is honest.

That said, Rod Humble actually took time out to make a couple of appearances of at SLU: the first to publish a couple of comments in a thread designed to poke gentle fun at him; the second to make it clear he is aware of the levels of concern by sitting in on the Epic Thread itself – not contributing, just quietly watching.

Many are getting decidedly upset that despite all that has happened, RedZone remains available in Second Life. As such, innocents unaware of all that has happened may well be getting sucked into the scam. Some are already writing Rod Humble off as a CEO; others are demonstrating more patience.

But…one thing is clear. Confidence is being hit. Privacy issues cannot be ignored. Not only do they impact individual users in terms of their enjoyment of the platform, they threaten to destabilise one of its major selling points: – the ability to enjoy rich media content and performances by live artists all over the world.

If people simply shut down their Viewer’s ability to deliver media, or repeatedly keep hitting DENY on their Media Filter, than music of any kind in SL is going to be a major casualty. As it is, determining what may be a genuine music stream and what may not, isn’t particularly easy for the non-technical. Ergo, unless some positive action is taken, there is a risk more and more people are simply not going to risk accepting unknown media streams – and could well stop going to venues and shows.

As I’ve already commented, it is time for LL to stop playing whack-a-mole in these matters.

But, what, precisely can they do? Viewer 2.x doesn’t have the Media Filter, so any public statement could, at the very least, result in people stampeding away from it to third-party viewers. At worst it could result in panic in general, a further loss of confidence and very negative tabloid headlines (“Linden Lab admits Second Life wide open to hackers and fraudsters!”).

Some have said the lack of action on RedZone specifically is due to an on-going Federal investigation. Well, this may be so; but I can hardly see the Feds saying to LL, “No, you can’t protect your users from this scam, because we need to do X, Y and Z.” Let’s face it, LL can block and ban any item or individual howsoever they like, without having to give a specific reason – and removing the items from in-world is hardly going to bring any Federal (or other) investigation screaming to a halt.

It’s far more likely that RedZone is still there because, despite all his faffing around in the past, the creator has, technically, made the device compliant with the revised Community Standards. But really, this is no longer reason to allow the device to continue in-world.

It has been established the database has been hacked; the exact status of the database is unclear data has been shared – not intentionally, perhaps, but that just makes things worse, whatever the reason for the hack.

Therefore, anyone still using the product is putting their own details and information relating to anyone else entering their land without the benefit of the Media Filter potentially at risk. Therefore, it is simply in the best interests of all concerned to ensure RedZone is removed from all in-world locations.

Right now, the longer it remains, the longer people are going to stay focused on it, and the greater are the chances that SL’s – and LL’s – reputation is going to suffer greater damage, be it through tabloid reporting or through Twitter and Facebook campaigns.

I still have faith in Rod Humble. He walked into the middle of this mess, and so it’s going to hit him hard. I would also like to believe that he genuinely believes his own comments on matters of privacy. As such, and in order to start rebuilding confidence, I’d strongly urge Rod to:

  • Have RedZone removed from the grid. Now. Whether or not it is in violation of the ToS and / or the Community Standards is no longer relevant.  The database behind it has been compromised; it is no longer clear if the database is up or down, or even under the control of the individual who created it. As such, the risk to those both using the device and those being unwittingly scanned has potentially increased exponentially
  • Made sure adoption of the Media Filter in Viewer 2.x is accelerated. Make it a priority. Get a Viewer updated out into the world with the Filter included. People can wait a little longer on things like VWR-1037, but the Filter is a must
  • Made sure the release of the Media Filter with the patch is fully and properly covered: go out and blog yourself. Explain some of the issues – no need to be alarmist – describe what steps have been taken; get Torley to give a short tutorial on the Filter
  • If you’re comfortable with it, give an indication of what, internally, LL are looking at doing in the future to further strengthen the platform.

Beyond this: make sure that you address issues around the matter of data collection. Looking at the sharing of data simply isn’t enough. Sure, there are circumstances where you’d like third-party organisations to be able to collect demographics and other information; there are also user-run services that you doubtless find valuable – as we do – such as Tyche Shepherd’s Grid Survey that need to be allowed to continue. But such cases can be ring-fenced. Checks and balances can be defined.

You have a ToS and a set of Community Standards and a Privacy Policy that stand as a triumvirate guarding the entry portals of Second Life – but they are either somewhat contradictory in terms (ToS 4.3 and ToS 8.3 being the clearest examples of this), or they simply take on a one-sided approach of safeguarding Linden Lab.

If you truly care about your users, take the time to overall the ToS the CS and the Privacy Policy and make them a cohesive set of documents that protect Linden Lab and offer your users a reasonable expectation of security and privacy as they go about their Second Lives. Be transparent. People will trust you more for doing so.

Time to end the whack-a-mole

Posted on by Inara Pey

As reported earlier, the RedZone situation has been blown wide open. However one looks at the video that was released last week, the data passed to the Alphaville Herald, and everything that lays behind them; it would appear that all roads lead back to isellsl.ath.cx domain and the avatar of zFire Xue.

Indeed, it now appears that zFire, in another guise, is behind the so-called “Knights of Mars”, an “organisation” promising to get avatars banned from Second Life – no matter what the reason – for a fee; even boasting that their activities are against the ToS (“Is this against SecondLife’s TOS? You bet!” screams their FAQ).

All-in-all the evidence – to those outside – is damning. One would hope that it is enough for Linden Lab to take the appropriate actions, and sooner rather than later.

It’s not even as if this is a sheltered incident. Over the past week, locating and stopping so-called “alt detectors” has become something of a game of whack-a-mole; and poor Soft Linden has been the one stuck at the machine clouting heads:

  • Following the changes to the Community Standards, the creator of Quickware Alt Pro, another device intended to links alts, tried various methods to circumvent LL’s revised position on sharing information gathering within Second Life – efforts which eventually earned him, at least one of his Alts and his device a ban from Second Life
  • Following this, the imaginatively named “Jacks Sparrow” of “Sparrow Industries” popped up with another “alt detector”, quickly pressed into use by those looking to replace RedZone, as Theia Magic reported at the time
  • At the same time, a further “alt detector” turned up on the Marketplace, made by one “Gzoa Resident”. Whether genuine or simply an attempt to cash-in on the perceived need for such Right now, technical  tool, the device was pulled by LL after multiple ARs were filed.

So three systems in a space of days, collecting and sharing data; tip of the iceberg, anyone?Meanwhile, Gemini CDS is still very much out there, collecting data. Who knows what else is out there?

And here is where the system falls down at present: Linden Lab have only proscribed against the sharing of collected data. This really isn’t the issue; the issue is the collection of said data.

As the hack of the Emerald database showed, just before the entire Emerald thing blew up around a year ago – as this RedZone situation demonstrates now – allowing anonymous individuals across SL to quietly gather data and funnel it out of SL into their own databases and servers is unacceptable in it present form. It either needs to be outlawed entirely, or steps need to be taken to ensure people are both aware of what is about to happen and have a means of preventing it from happening prior to any attempt at gathering data being made. And this needs to be properly backed up by a clearly-defined Privacy Policy intimately hooked to the Terms of Service such that anyone found to be either circumventing the “right to decline” or using the data other than for its intended purpose will be immediately banned from Second Life.

Reactive efforts – as mighty and as welcome as Soft Linden’s exploits have been (the man has been a hero in this entire situation) – are now not enough.

Even on its own, the RedZone situation, as this news spreads, is going to severely dent people’s confidence in Second Life as a platform and further shake users’ faith that Linden Lab has, as far as possible, got their back covered when it comes to reasonable expectations of privacy.

In a week when RedZone has continued to rock the boat, when Gemini CDS has begun to emerge as still being in widespread use, when Quickware, Sparrow and the “Gzoa” items all pitched up / got whacked, LL remained stubbornly silent on matters, other than Soft’s lone voice on the JIRA (and who out of the majority of SL residents, study the JIRA regularly?). At the same time, multiple questions around RedZone and alt detection raised on the new Community Platform were shut down – hard.

Within Linden Lab there has always been something of a permissive attitude towards many things. Frequently, it’s taken a court case or two to shake the company out of lassitude. People point to Philip Rosedale as the “cool dude” and cite things like “West Coast attitudes”; the Lab itself talks in terms of the (iteself ideological) “Love Machine” and the hippy-ish “Tao of Linden”. They make for really good human interest reads; they make for cosy employee feelings. They frame the Rosedale dream and vision of Second Life.

And they need to stop.

Whack-a-mole is no longer an option – if it ever was. Linden Lab have been trying to a good number of years now to get the platform taken seriously. Unless they grab this particular nettle properly and excise it from their lawn, they are not only going to further damage the credibility of the platform to the world at large, they risk tearing the community itself apart with suspicion and doubt.

People are already avoiding the use of media in their viewers; and while Sione Lumo’s Media Patch is gaining wider acceptance in the Viewer community, the fact is  – again, as I keep on hammering – technical solutions are not the key. Not only are they potentially hard from the non-technical community to grasp, they are a potential threat to the economy (no media = no live music) and they are a challenge to all the little skiddies out there who see such tools as something to be “gotten around”.

Linden Lab need to make a stand. Now. They need to stop with all the Ta0y lovey-dovey. They need to straighten out the ToS and the Community Standards and get themselves a fully-rounded Privacy Policy that completes the triangle. A Privacy Policy that, rather than simply trying to absolve them of any blame if Things Go Wrong, actually sets out the expectations of privacy their users can reasonably expect when signing-up to their service. They need to eliminate contradictions in the ToS around sections 4.3 and 8.3.

Idealism had its place once, back when Second Life was starting out; but the fact is, if the company really wants to be taken seriously, if it really wants to try to leverage the likes of Facebook and the rest, then it needs to do more than simply looking like it means business.

It needs to start acting that way as well – not least where the user base is concerned. If they don’t then Second Life runs a serious risk of being ever-increasingly marginalised as viable platform, and will haemorrhage users as they leave to join those platforms that demonstrate a willingness to meet their expectations.

Why I’m pissed at RedZone

Posted on by Inara Pey

Yesterday, while in-world, I was in IM with a friend, and I mentioned developments regarding the RedZone farrago. The question that came back, after I gave a 3-line summary, was: “Why are you hung up on all this?”

The question wasn’t followed-up with the usual “but IP Addresses are public, blah, blah,” (irrelevant), or simple platitudes  – it was a question to why it affects me so deeply, given I tend to move around SL without the benefits of media anyway (doubly so now, as my friend knows – as does so herself).

To be honest, the question gave me pause. Why am I so all-fired angry about RedZone and Quickware and the rest? Drama is a part of being in SL, and the very nature of the platform means it will always bring out the worst in some people – so why let it get so under my skin?

Well, simply put, because the platform does enable people to abuse one another so readily. RedZone is created by “zFire Xue” – but who the hell is “zFire Xue” – other than (to you and me), a totally anonymous individual who – ironically – hides behind avatar anonymity while trying to “out” you and I in terms of linking out avatar details with our RL locations.

Worse still is the loudest proponent of RedZone, someone who bangs on about his “right” to use it, denigrating all who oppose his as “griffers”, revels in his ability to create mischief – and yet hides behind the veil of the anonymous pseudonym “Crackerjack”. That such people are empowered by their anonymity (and fail to see any contradiction between their own use of pseudonyms while seeks to “out” others), and use it as a weapon against others on the grid pisses me off.

While Linden Lab have responded  – are responding – to this latest situation, I’m also equally pissed off with them.

Security within Second Life has always been lax; while there have been many (and very excellent) reasons for opening up things like the Viewer to open source, encouraging in-world development, looking towards potential business uses of the platform, the Lab has always taken a far too simplistic approach to matters, trying to having a all-in-one solution (the main Grid) attempt to meet a plethora of markets and uses they’ve repeatedly scampered after.

As a result, they’ve been lax in properly identifying the risks to security and privacy inherent in many of the decisions they’ve made, and policy and terms of service have been left woefully ineffective when it comes to dealing with serious concerns. Again, one only has to look at the contradictions in ToS 8.3. and 4.3 with the RedZone farrago to see how contradictory their own legal documents are in these matters.

It has always been this way; I have no idea if it is “west coast culture” (as some claim), or the “Tao of Linden”, a complete lack of concern (so long as the dollars roll in) or pure ineptitude that repeatedly prevents Linden Lab grabbing issues such as this by the balls and simply doing the right thing and stopping it. What I do know is, it is wearing people down. People have left SL over this latest controversy. Others are giving up and retrenching, reducing land holdings, minimising their financial exposure and the rest, simply because the Lab fail to grasp the nettles in their backyard and remove them.

Even now, with a revision to the community standards in place, we’re still seeing creators of these scanning tools working hard to try to get past the ToS, the new media filters and the likes; yet they continue to request ARs on a case-by-case basis.

Many reasons have been theorised as to why this is the case – but the fact is, as I’ve said elsewhere, technical solutions ain’t gonna solve this problem – or any other problem where users within SL get an elevated sense of entitlement they believe allows them to violate the ToS (or indeed, simply come up with a flim-flam system that appeals to those with such a false sense of entitlement in order to get them to part with their cash). If this issue is to be resolved, it’s going to require a clear-cut policy statement from Linden Lab. Period. It’s a policy statement that has got to be enshrined as a part of the ToS, and put up in lights for all to see. It needs to a clear Thou shalt not backed by the unequivocal reality of permabans.

And if we’re honest here, the RedZone situation has more than demonstrated what needs to be done – yet all we get is a token (and unadvertised) change to the Community Standards relating to the sharing of gathered data; not its collection.

And this is another reason I’m pissed off: tools like RedZone already have the potential to allow sick minds to start profiling avatar movements. RedZone even has a HUD users can wear that has the potential to gather information on avatars they encounter. Even with the “sharing” aspect being “disallowed” under the CS, these tools could still be used to gather information – and make it available outside of SL – for those wishing to stalk, spy and grief, as I mentioned in my original post on this matter.

We need a policy that simply outright bans the use of such tools unless used in very tightly proscribed circumstances. Don’t get me wrong – I’m pleased that LL have made some moves on this matter; it’s great that they are adopting the media filter. But unless and until they draw up a clear-cut policy on situations like this, the problem isn’t going to go away, and more and more innocent users are going to fall afoul of those who would prey on them.

And that brings me to the core reason why I’m so “hung up” on RedZone. Last night, after my friend had asked me her question, I dived into the ongoing discussion on the subject over at SLU, and I read this:

“Well I haven’t logged in a while over the head of all of this. It’s hard to be fancy-footed and carefree, skipping to whatever music is playing when in the back of your head you’re wondering if you’re being scanned or if there’ll be an argument just around the corner. Shouldn’t worry too much I know but sometimes we’d just like everything to be perfect in the world if only for a moment. Forlorn hope possibly and no doubt a little rose tinted but imagination brings those expectations for me in SL and hope is such a hard one to let go of.

“I’m even downloading the Windows SDK to build snowstorm just so I can get some of that nirvana back sooner rather than later. And no, I’ve very little clue what I’m doing other than following outdated wiki pages and scouring snippets. I hear ‘geek’ is the new sexy so it may serve a purpose in the end.”

This simple statement cuts to the heart of the entire matter: Second Life should be a world where our imaginations can be set free, where we can feel secure enough to wander, explore, enjoy, experiment and simply be without the constant worry of who might be lurking around spying, scraping, scanning and pawing at us. Of course, we cannot ever be totally secure – you don’t even get that in real life – but we should have the confidence that those who effectively provide and safeguard Second Life – Linden Lab – are actually ensuring our safety as far as they possibly can.

But they’re not as yet, and their track record suggests they won’t. That hurts people such as the poster above. It hurts you and it hurts me. And that’s why I’m so “hung up”.

Master accounts

Posted on by Inara Pey

This idea is not new. Indeed, even now, I’m coming to it later than others, like Ciaran Laval, who posted at the end of last month on the subject. But it is worth repeating here.

Second Life needs Master Accounts

This idea was first put forward a good while ago, under JIRA MISC 2222. Argent Stoncutter has revamped it under JIRA SVC-6212. This idea has significant benefits for personal security, and general SL use:

  • Accounts could be gathered under a single master account, which instead of logging you directly into SL, allows you to select which avatar you wish to use under that account, as Argent explains: so for example instead of logging in as “Argent Stonecutter”, I’d log in as “Argent007” or something that isn’t actually published… and then picked my “Argent Stonecutter” alt from a pulldown.
  • This master account would be far more secure, as the account name would never be publicly seen – once an avatar name is selected, the avatar’s name is all that is visible. Thus, accounts would be better protected from hacking (at the moment hackers already effectively have your account user name (avatar name) – and so are off to a head start. It’ll also reduce the overheads needed for overall account and password management for both the user and LL.

Potentially, the benefits go a lot further than this:

  • Linden dollars could be held in terms of the Master Account, regardless of which avatar buys them – and thus available to all avatars under that account, without the need to transfer funds between them
  • Inventory could be potentially linked to the Master Account, and also made available to all avatars under that account, with content creators capable of setting permissions so that items cannot be shared between Master Accounts
  • Age and account verification are simplified: verify the master account, and all avatars under that account are “automatically” verified.

The master account could be structured in such a way that there is a limit to the number of alts that can be created under it (perhaps, as a finger-in-the-air-figure: eight alts per master account), together with a limit on the number of “free” master accounts which can be created per user.

While this would not stop those determined to create mischief on the grid (griefing and copying), it could help reduce the need  / drama around sensitive topics such as “alt outing” as exemplified by the recent RedZone farrago: LL can ban by master account, instantly banning all avatars under that account.

Indeed, this could be extended into things like estate and land tools, helping land owners ensure, again, that a parcel / sim ban against one avatar is automatically (and invisibly as far as the land owner / sim owner is concerned) applied to the avatar’s master account, thus blocking all alts associated with it.

The idea is one, as I’ve mentioned, that has been raised before, only to remain in limbo. JIRA SVC-6212, however, seems to have traction in LL, with Yoz Linden commenting:

We would dearly love to have unified account ownership, for several of the reasons already outlined. However, do bear in mind that it would require significant changes to many parts of the infrastructure, especially in the billing systems. That’s not to say it’s not going to happen; on the contrary, we’re actively trying to move in this direction. Just saying that it’s noted, we agree because we’ve wanted something like this for ages, but it’ll take a while.

Given all the recent heartache and upset that has surrounded RedZone, I would strongly urge everyone to get over to the JIRA and support (watch) SVC-6212.  It stands to benefit every single person using SL.

Not community spirited

Posted on by Inara Pey

Well, it’s been less that 24 hours, and already the forums in the new Community Platform are heading towards an Epic Fail.

As I noted yesterday, the new Platform fails to include a General Discussion topic area, recalling what happened by when the JIVE environment first came along.

It seems that in LL’s case, history does repeat itself: threads requesting a GD area have been closed off, with a message from Amanda Linden:

“Hey all, I wanted to address the “General Discussion” Forum question that has come up. Our goal with the Forums is to keep them as focused and constructive as possible. Although General Discussion no longer exists, we’re always happy to create new Forums when the need comes up. That’s where the Forum Feedback section is critical. We’ll be watching it closely and adding new topic-specific Forums over time.”

Yes, history does repeat itself. What’s worse, it reads as fudged censorship.

Over and above that, it has led to the forums rapidly turning into a mess of threads and discussions all over the currently assigned topic groups.

As something that is supposed to invite and encourage communications, I’d say things are off to a rough start, with many already dismissing the new Platform as little more than a means to discourage open discourse / any negativity about Linden Lab.

A sad mentality…

Posted on by Inara Pey

Throughout the entire RedZone farrago, there is a sad mentality demonstrated among some of its most ardent followers.

On the one hand, they are paranoid about “copybotters” and “griefers” to the extent that they are willing to utilise a tool that is both flawed in concept and execution, as one of their own members points out:

Yes… it doesn’t work.

Rather than admit this, they get quite rabid in their postings concerning all of us who have genuine grounds for concern over the use and potential abuse of this tool: we’re vilified as being “copybotters” and “greifers” [sic] ourselves; we’re accused of being duplicitous and misleading.

Then on the other hand, in a stunning display of duplicity which (unsurprisingly) seems to escape them, they themselves remain unwilling to be honest and open about their use of RedZone and what it actually does, preferring to avoid, obfuscate or simply omit.

For example, when discussing the use of RZ at the sim level, Sylla Rhiadra suggests the sim owners should put up notification that they are using RZ so that their visitors may make an informed decision as to whether they in fact wish to enter the sim:

“Welcome to XXXXX! Please note that to remain in this sim you must consent to a scan that will load publicly available information about your avatar, including your avatar name, your IP address, UUID, and status of payment information, on to a third-party web site outside of the jurisdiction of Linden Lab or its ToS, where it will be stored and collated against the IP addresses of other residents in order to determine what other accounts employ the same IP address as yourself. Please note also that inclusion of your information within this database may result in you being banned from RedZone-using sims that have banned any account using the same IP address as you, and that, moreover, the names of your avatar and any others employing the same IP (including any of your alts that have been scanned) may be revealed to individual RedZone users if anyone using the same IP address as you consents to the release of this information. To gain access to these names yourself, you must purchase a copy of RedZone, currently retailing at L$3,999. Failure to consent to this scan witihin 6 seconds will result in the ejection of your avatar from this parcel.”

However, Bunderwahl Guisse replies that all that is needed is a message such as:

“Welcome to Dark Alley! [his roleplay sim, which does use the RZ scanner] We use RedZone for your protection. RedZone is a Tos compliant security tool that helps make sure you will not be harrassed [sic] or stalked during your visit.”

Leaving aside the fact that the term “Tos complaint” is highly questionable – suggestive as it is that Linden Lab themselves have vetted the product and given it the all-clear – the “revised” text from Mr. Guisse once again completely avoids mentioning precisely what RZ does, preventing his visitors from making any form of informed consent as to whether they want to run the risk of having their personal information exposed on an insecure, non-Linden database.

It’s also ironic that he claims RZ will ensure his visitors “will not be harrassed [sic]” when if, anything, it is a tool that can allow the unscrupulous to do precisely that.

However, the most revealing thing about Mr. Guisse’s attitude, and those of his ilk using RedZone and attempt to hide its use is this: the fact that they are willing to go to these lengths indicates they are fully aware that honest transparency about the tool they are using will kill their trade stone dead, because no-one will be willing to accept the realities of RZ if presented to them in terms as suggested by Sylla – and remain on their sim.

You’d think that realisation would be enough to get any rational, clear-thinking business person to consider removing the tool altogether and replacing it with something that, while it may require a little more work on their part, will not run the risk of scaring customers away.

But no. These people would rather keep the tool safely hidden and act in a completely dishonest manner towards their customers, clients – and friends. Worse than that, they’ll continue to regard the rest of the community with a mix of rampant paranoia and misplaced belief in their own “rightness” that will, in the end…destroy their own businesses.

People aren’t fools, as Jeggs in the screen shot above notes. The word will out – indeed the word is spreading. I’m persistently banging on about it here just as others are elsewhere – some in the most humorous of ways will still getting the message across. RedZone is a hot topic on Twitter and elsewhere. More and more Groups are spreading the word on the invasive nature of the tool and (potentially equally importantly), the unethical nature of its creator. May content creators who initially used the tool have now withdrawn it from use – some very publicly, as with RedGrave Skins, who sent out an apology to all 1500+ members of their product Group.

It is not as if there are not already tools available to them that could replace RZ, as I’ve stated elsewhere. They’re not even willing to participate and support JIRAs that could potentially strengthen their arsenal when dealing with griefing and the like.

This being the case, those who persist in hiding their use of RZ and trying to whitewash what the tool is and how it works will become the pariahs of SL. Their sims and stores will be avoided (many are already blacklisted) – and they’ll have no-one but themselves to blame.

Not that they’ll see it that way, of course.