Tag: Imprudence

TPV: First casualty

Posted on by Inara Pey

imprudenceImprudence issued a statement earlier this week that they are withdrawing from Second Life as a result of the Third Party Viewer (TPV) Policy. In the statement, they set out their reasons as to why they are withdrawing, pointing to clauses 2b, 4a(i), 4b(iii), 7a and 7d, and 8c and 8d as being “unreasonable”.

Having gone over the TPV a number of times, I have to say I find Imprudence’s position for the most part hard to understand, as their interpretation of four of the clauses then mention seems to be wilfully subjective and misleading; while their reaction to two more of the clauses seems to lack any professional clarity of thought.

Imprudence state that (4a)i, (4b)iii, 8(c ) and 8(d) require us to promise to obey Linden Lab’s every future whim and that as such, the Imprudence team are unwilling to make such broad promises, not knowing what they may request.

This is a very sweeping statement, with Imprudence further claiming that 8(c) requires that they agree to stop using or distributing the viewer at Linden Lab’s request and that 8(d) requires that they agree to add, modify, or remove parts of the viewer at Linden Lab’s request, within a time frame dictated by Linden Lab.

However, these claims can best be described as over-exaggerated. Here is what clause 8c actually states:

If a Third-Party Viewer or your use or distribution of it violates this Policy or any Linden Lab policy, your permission to access Second Life using the Third-Party Viewer shall terminate automatically. You acknowledge and agree that we may require you to stop using or distributing a Third-Party Viewer for accessing Second Life if we determine that there is a violation.

Note my emphasis: the qualifier is clear. If a third-party Viewer breaks the TPV Policy, the Linden Lab require it no longer access Second Life. This is far short of Imprudence’s blanket assertion that Linden Lab require they “agree to stop using or distributing the Viewer” – a denial of access to Second Life clearly does not prevent them from continuing to distribute their Viewer for use on OS Grids, etc.

Similarly, clause 8(d) states:

If you are a Third-Party Viewer Developer, you agree to provide any content, data, executables, or for Third-Party Viewers based on our viewers, any source code that we may request to verify compliance with our policies, licenses, the GPL, or the law. If we believe that your Third-Party Viewer is not in compliance, we may request that you add, modify, or remove features, functionality, code or content, and you agree to comply with the request within a reasonable timeframe specified by Linden Lab.

Again, note the qualifiers I’ve emphasised. There is really nothing unreasonable here – if you wish to play in Linden Lab’s sandbox – which, by connecting to their servers and services a Developer is in fact doing – then sorry, Linden Lab have the right to ensure, so far as is possible (or, as I’ve stated elsewhere, give the perception they are ensuring) that your code does not constitute a threat to their services in and of itself  (excluding, obviously, mods any user introduces – which the Developer should again be able to prove relatively easily via the provisioning of their own source code).

Similarly, it is hard to see why Imprudence should be so upset of clauses 4a(i) and 4b(iii). Clause 4a(i) refers  to data received from Linden Lab’s servers – data for which Linden Lab has certain legal responsibilities (likely to be both State and Federal in nature (such as data privacy laws). As such, their various policies, terms of service, etc., must reflect such requirements  – and by extension, they need to ensure (or again, give the perception) that they are doing all they can to ensure that this data is protected when used by the software connecting to their servers.

Similarly, clause 4b(iii) relates to the protection of user data and makes a perfectly reasonable request that third-party developers take steps to ensure such data is kept secure when passing through their systems (and remember, if you use their Viewer, your login information, etc., goes through their servers). As such, it is in Imprudence’s best interests to ensure such data is protected at least to the same degree as on the Linden Lab servers. It is hard to see Linden Lab being so stupid as to issue requests for user data protection that exceed their own, and frankly – one would hope that Imprudence already have the necessary safeguards in place to ensure the data is as secure as possible.

Given that both these clauses relate to potentially sensitive data, I find it hard to accept that Imprudence, as responsible code developers would find a request to take reasonable steps to protect such data objectionable.

Indeed, in this, I find Imprudence’s own assertion that If and when Linden Lab makes any request of us, we will use our own judgement to decide how best to handle that particular request to be at least as presumptive and arrogant as anything in the TPV – even to the point of suggesting that if they see little need to protect user data, then that is their call, and nothing to do with either Linden Lab or the users of the Imprudence viewer.

Frankly, when all four of these clauses are viewed in their proper context, it is very hard to see how any professional software developer would find them in and of themselves reasons to reject the TPV Policy. That the Imprudence team opt to refer to the clauses somewhat out of context and apply highly subjective interpretations to them suggests that it is the thinking at Imprudence that is at fault, not the thinking behind the policy itself.

Clauses 7a and (d) have been the source of much wailing and gnashing of teeth across the Viewer development community, but again – as I’ve previously said – it is hard to understand why. While 7(a) is indeed poorly worded, and unnecessarily mixes Viewer use with Viewer development – there is absolutely no reason why the entirety of Section 7 of the TPV cannot be handled by a Viewer developer issuing their own EULA as a part of the distribution / installation package. A responsibly written EULA would clearly protect the developer for undue liability, and wouldn’t be in violation of GPL.

Certainly, it is what Kirstenlee Cinquetti has already done with her Viewer – and I’m pleased to see at least one voice of reason on the Imprudence website has raised the same point.

Which brings us finally to clause 2b. And here Imprudence have a point. As stated, the TPV Policy effectively restricts the export of content from SL to the creator. Period. If the user’s name is not on every prim, every animation, pose, script, contained in a linkset or whatever – then it isn’t going to be exportable.

This does – to be fair – read as overly restrictive. As if one is to remain fair, the clause seems to be less related to preventing content theft as it is about preventing “valuable” content being removed from Second Life per se – which LL have always looked less-than-favourably upon. Frankly, it is hard to fully justify LL’s stance on limiting content export so tightly: this automatically disallows the export of Group-created content for the purposes of back-up, and also disallows the export of content created by one person but sold under a license agreement to another. As such, I can see Imprudence’s concerns – just as I can see the issue LL face in trying to invoke the perception of protecting people’s creations when given the crudeness of the ownership / permissions system.

I doubt Imprudence will be the last of third-party developers to walk away from the Second Life sandbox. Each one that does will be a loss to the community to some degree, to be sure. How many do so on the basis of rational thinking as opposed to acting in a fit of pique, however, remains to be seen; and I have to say that having gone through the stated reasoning behind Imprudence’s move, I do feel it is a case of pique getting the better of them.