Re-entering the RedZone: the JLU

Controversy has recently been growing (yet again) around the so-called Justice League Unlimited within SL. This is a group of self-styled “law-enforcers” that has long been active in-world, supposedly protecting the innocent against dirty wrong-doers, with their avatars garbed in comic book superhero outfits.

Leaving aside their explicit violation of a certain comic book publisher’s IP rights – this group has long had a less than stellar reputation, and is not above overlooking inconveniences to their “duty” such as the Second Life Terms of Service. Evidence is now emerging that the JLU are (again / continuing to be) involved in RedZone-like data-gathering – and going a lot further in the process by attempting to put together dossiers on anyone in-world they consider a “threat”.

Avril Korman has written an excellent piece on the JLU’s activities, and it is a recommended read. For those that feel the same level of concern for the JLU’s activities as they did with RedZone, there is also an on-line petition aimed at Linden Lab to have the JLU’s activities properly scrutinised. You may also wish to consider adding your own e-signature.

Additional Reading

Update – 2nd September

Redzone: closure of a sort

As headlined by Tateru Nino, the RedZone farrago both returns and gains a measure of closure.

Michael Stefan Prime (Aka TheBoris Gothly and Zfire Xue) – identified as the man behind the RedZone tool by other SL users – has been remanded into the care of US Marshalls and a four-month prison sentence after pleading guilty to four out of seven charges of parole violation, specifically:

  • Associating with Shawn Cahill, a three-time convicted felon, in violation of standard condition 9 that he not associate with any person convicted of a felony.
  • Failing to allow the U.S. Probation Officer to inspect any personal computer owned or operated by the defendant in violation of the special condition directing him to do so.
  • Failing to notify the U.S. Probation Officer of all computer software owned or operated by the defendant in violation of the special condition directing him to do so.
  • Beginning employment without prior approval by the U.S. Probation Officer, working for cash, and engaging in employment that did not provide regular pay stubs in violation of the special condition directing him to do so.

Interestingly, as recorded in court documentation, the prosecution moved to dismiss three other violations when Prime pleaded guilty and waived his right to any evidentiary hearing relating to the four charges above. The three additional charges comprised:

  • Committing the criminal offence of Possession of Stolen Property 1st degree on or before March 23, 2011, in violation of the general condition that he not commit another federal, state, or local crime.
  • Committing the criminal offence of Trafficking in Stolen Property 2nd degree on or before March 23, 2011, in violation of the general condition that he not commit another federal, state, or local crime.
  • Associating with Shana Bobo, a three-time convicted felon, in violation of standard condition 9 that he not associate with any person convicted of a felony.

The first two of these charges relate to earlier convictions against Prime, although it is the third charge, relating to one Shana Bobo, that is liable to generate further speculation among SL users who have followed this case and the entire RedZone situation, given Prime’s involvement with a female SL user at the time of RedZone.

Details of the original case against Prime, which lead to his imprisonment and eventually the violation of the terms and conditions of his parole as a part of the entire RedZone affair, can be read on-line.

There are still issues surrounding this entire sorry affair – not the least of which are vulnerabilities within the Second Life software environment and the fact that four months down the road, Linden Lab still have yet to incorporate the Media Filter code that is readily available in all responsible TPVs, which can warn users of a potential threat to their privacy.

However, as far as RedZone itself is concerned, this will hopefully see closure brought to that particular sorry affair without people feeling the need to dig further into this individual’s past and engage in trial-by-forum, which came to undermine much of the good work carried out to try and stop such exploits and identify in-world sims where people could find themselves open to data-scraping by the RedZone tool.

The Privacy Zone

It is now some 20 days since the RedZone farrago came to an “end”. While that tool has now gone from Second Life, the wider issue of people’s right to a reasonable expectation of privacy while using the platform remains wide open – and Linden Lab remains resolutely silent on the matter.

Some might argue that the reason RedZone was removed isn’t important; it’s simply enough that it was eventually taken down. But the fact is, we do need to know why it went; was it finally considered to be in violation of the Terms of Service (ToS), or was it simply that the signal noise from the community reached a pitch where removing the device was viewed as the most expedient means of getting everyone to quieten down?

Beyond this is the fact that RedZone was not the only system grabbing information; some have been removed, others haven’t. Gemini CDS is still in use, for example; whether it is capable of account matching or not is irrelevant – it is sending information to a database under the control of a private individual outside of SL. Together with LL’s relatively low-key toughening of the Community Standards, it sends the message that the non-consensual havesting of user data – including that which might be regarded as “private” – for whatever purpose, is perfectly OK.

“Privacy is not something that I’m merely entitled to, it’s an absolute prerequisite” – Marlon Brando

While it is true that some link real life to Second Life as a natural part of their work, hobby or whatever, the vast majority are involved in SL as a means of stepping back from the realities of life and indulging themselves – and anonymity is important to this ability to do so. This point seems to be lost on the likes of Hamlet Au, with their constant (and completely inaccurate) cry that it is avatar anonymity that is “holding back” Second Life.

Even where people do link real life information with a Second Life account for business or other professional reasons, they may also wish to use alternative accounts to explore opportunities, activities and lifestyles that might cause them untold embarrassment if known to peers, family or friends. As such, there needs to be firm Chinese Walls between the accounts they create, and an assurance from Linden Lab that it is doing all it can to maintain those walls.

In short, any linking of real life to Second Life should always remain a matter of choice for the user, and never something thrust upon them by Linden Lab – and it should never be a matter of covert linking carried out without any form of explicit formal consent.

“The first duty of government is to protect the citizen from assault. Unless it does this, all the civil rights and civil liberties in the world aren’t worth a dime.” – Richard A. Viguerie

Linden Lab’s response to RedZone has been weak. There has been no public clarification of what will and will not be tolerated in terms of data harvesting within Second Life. While section 4 of the Community Standards now includes a reference to the sharing of avatar account information, it misses the point entirely – possibly deliberately so.

Attempting to regulate the sharing of data is about as effective as shutting the stable door when the horse has not only bolted, but is sitting on an exotic beach somewhere enjoying a quiet cocktail in the sun. Once data has been successfully culled from Second Life, then there is no way Linden Lab can prevent it from being howsoever those gathering it desire; and as RedZone ably demonstrated, when it comes to private individuals gather said data, it can never be assumed they are doing so with any honourable intent. Ergo, the issue is the gathering of such information in the first place that must be addressed.

Of course there are times when some information needs to be made available elsewhere – as the Linden Lab privacy Policy explains, certain services require data to be passed elsewhere in order for users to benefit from those services. There are even arguments to be made for LL pushing things like Profiles out to the web not only to ease server loads elsewhere, but to enable them to draw on possible advertising revenues through the use of the space on Profile pages. This is all understood and accepted.

What is not acceptable, however, is allowing people to attempt to drill through the existing Chinese Walls simply because it can be done (due to weaknesses in the Viewer software), or as a result of some unsustainable excuse (“the existing security tools aren’t good enough” – a weak excuse used when in fact someone is unwilling to take the time to use said tools properly, as this would inconvenience them far too much).

“I believe in a zone of privacy” – Hillary Clinton

A zone of privacy must exist for users of Second Life in order for us all feel confident that activating one aspect or another of the Viewer’s features is not going to end up in something unpleasant happening – or that we are being spied upon or possibly stalked.

While it is fair to say that no-one expects anything to happen overnight, the fact remains that time is passing – time in which Linden Lab have had the opportunity to do more to reassure the user community that they are in fact working to give each and every one of us a reasonable expectation of privacy. And yet, as it stands:

  • The Media Filter is still not available in Viewer 2, despite the code being available to Snowstorm for nigh-on a month. Instead we have bouncy bits; and while these may have a short-term “wow” factor, as soon as the code is available in the likes of Firestorm and Dolphin 2, which do have the Filter code, people will quickly switch away from Viewer 2
  • JIRAs such as SVC-6751, SVC-6793, and VWR-24807 – all common-sense measures to help provide areasonable expectation of privacy remain unassigned
  • Sections 4.3 and 8.3 of the ToS remain somewhat in opposition to one another
  • The Community Standards remain vague and the Privacy Policy barely offers any firm comfort to users in terms of safeguarding privacy.

It is understandable that the last two of these bullet points will take time to resolve – assuming they are being worked on at all. But given all that has happened around RedZone, keeping silent or avoiding the JIRAs and pushing back on the Media Filter – even as an interim solution – does not give any kind of indication that LL take people’s privacy seriously.

Frankly, people need the assurance that Linden Lab will not tolerate:

  • The creation, distribution and use of any device that seeks to link and / or make available information on alternative accounts by any means, either directly as an in-world device, or via any method using the Second Life Servers or via transmission to any third party database or server
  • The creation, distribution and use of any device that seeks to link avatar accounts with other ancillary information related to user accounts, such as IP addresses, for the purposes of alternative account detection or which may be considered by Linden Lab to infringe on the privacy and security of other users.
  • That such infringements of privacy include the subsequent distribution of any gathered information, either directly (by providing online access to the data) or indirectly (through the transmission of the data to any devices held in-world).

People need to see this enshrined in the Privacy Policy and linked to from the ToS. Beyond this, they need to have the assurance that both the gathering and the sharing of any information relating to their accounts over and above that which is available within the bounds of SL cannot take place without their explicit consent.

Privacy is extremely important for anyone putting themselves out there, expressing themselves, or expressing a side of themselves through an avatar. People don’t want other people to connect the dots from their avatar to their real life person – or even, for that matter, to an alt. One of the ethical obligations we have is to protect people’s privacy.”

– Rod Humble to Dusan Writer, 12th Feb, 2011.

In an age where people’s right to privacy is increasingly being looked upon disparagingly – often by those who will go to great lengths to protect their own privacy – Rod Humble’s comments to Dusan Writer have considerable resonance among the Second Life community. It’s really about time that Linden Lab gave some indication they are taking this position to heart – not just with regards to integration with Facebook or whatever – but in giving us the fundamental assurance that our privacy when in-world is being duly safeguarded.

Further Reading

zFire Xue gone

The account belonging to zFire Xue, creator of RedZone, together with at least one of his alts, “theBoris Gothly”, has gone from Second Life.

So to have the contents of zFire’s store. The news came at around midnight, UK time with posts appearing both in the ever-Epic SLU Thread and people Tweeting on the matter as well.

As the news spread, people started heading for the sim where zFire had his shop – and sure enough, the place was empty.

So – is this a cause for celebration? Is the great hoo-haw over and done with?

Well…sadly, no.

Sure, there is some reason to celebrate; RedZone has been the focus of a lot of effort, and deserves a moment of celebration; but the fact remains that at the time of writing:

  • Certain locations across the grid were apparently still running RedZone
  • RedZone remained available on SL Marketplace
  • Others whom seem to be involved with zFire Xue remain active in Second Life – indeed, one such individual ejected the 30-or-so people checking over zFire’s shop…

That the product is still on the Marketplace could be down to nothing more than a delay in getting things sorted over at LL. That those associated with him have not gone could be down to just that – they are associated with him and his device, rather than clearly and unequivocally part and parcel of its creation or a part of selling it directly in-world or via the Marketplace (where zFire Xue used his “TheBoris Gothly” alt). That RedZone devices are still appear to be functioning in-world is again a little confusing: unless purging them from the LL servers is taking time as well.

Assuming that zFire has gone, and that RedZone is to be removed from the Grid and the Marketplace, than there is cause for celebration to a point. However, the media exploit still exists, there are other devices still out there, and so there is still more work to be done.

Addendum 16th March 16:45

A further quick tour of sims known to be using / hiding RedZone showed that none of them caused a media filter alert of any kind that pointed towards the RedZone URL, or anything of suspicious concern.

Elsewhere it is reported that RedZone devices have had scripts pulled from them. Given that RedZone users were previously instructed by zFire to move the scripts from his own device to prims of their own making, this would seem entirely logical: zapping the scripts would be more effective that simply pulling devices tagged with zFire Xue as the creator.

zFire Zue himself went on the warpath prior to his ban from SL (the interview took place on the Saturday prior to him being banned, but was published – ironically – on the day of his ban), and indicated a potential link between himself and the Knights of Mars, a vigilante group that can allegedly  – and for a fee – get any user banned from SL. Given his companions are still involved in world, some are speculating on whether this matter has entirely closed with regards to RedZone.

Restoring confidence

Just how widely known is the RedZone issue?

One could argue that it is constrained to a few hundred people – the Greenzone group, those that blog about the situation and those that participate in or watch the SLU Epic Thread. Many are involved in all three, making the count apparently smaller.

However, go in-world, and it is clear that a lot of people are aware of the issue. Talk comes up in Groups, Notecards are being distributed, advice given, and so on. CouldBe Yue, a long-time resident is spearheading a Twitter / Facebook campaign to make sure the word on issues of privacy is spread outside of Second Life itself – and is in full view of Linden Lab employees – including Rod Humble. Whether this is advisable or not, given the aggressive tone, is hard to say. It could so easily backfire, if one is honest.

That said, Rod Humble actually took time out to make a couple of appearances of at SLU: the first to publish a couple of comments in a thread designed to poke gentle fun at him; the second to make it clear he is aware of the levels of concern by sitting in on the Epic Thread itself – not contributing, just quietly watching.

Many are getting decidedly upset that despite all that has happened, RedZone remains available in Second Life. As such, innocents unaware of all that has happened may well be getting sucked into the scam. Some are already writing Rod Humble off as a CEO; others are demonstrating more patience.

But…one thing is clear. Confidence is being hit. Privacy issues cannot be ignored. Not only do they impact individual users in terms of their enjoyment of the platform, they threaten to destabilise one of its major selling points: – the ability to enjoy rich media content and performances by live artists all over the world.

If people simply shut down their Viewer’s ability to deliver media, or repeatedly keep hitting DENY on their Media Filter, than music of any kind in SL is going to be a major casualty. As it is, determining what may be a genuine music stream and what may not, isn’t particularly easy for the non-technical. Ergo, unless some positive action is taken, there is a risk more and more people are simply not going to risk accepting unknown media streams – and could well stop going to venues and shows.

As I’ve already commented, it is time for LL to stop playing whack-a-mole in these matters.

But, what, precisely can they do? Viewer 2.x doesn’t have the Media Filter, so any public statement could, at the very least, result in people stampeding away from it to third-party viewers. At worst it could result in panic in general, a further loss of confidence and very negative tabloid headlines (“Linden Lab admits Second Life wide open to hackers and fraudsters!”).

Some have said the lack of action on RedZone specifically is due to an on-going Federal investigation. Well, this may be so; but I can hardly see the Feds saying to LL, “No, you can’t protect your users from this scam, because we need to do X, Y and Z.” Let’s face it, LL can block and ban any item or individual howsoever they like, without having to give a specific reason – and removing the items from in-world is hardly going to bring any Federal (or other) investigation screaming to a halt.

It’s far more likely that RedZone is still there because, despite all his faffing around in the past, the creator has, technically, made the device compliant with the revised Community Standards. But really, this is no longer reason to allow the device to continue in-world.

It has been established the database has been hacked; the exact status of the database is unclear data has been shared – not intentionally, perhaps, but that just makes things worse, whatever the reason for the hack.

Therefore, anyone still using the product is putting their own details and information relating to anyone else entering their land without the benefit of the Media Filter potentially at risk. Therefore, it is simply in the best interests of all concerned to ensure RedZone is removed from all in-world locations.

Right now, the longer it remains, the longer people are going to stay focused on it, and the greater are the chances that SL’s – and LL’s – reputation is going to suffer greater damage, be it through tabloid reporting or through Twitter and Facebook campaigns.

I still have faith in Rod Humble. He walked into the middle of this mess, and so it’s going to hit him hard. I would also like to believe that he genuinely believes his own comments on matters of privacy. As such, and in order to start rebuilding confidence, I’d strongly urge Rod to:

  • Have RedZone removed from the grid. Now. Whether or not it is in violation of the ToS and / or the Community Standards is no longer relevant.  The database behind it has been compromised; it is no longer clear if the database is up or down, or even under the control of the individual who created it. As such, the risk to those both using the device and those being unwittingly scanned has potentially increased exponentially
  • Made sure adoption of the Media Filter in Viewer 2.x is accelerated. Make it a priority. Get a Viewer updated out into the world with the Filter included. People can wait a little longer on things like VWR-1037, but the Filter is a must
  • Made sure the release of the Media Filter with the patch is fully and properly covered: go out and blog yourself. Explain some of the issues – no need to be alarmist – describe what steps have been taken; get Torley to give a short tutorial on the Filter
  • If you’re comfortable with it, give an indication of what, internally, LL are looking at doing in the future to further strengthen the platform.

Beyond this: make sure that you address issues around the matter of data collection. Looking at the sharing of data simply isn’t enough. Sure, there are circumstances where you’d like third-party organisations to be able to collect demographics and other information; there are also user-run services that you doubtless find valuable – as we do – such as Tyche Shepherd’s Grid Survey that need to be allowed to continue. But such cases can be ring-fenced. Checks and balances can be defined.

You have a ToS and a set of Community Standards and a Privacy Policy that stand as a triumvirate guarding the entry portals of Second Life – but they are either somewhat contradictory in terms (ToS 4.3 and ToS 8.3 being the clearest examples of this), or they simply take on a one-sided approach of safeguarding Linden Lab.

If you truly care about your users, take the time to overall the ToS the CS and the Privacy Policy and make them a cohesive set of documents that protect Linden Lab and offer your users a reasonable expectation of security and privacy as they go about their Second Lives. Be transparent. People will trust you more for doing so.

Time to end the whack-a-mole

As reported earlier, the RedZone situation has been blown wide open. However one looks at the video that was released last week, the data passed to the Alphaville Herald, and everything that lays behind them; it would appear that all roads lead back to domain and the avatar of zFire Xue.

Indeed, it now appears that zFire, in another guise, is behind the so-called “Knights of Mars”, an “organisation” promising to get avatars banned from Second Life – no matter what the reason – for a fee; even boasting that their activities are against the ToS (“Is this against SecondLife’s TOS? You bet!” screams their FAQ).

All-in-all the evidence – to those outside – is damning. One would hope that it is enough for Linden Lab to take the appropriate actions, and sooner rather than later.

It’s not even as if this is a sheltered incident. Over the past week, locating and stopping so-called “alt detectors” has become something of a game of whack-a-mole; and poor Soft Linden has been the one stuck at the machine clouting heads:

  • Following the changes to the Community Standards, the creator of Quickware Alt Pro, another device intended to links alts, tried various methods to circumvent LL’s revised position on sharing information gathering within Second Life – efforts which eventually earned him, at least one of his Alts and his device a ban from Second Life
  • Following this, the imaginatively named “Jacks Sparrow” of “Sparrow Industries” popped up with another “alt detector”, quickly pressed into use by those looking to replace RedZone, as Theia Magic reported at the time
  • At the same time, a further “alt detector” turned up on the Marketplace, made by one “Gzoa Resident”. Whether genuine or simply an attempt to cash-in on the perceived need for such Right now, technical  tool, the device was pulled by LL after multiple ARs were filed.

So three systems in a space of days, collecting and sharing data; tip of the iceberg, anyone?Meanwhile, Gemini CDS is still very much out there, collecting data. Who knows what else is out there?

And here is where the system falls down at present: Linden Lab have only proscribed against the sharing of collected data. This really isn’t the issue; the issue is the collection of said data.

As the hack of the Emerald database showed, just before the entire Emerald thing blew up around a year ago – as this RedZone situation demonstrates now – allowing anonymous individuals across SL to quietly gather data and funnel it out of SL into their own databases and servers is unacceptable in it present form. It either needs to be outlawed entirely, or steps need to be taken to ensure people are both aware of what is about to happen and have a means of preventing it from happening prior to any attempt at gathering data being made. And this needs to be properly backed up by a clearly-defined Privacy Policy intimately hooked to the Terms of Service such that anyone found to be either circumventing the “right to decline” or using the data other than for its intended purpose will be immediately banned from Second Life.

Reactive efforts – as mighty and as welcome as Soft Linden’s exploits have been (the man has been a hero in this entire situation) – are now not enough.

Even on its own, the RedZone situation, as this news spreads, is going to severely dent people’s confidence in Second Life as a platform and further shake users’ faith that Linden Lab has, as far as possible, got their back covered when it comes to reasonable expectations of privacy.

In a week when RedZone has continued to rock the boat, when Gemini CDS has begun to emerge as still being in widespread use, when Quickware, Sparrow and the “Gzoa” items all pitched up / got whacked, LL remained stubbornly silent on matters, other than Soft’s lone voice on the JIRA (and who out of the majority of SL residents, study the JIRA regularly?). At the same time, multiple questions around RedZone and alt detection raised on the new Community Platform were shut down – hard.

Within Linden Lab there has always been something of a permissive attitude towards many things. Frequently, it’s taken a court case or two to shake the company out of lassitude. People point to Philip Rosedale as the “cool dude” and cite things like “West Coast attitudes”; the Lab itself talks in terms of the (iteself ideological) “Love Machine” and the hippy-ish “Tao of Linden”. They make for really good human interest reads; they make for cosy employee feelings. They frame the Rosedale dream and vision of Second Life.

And they need to stop.

Whack-a-mole is no longer an option – if it ever was. Linden Lab have been trying to a good number of years now to get the platform taken seriously. Unless they grab this particular nettle properly and excise it from their lawn, they are not only going to further damage the credibility of the platform to the world at large, they risk tearing the community itself apart with suspicion and doubt.

People are already avoiding the use of media in their viewers; and while Sione Lumo’s Media Patch is gaining wider acceptance in the Viewer community, the fact is  – again, as I keep on hammering – technical solutions are not the key. Not only are they potentially hard from the non-technical community to grasp, they are a potential threat to the economy (no media = no live music) and they are a challenge to all the little skiddies out there who see such tools as something to be “gotten around”.

Linden Lab need to make a stand. Now. They need to stop with all the Ta0y lovey-dovey. They need to straighten out the ToS and the Community Standards and get themselves a fully-rounded Privacy Policy that completes the triangle. A Privacy Policy that, rather than simply trying to absolve them of any blame if Things Go Wrong, actually sets out the expectations of privacy their users can reasonably expect when signing-up to their service. They need to eliminate contradictions in the ToS around sections 4.3 and 8.3.

Idealism had its place once, back when Second Life was starting out; but the fact is, if the company really wants to be taken seriously, if it really wants to try to leverage the likes of Facebook and the rest, then it needs to do more than simply looking like it means business.

It needs to start acting that way as well – not least where the user base is concerned. If they don’t then Second Life runs a serious risk of being ever-increasingly marginalised as viable platform, and will haemorrhage users as they leave to join those platforms that demonstrate a willingness to meet their expectations.