Tag: SL News

LL to make “concerted effort” on content protection

Posted on by Inara Pey

Stroker Serpentine and those involved in the class action against Linden Lab over content protection have reached an out-of-court settlement with the makers of Second Life.

During a recording of Metaverse TV’s Grumpy Old Avatars, Stroker stated:

“We settled the lawsuit with Linden Lab. We settled amicably, and reasonably, and we’re anticipating a concerted effort on Linden’s behalf going forward towards content protection and the rights of content creators and at least being aware of the fact that there is a lot of content theft going on out there.”

Precisely what this means for SL as a whole is unclear. That settlement has been reached would indicate that both sides realised they had slim chances for an outright “win”. That action of some description is now anticipated on the part of Linden Lab is clear. Quite what that action will be remains to be seen.  One wonders if the shelved Content Management Roadmap may get a dusting-down; if it does, then it needs to be given a long, hard look. The first cut wasn’t that impressive.

The legal department at Battery Street seems to have its hands full right now…

RedZone and security: separating fact from fiction

Posted on by Inara Pey

The mills continue to churn on the matter of RedZone and its ilk. As such, I thought I’d pause for breath and try to sort some of the wheat from the chaff for those still confused. I’m deliberately avoiding any attempt to delve deeply into the more questionable aspects of RedZone and its data-gathering, and focus on the raw facts in the hope of illuminating the bare bones of why RedZone has little or no legitimate use in matters of security.

Myth 1: RedZone prevents copybotting

No, it doesn’t. It doesn’t even deter copybotting. RedZone attempts to identify known malicious viewers – which sounds good until you consider the following:

  • Anyone seriously engaged in content ripping (aka copybotting) knows how to hide the identity of the Viewer they are using so that it appears to be perfectly legitimate – thus RedZone cannot identify it. They can therefore create an alt, enter a sim, be scanned a “legal” and still copy items on display
  • Copybotting existed long before the Viewer was open sourced. As such, while the Viewer is the most convenient way to rip content, it is not the only means. The code for content ripping is still available to those that want to use it. There are also software applications that can be used for certain types of content theft. RedZone cannot even detect such activities – much less stop them- RedZone cannot even detect, much less stop them
  • RedZone works on the assumption that the Copybotter will actively engage in theft within the shop. Some may – and will likely avoid detection, as noted above. However, the simplest way to copy something is to legitimately buy it and then rez and copy it away from the store, rendering RedZone pointless.

So, don’t be fooled. In terms of “stopping copybotting” RedZone will be about as effective as using a wet paper bag to stop a bullet. At L$3999 a pop, that’s an awfully expensive wet paper bag…

Myth 2: RedZone prevents griefing by alts

RedZone is no better than any non-invasive (and cheaper) security tools for stopping griefing. In many respects, it is actually worse.

Much is made of RedZone’s ability to “identify alts” and so “stop griefers returning”. While this makes good reading, let’s look at the facts.

RedZone uses a method of obtaining avatar data and IP addresses (through a media stream exploit) and then compares results, the “theory” being that if two avatars have the same IP address, they “must” be alts of one another. BUT…the system ignores the fact that the vast majority of IP addresses currently in use are dynamic and can be changed frequently.

For example, I can turn my router off for 3 or more minutes, and when I power it back on again, I have a “new” IP address assigned to me by my ISP – an IP address that was previously been used by someone else possibly in the same general geographical location as me, but certainly using the same ISP.  This means that potentially:

  • *If* I were a griefer, I could avoid detection on a sim using RedZone simply by forcing my ISP to assign me a new IP address and then creating a throw-away alt.  There is a better than even chance that RedZone would not detect me, leaving me free to go about my dirty business
  • As someone who does not engage in griefing, I could be innocently accused and convicted of the crime, simply be because my ISP has assigned me a dynamic IP address that was previously associated with a “griefer”

RedZone further fails to acknowledge the existence of “block” IP addressing – such as might be used within an office building, or in an apartment block or by an Internet cafe, and so on. This means that if *one* person is identified as a “griefer” on that IP address – then all users of that IP address “must” be alts of the “griefer” – and are therefore banned.

And if that weren’t enough – RedZone does not distinguish between accounts on the same IP address. Thus, if one person in a household decides to do something silly, then can end up being banned as a “griefer”  – along with the rest of their household.

Proponents of RedZone will say this is acceptable – in other words, condone “guilt by association” – for the “greater good”. Yet all they are actually doing is potentially banning customers from their shops and patrons from their venues. Again, the genuine / serial griefer can circumvent RedZone as easily as the serial copybotter.

Myth 3: RedZone provides better land security features than other systems

No, it doesn’t. For general land security – keeping out unwanted visitors, preventing “casual” acts of “griefing”, removing troublemakers, etc., RedZone offers no more than can be found – free of charge – in the land tools available at parcel level, or at estate level if you own a sim. Using the land tools you can ensure:

  • Residents with no payment info logged with LL (directly or via PayPal) cannot access their land
  • Residents who are not Adult Verified cannot access their land
  • Residents who are not Adult Verified and have no payment information registered cannot access their land
  • Only members of your own Group can access the land.

These options alone should deal with over 99% of potential issues around security. And even if there is the occasional issue with a troublemaker, all parcels have a simple-to-use Ban List.

Similarly, griefing objects can be taken care of  simply by:

  • Restricting object creation / rezzing to Group members only
  • Restricting object entry to Group members only
  • (Worst case) restricting script running to Group members only.

These three steps alone eliminate the means by which the majority of griefers operate.

Sim owners can similarly restrict access to their sims – and in the case of residential sims, restrict access to multiple Groups if they wish, to save having everyone living on the sim a member of “their” Group.

If, for whatever reason, estate / land tools don’t work for you, then there are a number of items out there specifically developed for land security, none of which require your visitors / friends to be surreptitiously scanned. I’ll name two here, because I’ve used them for the last 4+ years at both parcel and sim level with great success:

  • Psyke Phaeton’s outstanding PDS Home Security orb – offers both parcel and sim-level solutions
  • Thomas Conover’s Land BodyGuard HUD, which provides sim-wide protection plus remote access to functions (you don’t have to be on your sim to ban someone, similarly, you can ban someone who is not physically present on the sim at the time of banning (because, say, they’ve created mischief and run away). It can be fully integrated with the SIM Radar system, if required – and both for half the price of RedZone. Find both in-world here.

These are just two systems. There are many more. All are cheaper that RedZone, and all carry out their functions without the need to covertly scan your visitors, as stated, nor do they lead to additional angst and drama over people being incorrectly accused of being alts of one another or having information about them stored on a third-party database outside of SL (which would most likely cause them considerable upset were they to be told this is in fact the case).

The facts that do count with RedZone

  • It cannot prevent copybotting. The most it can give an a false sense of security
  • It may deter the odd griefer, but not those who make griefing a habit
  • It offers an expensive solution to the problem of land security costing far more than dedicated land security tools that offer the same functionality
  • As a basic “security tool” RedZone is invasive of people’s privacy that sends avatar information to an insecure 3rd party database. As such, and given its use is detectable, all it is liable to do is encourage people to stay away from those stores / venues where it is used.

As I said, I’m not using this post to delve into the deeper and more distasteful elements of RedZone or the unethical behaviour of its creator following recent revisions to the Second Life Community Standards. These are all public knowledge. Rather, I’m hoping this post will simply give pause to those who have RedZone, or who are considering it, so they can ask themselves if it is really worth L$3999 when something costing L$750 will do the job without embroiling them in the wider aspects of the RedZone situation.

Linden Lab remove 1.2x and Snowglobe from Downloads

Posted on by Inara Pey

It went unannounced and pretty much unnoticed – except possibly by Boy Lane.

The end of the official Viewer 1.x moved a step closer mid-February, when both it and Snowglobe were removed from the official Viewer download page.

LL have apparently informed TPV developers that the date they officially stop supporting Viewer 1.x hasn’t been agreed as yet, but this move suggests it is drawing closer.

Data scraping: update

Posted on by Inara Pey

The media patch mentioned for Phoenix has, as reported earlier, now arrived in Henri Beauchamp’s Cool VL Viewer, in a somewhat modified form.

And already it is proving its worth for those concerned with attempts by others to scrape and gather IP addresses for the purposes of match – or simply gathering avatar information in general for the purposes of profiling & possible stalking.

  • Theia Magic, had a run-in a while ago with a club owner who was either somewhat economical with the truth during their exchange – or was playing a game of “place the RedZone, removed the RedZone, place the RedZone again when no-one is looking”. As it seems that, despite his loud denials as to running RedZone, he does in fact have it deployed and hidden. Given he’s been trolling the “old” official forums loudly denying he has or would use RedZone, getting caught out has obviously left him with the produce of several chickens on his face – or at least, that’s how I look upon the “colourful metaphors” he employs in his exchange with Theia.
  • The Hair Fair that has been running of late and has been widely advertised also appears to be running RedZone. Whether it is the organisers or an individual store is unclear; however, the patch flagged aggressive media stream pushing that resolved to the RedZone server as soon as a number of people using Henri’s Viewer arrived. The interesting thing here is that Greenzone failed to give any alerts.
  • Theia has now started a list of in-world locations that are attempting to deliberately mask their use of RedZone (see link above). So much for the RedZone Challenge initiated by Ciaran Laval in an attempt to gain transparency.

Quickware (another spying tool) has been linked to the IP Address 193.93.174.118.

Elsewhere, and connected with the use of the new patch, A “new” mystery domain has now been revealed as popping up frequently around the grid, again aggressively pushing a media URL onto people arrival at stores and venues. URL resolves to a domain called m.sparkgap.info (IP 69.163.222.23). It is unclear as to precisely what this is doing: speculation points to it possibly being related to CDS, but this is far from confirmed.

Caution certainly dictates both of these IPs are added to your firewall for blocking purposes – and in the case of m.sparkgap.info, added to your host file if you are technically-minded. Prior to the release of the media patch, there was speculation that it would probably uncover a lot more in the way of mysterious use (as opposed to outright misuse) people build around media streaming. m.sparkgap.info may yet be the tip of the iceberg.

Finally, Itazura Radio has some fun at the RedZoners’ expense while making some very valid points (sorry I cannot embed; EMI apparently get ticked off with me if I try).

And Cummere Mayo provides some excellent advice for those wishing to lose friends and alienate people.

A new working week commences tomorrow; one in which the new Community Platform is unveiled. This could well be a testing time for the Lab in terms of measuring up their actions against the words of their new CEO.

Further Information:

  • The humongous SLU thread on the subject (now with summaries!) – it is a monster, but an enlightening and addictive read
  • Henri Beauchamp’s Cool VL Viewer with media patch
  • Theia Magic’s blog with RedZone listings
  • no2Redzone – the latest information, information on blocking the RedZone site, etc.
  • My original post, with further links (and some repeats)
  • JIRAs on the subject of privacy – all worthy of your vote and watch):
    • SVC6751 -Make parcel_media_agent_command and similar request user permission
    • SVC 6793 – Establishing an opt-out system to prevent tracking
    • VWR24746 – RedZone security violates ToS, exposes private information & is being misused
    • VWR-24807 – Add abilityto filter cookies into the browser (Viewer 2.x)

Nailing the data harvesters (2): LL make a move

Posted on by Inara Pey

It seems LL have made a move to clamp down on tools like RedZone.

Until today, Section 4 of the Community Standards read:

“Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about a fellow Resident –including gender, religion, age, marital status, race, sexual preference, and real-world location beyond what is provided by the Resident in the First Life page of their Resident profile is a violation of that Resident’s privacy. Remotely monitoring conversations, posting conversation logs, or sharing conversation logs without consent are all prohibited in Second Life and on the Second Life Forums.”

However, this has now been revised to read:

“Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about your fellow Residents without their consent — including gender, religion, age, marital status, race, sexual preference, alternate account names, and real-world location beyond what is provided by them in their Resident profile — is not allowed. Remotely monitoring conversations in Second Life, posting conversation logs, or sharing conversation logs without the participants’ consent are all prohibited.”

[my emphasis]

Thus, at a stroke, the surreptitious ability of RedZone to gather information on SL users without their knowledge, much less consent is rendered void – or is it?

It’s not quite time to proclaim victory as yet. While the change to Section 4 of the CS is indeed welcome, it does not go far enough: sharing information that can be regarded as personal may not “not be allowed” – what about gathering of said information?

There is also the matter of in-store scanners (note that on his own blog zFire only comments on his nasty little (and purely voyeuristic) HUD as being updated to request people allow it to scan them).

The playing field has shifted, certainly – but, depending on what policy announcement is forthcoming from LL tomorrow – it seems that it may not have shifted enough.

Right now, the rule of thumb would be to keep your media tools disabled – at least for the time being.

ADDENDUM – Feb 25th

Thanks to Theia Magic’s investigations, it now appears that the RedZone in-world scanners give you a link to follow to the RedZone website in order to “give your consent” to be “background checked”.

This being the case, I’d advise people to keep media disabled and to stay away from the RedZone website – especially if following links using your own web browser,  rather than the built-in Viewer browser. Visiting that website is giving a clear indication that you’re OK with data being captured and – potentially – a cookie being deposited on your computer – even if you’re attempting to “opt out” of your information being captured!

The website is further confusing inasmuch as only those already scanned need to “opt out”. Despite the claims of zFire Xue, RedZone’s creator, those scanned / placed on the database are liable to be in the minority – therefore this approach could fool people into exposing themselves where there is no need for them to do so.

Beyond this, the solutions currently being offered up by zFire Xue relate purely to having your details (if any) “checked” on his database – they do nothing to prevent any actual scanning by his in-world items in the first place.

So – simplest solution: keep your media options disabled and remember there are a lot more stores you can shop at / clubs you can dance at that don’t use RedZone than there are stores that do use it.

Forums switch to read-only, stray thoughts on Lithium

Posted on by Inara Pey

Today sees the current SL fora and blogs (the “blogrum”) switch to read-only mode until the 2nd March, in order to pave the way for the new Community Platform, which looks like it is to be powered by Lithium.

I commented on the new platform the other day, noting some concern over the plan to develop “contribution based roles” for users. I’ve been nosing around the Lithium website trying to find out a little more and came across something called the “Lithium Reputation Engine“, and I have to say that it has left me cold as to what it might mean. Essentially, this system provides rewards and gives kudos for their participation in the platform.

On the surface, these may seem like good ideas – particularly where things like providing help, answers and support for other users are concerned. God knows, there are a lot of exceptionally helpful people who take a lot of time to share knowledge, provide help and generally give advices to those of us having problems, through the arch of Second Life Answers (SLA). It would be nice to see these people receive recognition for their work, and to have them able to structure Q&A threads responsibly to correct any inaccurate information appearing, etc.

The issue here is whether this Reputation Engine is going to be restricted to things like the new Knowledge Base, whatever “replaces” SLA. The Lithium website suggests that the Reputation Engine is a system-wide “wrapper”, that can be applied across-the-board. Let’s look at the idea of Kudos. Here’s what the Lithium website states:

Kudos

Positive feedback is an important part of turning social customers into brand advocates. Kudos let community members tell each other what they like and highlight the most popular content on a forum’s front page. You can moderate, defining which users can give kudos and whose opinions matter most. [my emphasis]

Again, used on something like Second Life Answers, this could actually be hugely beneficial – the “issues of the moment” affecting users can be put up in lights on the front page of the “Help forum”, enabling people to get the required advice / solutions quickly and easily.

But…Linden Lab has – whether they are prepared to admit it or not – a reputation for cherry-picking in their communications “with” users. We’ve seen it time and time again when a blog post is made, opened for comments, and then perhaps one or two Lindens (the OP, for example) hopping back in a few times and focus almost entire on positive comments, or the “easier” questions posed by users. Anything of a critical nature – however valid – is generally ignored. Given this penchant for cherry-picking, if Kudos is simply applied across the board on all the new forums, I tend to wonder if some at Linden Lab will be able to resist the temptation to engineer precisely which topics appear up-front on the forum as well as tweak the system so that only the more positive of comments / threads are visible?

Then we have the idea of Rewards:

Rewards and Permissions

The Lithium Reputation Engine makes it easy to reward engaged members in a given rank with privileges they value. You can assign over 100 privileges to higher ranking members that allow them to edit messages, edit, and author Tribal Knowledge Base articles, post tags, edit tags, moderate blog comments, personalize their signatures or icons, and manage Kudos. You can also give them special access to community and company VIP areas.

Again, recognition and permissions for those generating usable Knowledge Base articles, providing support, taking the time to impart experience in a structured and readable manner – fine.

But…moderate comments? Again, in the wider context of the current forums – particularly general discussion fora – I sincerely hope that wise heads will prevail at LL and  “rewards” and “permissions” don’t extend that far.

As it stands, the (now “closed”) SL GD forum can be one of the most unpleasant places in which to spend time, laden as it is with protracted bouts on in-fighting, cat-calling and assorted other viciousness, which all-to-frequently includes misguided beliefs in their own individual moral / intellectual superiority over others, vindictive an unnecessary carrying-forward of grudges from one thread to another; so much so that frankly, the last thing we need is for someone at LL to view the handing out of “rewards” on a broad basis as a “really good idea”.

Granted, the Lithium blurb refers specifically to “blog comments”, but even then, even the nature of the “leading” participants in the “old “blogrum” environment (and leaving aside those who did prove genuine help and support), should LL opt to adopt the rewards system wholesale, then I fear that when it comes to Second Life, Lithium may well live up to its definition:

Lithium (play /ˈlɪθiəm/, LI-thee-əm) is a soft, silver-white metal that belongs to the alkali metal group of chemical elements… lithium is highly reactive and flammable.

!!!!