Nailing the data harvesters

There has been more sturm und drang over data scraping on the official fora and elsewhere, and I admit I’ve contributed.

Most of the focus has been on RedZone – the most visible and, given the somewhat rabid nature of its proponents, potentially most odious of them (but by no means the first). Some of these threads are simply seeking clarity on how things work. Others are more mischievous in nature, resulting in heated debate (and a wholly misplaced sense of superiority on the part of some “sunny” posters, up to and including the arrogance to inform others as to when they should post feedback).

The concerns over these tools are warranted; RedZone in particular appears to be far more about the ability to grief and stalk than it is about offering any form of (highly flawed and utterly questionable) “security”. Why else would the creator boast that the tool can attack users outside of the parcel it is protecting, that the tool can crash Viewers, etc? Why else would he made a HUD-based system that allows users to roam at will across the Grid, gather user data?

However, the risk is that in focusing on a single tool, the wider concerns are overlooked. Sling Trebuchet has attempted to broaden the issue by focusing on the technical deficiencies within the Viewer that enable these tool to work, and her JIRAs are something to support, voting coming to an end or not.

Prokofy Neva does much to raise the bar on the situation in the broadest terms, and in doing so sets out a very concise argument as to how these matters should be tackled. In doing so, Prok points out that on the broadest front, Section 4.3 is the ground on which to fight the issue, rather than Section 8.3 – which has been, it has to be said, the focus of many (including myself) when replying to posts in the official fora.

Having had time to digest Prok’s post, I have to say I’m pretty much in agreement with it. Perhaps the only divergence I have with the thinking is that I would say that both 4.3 and 8.3 have relevance, rather than dismissing one or the other as “irrelevant”.

Prok makes a very strong case for using 4.3, to be sure – but there remains the issue of those of us using Second Life having a reasonable expectation of privacy while going about our business in-world – and this is most certainly where Section 8.3 does have relevancy, even thought it might well have been originally intended to relate primarily to First Life information.

I say this because RedZone (and potentially other tools of its ilk) break down certain walls of privacy within Second Life. Leaving aside the entire hot topic of “alt linking”, they enable avatar profiling to take place and stalking to be undertaken. These are, however you look at it, invasions of our virtual privacy and should be dealt with as such, both immediately through the use of the AR system but on a broader front by bringing it to the attention of LL that as well as the wider issues relating to such tools enabling such violations of privacy to occur in-world. Thus, Section 8.3 (and potentially Section 8.2), has relevance.

The risk in focusing solely on the likes of Section 4.3 is that LL cannot be held responsible for policing third-party websites (which is in part the underlying sentiment of Section 4.3); thus too much focus in this direction can have the opposite effect as to what is desired, in much the same way that too much emphasis on Section 8.3 can allow those in favour of these tools to “trump” it using Section 4.3 or cause LL to back away with a “well, we’re really referring to RL information here,” stance.

But, this view aside, Prok’s argument for a wider basis of protest is both valid and one that we should all consider – just as we should provide support for Sling’s attempts to deal with the technical issues that make these tools possible in the first place. In this, a two-pronged response is required: the technical to deal with the exploits themselves, and a broader argument based initially on dealing with such tools on the basis of the ToS (both Sections 4.3 and 8.3) as a whole, but which is ultimately aimed, as Prok rightly states, on matters of policy.

The fact is that problems such as this – and indeed the problems that ostensibly lead to the development of such “tools” as these (content ripping, etc.), need to be approached and dealt with as a matter of policy, rather than simply on the grounds of either technological determinism or Linden Lab whim. In this, the ToS  – indeed the Community Standards themselves – cannot provide the solution alone. We really need to see LL invoke a policy in support of the ToS that will both help prevent situations such as this from occurring again in the future and provide a means of dealing with them should they in fact do so.

It’s not going to be easy, but I would support such moves wholeheartedly; kudos to Prok from framing things so well.

More from Rod Humble: Privacy

Privacy is extremely important for anyone putting themselves out there, expressing themselves, or expressing a side of themselves through an avatar. People don’t want other people to connect the dots from their avatar to their real life person – or even, for that matter, to an alt. One of the ethical obligations we have is to protect people’s privacy

“People come to Second Life because they want a story, they want to be in a story….and we have an ethical obligation to protect that.

I’m not so sure that the conventional wisdom makes any sense. Yes, it might be technically easy to track people and all that. But in the long-term I’m optimistic that we’ll see the pendulum swing back in the other direction towards more privacy.

Thus speaks Rod Humble in what is quite possibly the best interview held with him since he took office at Linden Lab, and Kudos to Dusan Writer for bringing it to us.

It’s an uplifting piece on many levels. The comments about privacy, for example, are particularly relevant given both the degree to which Linden Lab seems determined to shovel users of Second Life towards Facebook and the manner in which data is being scraped and potentially used by the likes of RedZone.

For me, the interview is encouraging, as I’ve been advocating the need for Linden Lab to take what I term a more holistic view of Second Life, and to stop looking at it in terms of how it can be “compartmentalised”: focusing on individual technical issues, trying to tap into audiences, etc., and start looking at it as a complete, unified entity. In fact, I’ve already had concerns that Rod Humble is sliding into this very trap.

But no, he does seem to get it: he recognises the fact that the magic of Second Life is about the ability to create – physically and metaphorically (he talks about us being able to create “personas” in SL and imbue them with specific identities) – and he really does demonstrate he’s thought about these ideas, and is not simply peddling words.

Similarly, he recognises that Second Life can increase its relevancy in terms of real world interactions by providing n-world and supportive tools that work with the platform to empower people to interact with one another through Second Life (rather than telling them to bugger off elsewhere).

This is marvellously encouraging. Of course, there is a degree of hyperbole that strays dangerously close to Rosedale Country; after making very valid points about the relevancy in having multiple personas in life (which we all do), and these personas / identities being an integral part of our being (a marked difference from Zuckerberg over at FB, who views  multiple identities as demonstrating a “lack of integrity”), Rod does unfortunately slip into Pipspeak:

“I don’t want to get all geeky about it, but I sort of see this day coming when there’s a formalization of identity that happens. We haven’t had the tools before to formalize our broken up bits of identity…We can increasingly go deep on each element of identity and they become more valuable and I can’t help thinking that if we formalize the structures around those identities and have the tools to do that it might actually change us – it might change the person.”

Shades of Transhumanism lurking there – but not enough to shake one’s feeling that here, finally, Linden lab have struck gold. Rod Humble not only gets Second Life technically, he gets it visually, socially, personally, and metaphorically. In short, he appears to understand it holistically.

Lets hope that understanding translates itself into policies and action that allow us all to look back in 12 months or so, and we”ll all be “talking about all the new kinds of content and creations and categories of creation…and say ‘Wow, it’s amazing, look how far we’ve come in having ways to make stuff‘.” And that we’re all secure and confident in the levels of privacy and security Second Life affords us.

Grid “merger”: precipitating the identity link?

I’ve been bouncing around looking at reactions to the announced “grid merger” in SL – or more correctly, allowing 16 and 17 year-olds onto the Main grid – both here and elsewhere. Specifically, I’ve been looking at people’s thoughts on the potential additional risks such a move forces adult users of Second Life to face.

In the thread linked to above, Cabbage Acanthus and Derek Torvalar hit on two of my major concerns respectively, the matter of public perception and the legal ramifications people might face as a result in-world activities (the latter of which will clearly vary depending on one’s nation of residence), or which might equally cause panic / confusion.

In the same thread, Carole Franizzi touches on the core element of both of these concerns: that of identity. As it stands, we simply have absolutely no way of vetting for ourselves that whoever we are dealing with in Second Life are who they claim to be (i.e. of a given gender and over a certain age).

Until now, this hasn’t been an issue, and when LL themselves have tried to slide things towards a more direct linking of SL and RL identities, there has been an enormous – and in some ways, justified – push back against such moves. But allowing minors into the Main grid clearly changes things; particularly as much of the direct legal onus for verifying who we are dealing with on-line fall on each of us individually – as Derek’s quote from Canadian law illustrates.

It is true that since Wallace’s faux pas on the subject of such linking, LL have been careful to caveat any potential moves towards it as being something users will be able to at least opt out of, and Mark Kingdon went out of his way to expressly state as much on numerous occasions.

But will this now remain the case? Could it be that as minors are allowed into the Main grid LL will find the adult population (and by that term, I mean all of us using SL, rather than any given segment of the community)  potentially more willing to see RL information being displayed alongside SL information, if it helps verify people are indeed who they say they are?

I’m not for a moment suggesting this is in any way why the “merger” is happening – but one has to admit, in looking at the broader implications, it could have some “interesting” knock-on effects, intended or not.

Conversational Identities….

(Mark) Wallace Linden fires off his first topic for “conversation” this week, and it is a doozy on so many levels.  Will the Real You Please Stand Up brings what several Lindens have been mooting for some time  – the linking of real life information potentially directly to your Second Life avatar(s) identity/ies – in to the “public” domain of the flogrum.

What interests me about the post – other than the intense and understandable reaction from users to Wallace’s words – is the lengths to which Linden Research is prepared to go to in order to justify their decision to start putting in place “open” links between people’s RL and SL identities and the fact that the decision has clearly already been made.

As such, Wallace Linden has not so much initiated a conversation around the idea of bringing in the tools to make this possible, he’s more-or-less making a pronouncement LL will be actively undertaking to implement the tools in the coming months.

Let’s start with the former first: the degree of negative feedback from the majority of “residents” – the likes of you and me, whom I’ve opted to start calling “casual users”, on account of the fact that by-and-large we use SL purely as a form of “entertainment” (even if we run in-world “businesses”) as opposed to the “emerging market” of so-called “corporate users” LL seemed determined to try and find woo – is on record. Many are concerned over Facebook’s recent policy changes which have effectively made revealing much of your personal information filed with the company an opt out process, rather than, as it should be, an opt in (or so I understand, having never, ever gotten involved in Facebook in my life).

Yet, rather than confronting these concerns head-on and using them as a means of opening a two-way dialogue, Wallace instead opts to go back further in time – using Friendster’s 2003 approach to “false” identities to somehow further justify the need to link rl and SL identities more closely.

Indeed, were I a total cynic, I might even conclude that there is a veiled threat hidden in Wallace’s choice of example as an opening gambit.

From this dubious outset, Wallace goes on to paint a rosy picture of online interconnectedness that is  – in essence – fair and true. For, as he states, The thing not to miss here — and it bears stating despite how obvious it sounds — is what all these online “identities” have in common. At the center of them all, the hub that ties all these personae together, is the very real, non-virtual, analog and offline “you.” Whether the connections are public or not, your Second Life avatar, your World of Warcraft toon, your Facebook profile, your LinkedIn employment history — all of these and more are just different aspects of a single entity: the person reading these words. They are all already connected to each other, via you.

Yes, yes, absolutely, Wallace. But here is something else not to miss – and it bears stating despite how obvious it sounds – is what, for the majority of us, these online “identities” have in difference to one another. Whether the connections are our Second Life avatar, our World of Warcraft toon, our Facebook profile, our LinkedIn employment history – they are all what we have chosen to reveal of ourselves through these differing media to meet different aspirations, wants and needs. They are all already connected to each other via our real-world self. And as such, we don’t need you, or anyone else at Linden Research trying to engineer / persuade / cajole / drive us into greater degrees of self-revelation than we’ve already opted to make.

Strong arguments to this effect have been made in response Wallace’s post, but what is interesting  – to turn to my point on this having been a “done-and-dusted” decision on LL’s part – is not so much that Wallace has replied to critiques, but rather the wording of his replies.

Not once does he reply directly to the arguments raised against such a move. Not once does he even suggest that LL are seeking to engage with users on the pros and cons of the matter.

No. The only assurance he will give is that there (presumably) still-to-be-defined tools will “opt in”. and really, even this is a pretty bland reassurance, as “opt in” cover a variety of “up-front” sins. Yahoo Messenger, for example, has a default “opt in” user must then physically opt out of in order to ensure the messenger doesn’t deposit cookies (or “biscuits”, as I believe Yahoo calls them) on their computer that enable Yahoo to target users with adverts based on their web browsing. It is only AFTER you’ve gone through the process of creating your account, editing your profile and tracing down the “opt out” function that the “biscuits” are actually removed from your computer…

The only other assurance we get from Wallace is that “I don’t think anyone at LL is in favor of forced identity publication.” Which again, is pretty bland, given it is immediately followed by, “That said…..” – which immediately carries the implication that there is nothing inherently wrong with forced identity publication.

Does this mean we should roll over and accept the inevitable? No. Whether or not this is a done deal within LL’s ivory towers is moot. This kind of social engineering simply is not needed. As Ciaran Laval states, it’s time to say no to this invasive function creep and take care of our own identities, we certainly don’t need social networking sites to manage our identities for us, it seems as if George Orwell was two or three decades premature.

This is the message we need to carry to LL through the flogrum, through posted replies, our own blogs and posts to any and all metaverse sites that report on this move: we are all intelligent adults and we’ve been perfectly capable of managing our online identities for as long as the Internet as a whole has been available to us; we certainly don’t need the likes of Linden Research and/or Facebook or any other organisation or partnership telling us how to do so going forward. And we need to fight every step of the way to make sure than any such “tools” alluded to in Wallace’s post are fully, truly and demonstratively opt-in in every meaning of the term, and not just in some facile “well, it’s sort-of opt-in…” half-arsed implementation that we’ve tended to see in the past where LL’s policy moves are concerned.