The Privacy wars real victims
First a quick update
- Shit hit the fan when it got to be “public” knowledge that devices like RedZone was secretly scanning, logging and outing accounts in Second Life
- Jira got made and made a whopping 1500+ votes against such behaviour
- Linden Lab first tried to shut it down and down play it but Soft Linden stuck it out and (I’m sure other Lindens backed that up) things turned within 2 weeks
- Community Standard Disclaimer got tighten and made more clear. It now became very clear that disclosing personal info was NOT allowed and that included alternate account names
- Linden Lab then finally stepped up and put their foot down since it proved impossible for all account that had been logged in a private database to give consent and told the creator and users to remove the devices from the grid.
Disclosure
Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about your fellow Residents without their consent — including gender, religion, age, marital status, race, sexual preference, alternate account names, and real-world location beyond what is provided by them in their Resident profile — is not allowed. Remotely monitoring conversations in Second Life, posting conversation logs, or sharing conversation logs without the participants’ consent are all prohibited.
Quote from Soft Linden on the Jira VWR-24746
“Hey, all. I got the go-ahead to give an update on zF Red Zone specifically. Again, thank you for the ARs with specific info about violations. These have been very helpful for letting Lindens know what’s going on.
Tuesday morning, we removed zF Red Zone from the Marketplace for a second time. We removed the in-world vendor distributing the item as well. We determined that zF Red Zone was still in violation of our Terms of Service and Community Standards.
We asked for removal by no later than today of all zF Red Zone functionality that discloses any alternate account names. That is, even if consent is asked, the service may not act on the consent. In addition, we asked for removal by no later than Friday of the interface for and any remaining implementation of the zF Red Zone consent mechanism because it does not comply with our policies. If these updates are not made, we will take appropriate steps to remedy the violations…. “
So where does this leave us and what does this mean?
Well basically it means that the alt detection has to be removed and they are not allowed to even ask permission for consent to that specific database. Why not you ask, well basically cos the database is made up from linking via IP addresses and that is a way of linking accounts that is full of faults.
Here is why :
- Many uses something called a Dynamic IP
- Many uses internet Hubs via coffee shops, libraries, dorms, universities, shared IPs at homes, hotels, etc
So all should be well in the Second Life now, right?
Well not really. While these devices cannot reveal alts anymore, they can still scan you in secret.
This means they will force your viewer to play a specific URL or use another exploit via the cookies or voice. Via that your IP address, your location within SL, and so on , will be recorded to a database NOT in Linden Labs control.
So essential we now face a more sticky issue.
Now the TOS 8.3(i) states, and I quote:
You agree to respect both the integrity of the Service and the privacy of other users. You will not:
(i) Post or transmit viruses, Trojan horses, worms, spyware, time bombs, cancelbots, or other computer programming routines that may harm the Service or interests or rights of other users, or that may harvest or collect any data or personal information about other users without their consent;
Plain and simple. it is NOT allowed according to the TOS that we have all agreed to including the creators of these devices and the users of these devices and you and I.
This brings be to the topic at hand…
The Privacy wars real victims
I have now been following the debates on-going for near to three weeks now. It’s clear that certain people don’t have to worry so much about this issue cos they very early on knew how to protect themselves in Second Life. They are the coders and the scriptors. If they havent been scanned they quickly found ways of blocking it. Coders like Sione and Tonya Souther moved pretty fast to make and implement code into TPVs that will reveal if anything is trying to force itself onto your viewer. Sione made the code and Tonya pushed for the dev team she belonged to move it into their viewer. Cool viewer got the go ahead from Sione to use it in theirs and so on.
But and yes there is a big but here. I don’t know first thing about how a malicious URL looks like so even when this patch is finally implemented (and thanks to others that has a bit of Linden ears it will also be rolled out into the official Linden viewers) I really worry cos I don’t know what I can agree to use and what I can’t.
That worries me a lot actually. I know I’m not alone here. There is a lot of users that are just that, users.
I was talking to Paisley Beebe on Twitter today and I think it really dawned on us how many that are still unaware of this issue inside SL. If you don’t know Paisley Beebe will cover some of this issue on her show sunday (march 6th) at 6pm slt
Reading the SLU thread on this issue I also become more worried cos to me as a non techie, and on top of that english is my second language, its daunting to say the very least. It makes me sick that Linden Lab do not realise this and takes serious steps to protect their everyday users
To me its pretty cut and dry. TOS violated = user warned, TOS keeps being violated = user banned and product force removed from grid! Now how hard can this be? As to the database itself that might prove to be a bit more icky and I don’t know exactly how that can be dealt with, is there a lawyer in the house ?
As in all wars there will be victims, granted this is not a war with guns and bombs but to anyone that ever has had a stalker in their lives the threat is still a threat. It is in fact possible to obtain RL info (home location) via IP addresses. I don’t know how to do that (nor do I really care to honestly) but I know it can be done. This brings it up to a whole new level. In all wars you have to asses the situation, look at the threats and the possible casualties.
The people currently in the database could be possible casualties but can we work together in eliminating the threat?
Hit the pavement, the blogs, twitter, Facebook (yes yes I’m aware of the irony there), forums, mainstream media. The word needs to be spread and spread faster than before. Below I will give links to blogs and forums threads that will be useful in guidance and advice and info. Spread it as much as you can. Tell everyone to turn off music, media, cookies and voice in their viewers preferences untill they have educated themself so they don’t run a risk of getting scanned without their knowledge. Better safe than sorry!
We might have won the first battle but the real war is still there and we can’t afford to back down now.
Useful Links here
SLU – ZF Redzone, Disclosure of SecondLife Alts. This is a really long thread, I know. I would advise you to read it or at least as much as you can Samantha Poindexter does a few recaps along the way that could be useful.
SLU – Security Issues: Blocking external access to your viewer
Various Jiras pertaining this issue – IMPORTANT >>> you need to WATCH and not just vote. Use your email filter to avoid email spam from JIRAs
VWR-24746 – RedZone Security violates TOS, exposes private information and is being misused
VWR-22245 Most users will be ignorant to how MoAP will drasticly change their level of anonymity
VWR-9236 Automatically play media setting ignored plays anyway
VWR-17044 Add options to selctivly limit mdia sources to limit IP discoverability
VWR-24807 Add ability to filter cookies into the browser
SVC-6793 Establish a do not track opt out system
Various blogs and articles
Help protect the grid – Spread the word – email Linden Lab – use Twitter and or Facebook if you have it. Yell scream and stomp your feet all it will cost you is a little of your time
Whooosh and out from me xxx
Comments
5 Responses to “The Privacy wars real victims”Trackbacks
Check out what others are saying...-
[…] have links with info Privacy – Lost in SL? & Second Life erupts in outright war & The Privacy wars real victims […]
ladysakai
ladysakai 
Good summary!
All I would point out is that Section 8.3 of the ToS hasn’t actually changed at all. There was some confusion on this in the SLU forum, but if we look at the December 2010 archive:
“8.3 You agree that you will not post or transmit Content or code that may be harmful, impede other users’ functionality, invade other users’ privacy, or surreptitiously or negatively impact any system or network.
“You agree to respect both the integrity of the Service and the privacy of other users. You will not:
“(i) Post or transmit viruses, Trojan horses, worms, spyware, time bombs, cancelbots, or other computer programming routines that may harm the Service or interests or rights of other users, or that may harvest or collect any data or personal information about other users without their consent;” [my emphasis]
Which is how it is still worded today.
So far, only the Community Standards have been changed. What is required in the ToS is a tightening of Section 4.3.
Hi Inara 🙂
I dont think I said the 8.3 had changed I pointed to that section as its the one section that Ll can use to take this thing down and not only RZ but other devices like it
🙂
I have been urging people for the past five years to disable parcel audio, parcel media, and anything else that makes direct connections outside the Second Life service, and be careful about following links provided by scripts. Because there have been people using this to surreptitiously collect information about alts, both for personal use and for sharing, for that long. Redzone is just the first time it hit the news.
This doesn’t mean “don’t use parcel audio at all”, or anything like that. Just turn it off when you’re not at a location where you’re there FOR the audio stream.
That’s the easy solution, to avoid getting collected. Control what you trust.
Hi Argent (and sock)
Yes its very good advice. What angers me is that this should all be necessary. We should be able to not have to look twice before we go on to land and listen to music. Nevertheless it is if LL refuses to plug the hole or at least untill they publicly announce they have done so.
Its very well for geeks (meant in the nicest posible way cos geeks are sexy ya know 😉 ) cos they have the knowledge to protect themselves but my concern is for the ordinary user that uses SL trusting LL to protect them while they hang out a destress from RL in this virtual world.