The Privacy wars real victims

First a quick update

  • Shit hit the fan  when it  got  to be “public” knowledge that devices like RedZone was secretly scanning, logging and outing  accounts in Second Life
  • Jira got made and  made a whopping 1500+ votes against such behaviour
  • Linden Lab first tried to shut it down and  down play it but Soft Linden  stuck  it out and (I’m sure other Lindens  backed  that up) things  turned within 2 weeks
  • Community Standard Disclaimer got tighten and made more clear. It  now became  very clear that disclosing personal info  was NOT allowed and that included  alternate account names
  • Linden Lab  then  finally  stepped up and  put their foot down  since it proved impossible for all  account that had been  logged in a private  database to give consent and told the creator and users to  remove the  devices from the grid.

Disclosure

Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about your fellow Residents without their consent — including gender, religion, age, marital status, race, sexual preference, alternate account names, and real-world location beyond what is provided by them in their Resident profile — is not allowed. Remotely monitoring conversations in Second Life, posting conversation logs, or sharing conversation logs without the participants’ consent are all prohibited.

Quote from Soft Linden  on the Jira VWR-24746

“Hey, all. I got the go-ahead to give an update on zF Red Zone specifically. Again, thank you for the ARs with specific info about violations. These have been very helpful for letting Lindens know what’s going on.

Tuesday morning, we removed zF Red Zone from the Marketplace for a second time. We removed the in-world vendor distributing the item as well. We determined that zF Red Zone was still in violation of our Terms of Service and Community Standards.

We asked for removal by no later than today of all zF Red Zone functionality that discloses any alternate account names. That is, even if consent is asked, the service may not act on the consent. In addition, we asked for removal by no later than Friday of the interface for and any remaining implementation of the zF Red Zone consent mechanism because it does not comply with our policies. If these updates are not made, we will take appropriate steps to remedy the violations…. “

So where does this leave us and what does this mean?

Well  basically it means that the  alt detection  has to  be removed and they are  not allowed to even  ask  permission for consent to that specific database. Why not you ask, well  basically cos the database is made up from  linking via  IP addresses and  that is a way of linking accounts that  is full of faults.

Here is why :

  • Many  uses something called a Dynamic IP
  • Many  uses internet Hubs via coffee shops, libraries, dorms, universities, shared IPs at homes, hotels, etc

So all should be well  in the Second Life now, right?

Well  not really. While these devices  cannot  reveal alts anymore, they can still scan you in secret.

This means  they will force your viewer to  play a specific URL or use another  exploit via  the cookies or voice. Via that your IP address, your  location within  SL, and so  on , will  be recorded to a database NOT in Linden Labs control.

So essential we  now face a more  sticky  issue.

Now the TOS 8.3(i) states, and I  quote:

You agree to respect both the integrity of the Service and the privacy of other users. You will not:

(i) Post or transmit viruses, Trojan horses, worms, spyware, time bombs, cancelbots, or other computer programming routines that may harm the Service or interests or rights of other users, or that may harvest or collect any data or personal information about other users without their consent;

Plain and simple. it is NOT allowed according to the TOS that we have all agreed to including the creators of these devices and the users of these devices and you and I.

This brings be to  the topic at hand…

The Privacy wars real  victims

I have now been following the debates on-going for  near to three weeks now. It’s clear that  certain people  don’t have to worry so much  about this issue cos they very  early on  knew how to protect themselves in Second Life. They  are the coders and the scriptors. If they  havent been scanned they  quickly found ways of blocking it. Coders like Sione and Tonya Souther moved pretty  fast to make and implement  code into  TPVs that will reveal  if anything is trying to  force itself onto your viewer. Sione made the code and Tonya  pushed for  the dev team she belonged to  move it into their viewer. Cool viewer  got the go ahead from Sione to  use it in theirs and so  on.

But and yes there is a big but here. I don’t know first thing about  how a malicious URL looks like so even  when  this patch  is finally implemented (and thanks to others that has  a bit of Linden ears it will  also  be rolled out into the official  Linden  viewers) I really worry  cos I don’t know what I  can  agree to  use and what I can’t.

That worries me a lot actually. I  know I’m not alone here. There is a lot of  users that  are just that, users.

I was talking to  Paisley Beebe on Twitter today and  I think it really dawned on us how many that are still  unaware of this issue inside SL. If you don’t know Paisley Beebe will  cover some of this issue on her show sunday (march 6th) at 6pm slt

Reading the SLU thread on this issue I also  become more  worried cos to me as a non techie, and  on top of that  english is my second language,  its daunting to say  the very  least. It makes me sick  that Linden Lab do  not realise this and takes  serious steps to  protect their  everyday users

To me its pretty cut and dry. TOS violated = user warned, TOS keeps being violated = user banned and product force removed from grid! Now how hard can  this be? As to the database itself  that might prove to  be a bit more  icky  and  I don’t know exactly how that can  be  dealt with, is there a lawyer in the house ?

As in all  wars there will be victims, granted  this is not a war with guns and bombs but to  anyone that ever has had a stalker in their lives  the threat is  still a threat. It is in fact possible to  obtain RL info  (home location) via IP addresses. I don’t know how to do  that (nor do I really care to  honestly) but I  know it can  be done. This brings it up to a whole new level. In all wars you  have to asses the situation, look at the threats and the  possible casualties.

The people currently in the database could be possible casualties but can  we work together in eliminating the threat?

Hit the pavement, the blogs, twitter, Facebook (yes yes I’m aware of the irony  there), forums, mainstream  media. The word needs to  be spread and spread faster than  before. Below I will give links to  blogs and forums threads that will  be useful  in  guidance and advice and  info. Spread it as much as you  can. Tell  everyone to  turn off music, media, cookies and voice in  their viewers preferences untill  they  have educated themself  so  they don’t run a risk  of getting scanned without their knowledge. Better safe than sorry!

We might have won  the first battle  but the  real war is still there and we can’t afford to  back  down  now.

Useful Links here

SLU – ZF Redzone, Disclosure of SecondLife Alts. This is a really  long thread, I know. I would advise you to  read it  or at least  as much as you can  Samantha Poindexter does a few  recaps  along the way  that could be useful.

SLU – Security Issues: Blocking external access to your viewer

Various Jiras pertaining this issue – IMPORTANT >>> you need to  WATCH and not just vote. Use your email filter to  avoid email spam from JIRAs

VWR-24746 – RedZone Security violates TOS, exposes private information and is being misused

VWR-21305 Potential Privacy Exploit – Is it heuristically possible to use MoaP to link a client IP adress to an avatar

VWR-22245 Most users will  be ignorant to how MoAP will drasticly change their level of anonymity

VWR-9236 Automatically play media setting ignored plays anyway

VWR-25062 Add the ability to allow or deny domains that parcel owenrs want to play in the viewers media and audio player

VWR-17044 Add options to selctivly limit mdia sources to limit IP discoverability

VWR-24807 Add ability to filter cookies into the browser

SVC-6793 Establish a do not track opt out system

Various blogs and articles

SEW and  more SEW

no2redzone

Tateru Nino – Dwell on it

Lindenwatch

the Alphaville Herald

One Big Blond Moment

mickeyetc`s posterous

Phaylen Fairchild

Living in a Modern world

Treminari`s secondlife blog

Soror Nishi

Unique Needs

Help protect  the grid – Spread the word – email Linden Lab – use Twitter and or Facebook if you  have it. Yell  scream and stomp your feet all  it will cost you  is a little of your time

Whooosh and out from  me xxx

Comments
5 Responses to “The Privacy wars real victims”
  1. Inara Pey says:

    Good summary!

    All I would point out is that Section 8.3 of the ToS hasn’t actually changed at all. There was some confusion on this in the SLU forum, but if we look at the December 2010 archive:

    “8.3 You agree that you will not post or transmit Content or code that may be harmful, impede other users’ functionality, invade other users’ privacy, or surreptitiously or negatively impact any system or network.

    “You agree to respect both the integrity of the Service and the privacy of other users. You will not:

    “(i) Post or transmit viruses, Trojan horses, worms, spyware, time bombs, cancelbots, or other computer programming routines that may harm the Service or interests or rights of other users, or that may harvest or collect any data or personal information about other users without their consent;” [my emphasis]

    Which is how it is still worded today.

    So far, only the Community Standards have been changed. What is required in the ToS is a tightening of Section 4.3.

    • ladysakai says:

      Hi Inara 🙂
      I dont think I said the 8.3 had changed I pointed to that section as its the one section that Ll can use to take this thing down and not only RZ but other devices like it

      🙂

  2. I have been urging people for the past five years to disable parcel audio, parcel media, and anything else that makes direct connections outside the Second Life service, and be careful about following links provided by scripts. Because there have been people using this to surreptitiously collect information about alts, both for personal use and for sharing, for that long. Redzone is just the first time it hit the news.

    This doesn’t mean “don’t use parcel audio at all”, or anything like that. Just turn it off when you’re not at a location where you’re there FOR the audio stream.

    That’s the easy solution, to avoid getting collected. Control what you trust.

    • ladysakai says:

      Hi Argent (and sock)
      Yes its very good advice. What angers me is that this should all be necessary. We should be able to not have to look twice before we go on to land and listen to music. Nevertheless it is if LL refuses to plug the hole or at least untill they publicly announce they have done so.
      Its very well for geeks (meant in the nicest posible way cos geeks are sexy ya know 😉 ) cos they have the knowledge to protect themselves but my concern is for the ordinary user that uses SL trusting LL to protect them while they hang out a destress from RL in this virtual world.

Trackbacks
Check out what others are saying...
  1. […] have  links with info Privacy – Lost in SL? & Second Life erupts in outright war & The Privacy wars real victims […]



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Top Clicks

    • None
%d bloggers like this: