Listen using WinampListen using QuicktimeListen using Windows Media PlayerListen using Real PlayerListen using iTunes 

 
 
Feb 242011
 

RedZone gets new lease on life

by staff writer Emiley Tomsen
(with contributions from Krypton Radio staff)

On Feb 24, 2011 the Terms Of Service/Community Standards were updated by Linden Lab, the creators of the virtual world of Second Life, to reflect concerns by users of the service regarding privacy and the use of multiple user accounts by one person.

“Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about your fellow Residents without their consent — including gender, religion, age, marital status, race, sexual preference, alternate account names, and real-world location beyond what is provided by them in their Resident profile — is not allowed. Remotely monitoring conversations in Second Life, posting conversation logs, or sharing conversation logs without the participants’ consent are all prohibited.”

Readers should note that the Community Standards and Terms of Service apply only to the Second Life service and web sites owned by Linden Research, and not third party web sites.

For weeks many users of Second Life have blasted the SL-forums with complaints about fellow residents, who use automated security systems to protect their virtual properties. Some of these systems have the ability to detect and share information on user’s alternate accounts. This is done by comparing the IP address of a scanned avatar and comparing it to other avatars that have been scanned by the security system. Residents claim that these systems violate their right to privacy, since SL is more or less geared towards anonymity. The counter-arguments are that many residents who have been previously banned by Linden Lab use alternate accounts to come back into SL, letting them grief and stalk others making such alt detection systems useful and necessary.

One such system to take the brunt of the hatred from privacy advocates is RedZone, created by SL resident zFire Xue. Land owners could use RedZone to scan for and ban users from their private land based off of the possibility that person was an alternate account of a previously banned user.   Part of the controversy of his system, is that it publicly identifies residents’ possible alts of banned avatars to RedZone users via the subscribers’ interface on the official RedZone web site.

Mr Xue granted Krypton Radio permission to print a statement he issued on his RedZone customer support forums concerning the Linden Lab Terms Of Service change:

“Hello RedZone owners.
After talking with Linden Labs over the past month we have reached an agreement.
Effective now and retroactively the RedZone system will request Consent to display alt name information.
LL policy will reflect this change by tomorrow the 25th.
The zRZ HUD will now request consent much like a bloodlines bite.
The zRZ Website now offers a system to send an IM to request consent for a zF RedZone Alt Background check.
The system is already in place, new functions and consent methods will be offered as we discover how best to implement this feature.
Linden Labs has been good enough to suggest many ideas that settled on this one.
Alt names can still be viewed to settle disputes, run security background checks etc. (With Consent)
Please see http://isellsl.ath.cx/checkconsentinfo.php for more.
The RedZone system has been, and always will be current with SecondLife(tm) terms of service.
I would like to thank Linden Labs for working with RedZone and providing enough time for RedZone to make these changes.
Best Regards,
zFire Xue
PS: Everything is still logged as before, everything still works as before.
Only now to view the alts you need consent.
Alts are still bannable if they are related to a new user you do not want on your land.
Alts of people you banned are still banned, alts of copybots are still banned, alts of anyone you have banned are still going to be banned, just not named.”

There are various security systems used by residents in SL, some utilizing the ability to compare avatar accounts by checking IP addresses. This has never been a fool-proof tool, as some users share the same address due to the location they log-in from such as a college dorm. Mr Xue’s security system does in fact have an appeal option on his website, to allow people to file a grievance if they feel they were wrongly banned from a private property by the RedZone service. To clarify, the RedZone system only has the ability to ban avatars from property where it was installed by the property owner.

Critics of the RedZone system say the copybot viewers it detects represents only 0.025% of the total viewers scanned, according to zFire Xue’s own web page dedicated to users of the system.  While this number seems low, it makes more sense in perspective: according to Justice League estimates, less than half a percent of the citizens of Second Life are griefers in the first place, so the number of copybot clients detected by RedZone compared to the number of griefers is actually rather significant.

The Green Zone

The main group of critics appears to be users of a product called “Green Zone”,  a device which until recently was able to detect the probe objects used by the Red Zone security device.  The Green Zone Users group in Second Life was founded by an avatar named “Fart Admiral”, and the group is open enrollment with no controls at all on who joins. The fact that the group has nearly a thousand members does not speak to the quality of its membership.  It is not possible to determine how many of these members are secretly alts of other members. The group could easily have been vastly inflated in size by a small group of dedicated dissidents, creating the impression of  a vast anti-Red Zone response, and there is no way to prove otherwise.

The GreenZone device itself was created by the operator of an avatar named Anastasia Howlitt, purportedly in retribution for the banning of her alt Andromeda Sawson for copybotting activities.  zFire Xue posted compelling evidence of the connection between the Andromeda Sawson and Anastasia Howlitt accounts on the RedZone support web site.  Howlitt’s sole defense was to claim that her computer was used by “a friend”.

Green Zoners have gone to great lengths to harass Red Zone users in efforts to coerce them to abandon use of the product, even going as far as crashing their sims in some cases.  Anonymity appears to be being abused by at least some faction within this group.  It is clear that at least some percentage of the Green Zoners have an agenda in which the public welfare plays no part. Even some otherwise responsible journalists have fallen for this ruse, unintentionally siding with copybotters, known trolls and sim crashers.

Something indeed strange is going on with this topic of interest:  opponents of the RedZone system point to such things as this large group in SL and how active the thread on SL Universe is (400 pages and counting) – but Hamlet Au of New World Notes questions how widespread interest in this topic really is, saying that more people are interested in his article on Kinect for SL than they are in his original RedZone article.  That this could be a manufactured “social uprising” is not entirely out of the question.

IP Addresses and Privacy

There are still concerns by residents that logging of IP addresses or other information is a violation of the Terms Of Service, however this was addressed by Linden Lab under the following regarding Privacy.

“Certain account information is displayed to other users in your Second Life profile, and may be available through automated script calls and application program interfaces. This information includes your account name, account type, the date your account was established, whether or not you are currently online, user rating information, group and partner information, and whether or not you have established a payment account or transaction history with Linden Lab. Further, you agree and understand that Linden Lab does not control and is not responsible for information, privacy or security practices concerning data that you provide to, or that may otherwise be collected by, Second Life users other than Linden Lab. For instance, some services operated by Second Life users may provide content that is accessed through and located on third party (non-Linden Lab) servers that may log IP addresses.”

So far it would appear that logging of IP addresses and detection of possible alts is still allowed, however the handling of this information is what this update covers. As long as the information collected is not publicly shared without permission, those security systems who employ these methods are still allowed to operate.

The ramifications of this dramatic change in Linden Lab privacy policy appears to be a boon to those who consider their alternate accounts private, but may have the opposite effect on land and business owners throughout the grid who now have no where to turn for information on  abusers of alternate accounts to help keep them off their regions and away from their friends, families, and places of business.

 

UPDATE:  RedZone Not Allowed to Reveal Alts In-World Under Any Circumstances

On the Second Life JIRA service, on March 2, 2010, Soft Linden posted the following:

Hey, all. I got the go-ahead to give an update on zF Red Zone specifically. Again, thank you for the ARs with specific info about violations. These have been very helpful for letting Lindens know what’s going on.

Tuesday morning, we removed zF Red Zone from the Marketplace for a second time. We removed the in-world vendor distributing the item as well. We determined that zF Red Zone was still in violation of our Terms of Service and Community Standards.

We asked for removal by no later than today of all zF Red Zone functionality that discloses any alternate account names. That is, even if consent is asked, the service may not act on the consent. In addition, we asked for removal by no later than Friday of the interface for and any remaining implementation of the zF Red Zone consent mechanism because it does not comply with our policies. If these updates are not made, we will take appropriate steps to remedy the violations.

As before, we appreciate your help in keeping an eye on content. If you find that any merchant’s product is not in compliance with our TOS or our Community Standards, please file an abuse report about the product. Do this even if you filed against a previous version. Include a specific explanation of what you believe is a violation, and ideally select and report the in-world object at issue in case it behaves differently than what’s in the Marketplace. Before reporting, make sure you have first-hand knowledge of the issue. Support can best react if you explain specific steps to reproduce or confirm a violation.

This appears to be contrary to what zFire Xue had been previously told by Linden representatives about the suitability of his RedZone system’s handling of information about alternate accounts, and does represent a significant setback for the popular security system.  Mr. Xue’s only possible stance now is  to remove any functionality that permits the use of the system to discover alts through any in-world interface, though a lookup feature on the support web site for the product would obviously be outside Linden Lab’s jurisdiction or control.  Since IP collection is still confirmed not to be a ToS violation, the ability of RedZone to banning by IP address is obviously still not a violation of the Second Life Community Standards so long as  the revealing of alts by in-world means is removed from its list of features.

And it appears that this is exactly the tack Mr. Xue has had to take – the system can still ban by IP address, but the new Terms of Service forbids him from implementing an appeals process  since it would require banned individuals to identify their own alts.  His posts in the Red Zone support forums express frustration with Linden Lab for repeatedly flip-flopping on the rules as they apply to the Red Zone, and applying the rules with apparent caprice.

Update: zFire Xue Banned from Second Life

As of the morning of March 16, 2011, zFire Xue and his business alt, TheBoris Gothly, have been banned from Second Life.  While the RedZone security systems still exist in places on the grid, they are now empty husks – the scripts that made them work have been removed from the asset server’s databases, and the devices are now completely inert.  These actions were done in accordance with Linden Lab’s new policy against revealing alts in-world.

Soft Linden’s additional stipulation that the RedZone devices not reveal alt information even if the device had given permission appears to have been based on Linden Lab’s inability to confirm whether permission had been granted by any individual, since the RedZone database was not accessible to Linden Lab for verification, nor could it be made so in any practical sense.  Allowing this would have put Linden Lab in the position of simply accepting zFire’s word on the matter.

This is a developing story – stay tuned to Krypton Radio for updates as they’re made available!

- 30 -

Links

 

The following two tabs change content below.

  30 Responses to “Linden Lab Bans Sharing Information on Alt Abuse”

Comments (30)
  1.  

    To clarify the information about RedZone detecting only 0.025% copybot viewers.
    That number represents 0.025% of the 9473075 non-unique scans ever made by RedZone vs the total number of unique copybots detected.
    In other words many of the 9.4million scans are repeat scans of the same user, compared to the non repeat detections of unique copybot users.
    Not the best stat to have offered as it confuses people.

  2.  

    Not only that, but people don’t realize just how much trouble such a tiny percentage of the population can cause. I’ve talked to a fair number of people in-world about the privacy issue, and I can see and understand both sides of it. But I would characterize most of the complaints about RedZone as coming from people doing things they don’t want to get caught doing.

    I haven’t been seeing a lot of land owners and estate owners bringing up privacy as an issue – quite the contrary, they consider alt detection as vital to the protection of their lands and friends from the abuses heaped upon them by people using secret alternate accounts. This is not to mention all the business and political situations manipulated by a few people pretending to be many people.

    We’re left with the conundrum of how to balance the needs of the many against the needs of the few. Having RedZone ask for permission to reveal a person’s alts is a good compromise; there’s nothing that says a landowner has to allow entry to their land for a person who refuses to provide this permission.

  3.  

    Kalel, will the JLU be continuing to work on their own alt-detection system now that this ruling has been handed down?

  4.  

    Hi, Jack – here’s the JIRA that shows that IP detection is still ToS compliant: https://jira.secondlife.com/browse/VWR-21305?

    It’s for members of Second Life only, so here’s the critical exerpt:

    Samuel Linden 26/Feb/10 2:32 PM: We need to thank the resident for bringing this to our attention. We do not consider IP gathering to be an actionable security exploit. This has been possible for quite some time with 1.23 and earlier viewers. Shared Media makes this easier, but we have provided residents with the means to turn off Auto Play. We can communicate that they disable Auto Play if they are concerned about having their IP address logged.

    My interviews with various landowners seem to lean toward IP-based banning being the critical thing they need, more so than exposing people’s alts – which is now suddenly a Community Standards violation. The landowners interested in the Phantom Zone usually ask that question right up front: “when will Phantom Zone do alt detection?”, and are somewhat disappointed when I tell them we don’t have a time line on that.

    For now, the RedZone system is still their best bet for alt detection. However, alt detection based solely on IP addresses would be a flawed approach in my opinion, and if we do implement it it will be based on a dozen or more criteria, not just the one. We would have to follow the same strictures which have been applied to the new RedZone system to stay ToS compliant.

    I think the Phantom Zone should be ready for general release in March, and will be provided as a free service to the citizens of Second Life. I think it’ll be a good add to the spectrum of security services available to the public, especially at the price point. We’ve already received threats over it, and that means the griefers are concerned about what broad adoption would mean for them – always an encouraging sign.

  5.  

    “Effective now and retroactively the RedZone system will request Consent to display alt name information.”

    ok GOOD luck getting a griefer to agree to that.. Still its nice to see developers taking the high road vs scoffing this new ruling.

  6.  

    Trace Adress: http://www.kryptonradio.com

    Location; Atlanta, Georgia, USA

    Traced IP: 72.9.247.177

    lulz?

  7.  

    Oh, yes – if our server wasn’t located 955 miles away in Austin, Texas, it would be very lulzy indeed.

    This just points out just how far off an IP address can be from giving your actual location.

    We also notice that the Herald is at it again – they’ve published no fewer than three articles in two days about how much trouble RedZone is in, but once again they’re creating the impression of something that hasn’t actually happened. It’s not hard to guess why, though -they have a big interest in taking apart anything that threatens their world view. RedZone isn’t going away any time soon, but the Herald really wants to make it so.

    If they’re that afraid of the RedZone, even now, one can only assume that there must really be some value in it.

  8.  

    Kalel, sorry to hear the JLU is now in the privacy invasion business. When Phantom Zone was Banlink II, it had my support. Now I’ll be blocking the domain.

  9.  

    Hi, Jack, thanks for your comment.

    To respond to your statement, first, the League is not in the privacy invasion business. IP addresses are not private information. If they were, you couldn’t connect to the internet at all. There wouldn’t even be an internet to connect to.

    Here is the link to the JIRA that shows that Linden Lab does not consider IP detection actionable under the Terms of Service.

    Here is a link to Johnson-v-Microsoft, wherein the United States District Court agrees, stating in its summary finding in favor of Microsoft Corporation that:

    “In order for “personally identifiable information” to be personally identifiable, it must identify a person. But an IP address identifies a computer, and can do that only after matching the IP address to a list of a particular Internet service provider’s subscribers. Thus, because an IP address is not personally identifiable, Microsoft did not breach the EULA when it collected IP addresses. Plaintiffs’ contract claim on that ground must fail.”

    In layman’s terms, IP addresses are not by themselves personally identifying information, and even with full access to an ISP’s database, only a machine could be identified with certainty, not a person.

    Even though collecting IP addresses does not violate the Terms of Service, and even the United States District Court agrees that IP addresses are not private information, our tests showed that IP addresses are reliable enough to show whether more than one avatar is being controlled from a single (unique but not real-world identifiable) place over a short span of time, but no more than that since most people’s IP addresses change on a regular basis.

    They are certainly not enough to identify who you are in real life, or even where you live apart from what country you live in. By way of example, another poster showed us that the Krypton Radio IP address geolocates to Atlanta, Georgia, though the server is actually situated in Austin Texas.

    To allay your concerns, such systems cannot do any of the following:

    • Identify who you are in real life
    • Identify your physical street address, let alone what state you live in with certainty
    • Read the contents of your hard disk, or download anything from your computer
    • Steal vital information such as credit card numbers or passwords for any online accounts
    • Snoop through your SL messages or inventory
    • Install spyware or other malicious code on your computer

    None of the systems which perform IP matching – even the controversial ones – are capable of any of the above feats. Phantom Zone certainly does not do any of these things.

    Even if the Phantom Zone did IP detection, which it does not currently do, it would be completely compliant with the rules as explicitly set forth by Linden Lab.

    Second, there’s no domain to block – Phantom Zone doesn’t operate even remotely that way. You’re not party to the communication between Phantom Zone and its servers at all.

    The Phantom Zone is, in fact, most like the old BanLink system in the way it operates. It is a shared banning system wherein those estates who choose to share bans contribute to a global protection pool. Persons who manage to get themselves banned from multiple independent locations end up with a permanent system-wide ban until they can convince enough of the people who filed the original bans to release those bans. The appeals process, as with BanLink, happens at the local level.

    We are nearing official release of Phantom Zone, and when it’s ready we’ll be announcing it here.

  10.  

    zFire wrote: “To clarify the information about RedZone detecting only 0.025% copybot viewers.
    That number represents 0.025% of the 9473075 non-unique scans ever made by RedZone vs the total number of unique copybots detected.”

    Some math:
    1% = 1 out of 100; 0.1% = 1 out of 1,000; 0.01% = 1 out of 10,000; 0.001 = 1 out of 100,000. So 0.025% means 25 out of 100,000 have been detected as copybot? Wow, what a tremendous result!
    That means though that 99.975% – quite about ALL – of the scans have been for nothing, 99.975% of all scans have been innocent people who were treated like criminals because of paranoia and fear-mongery caused by ONE person who even lets this disservice pay him.

    And how many of these 0.025% have been false positives? And it is true that there have been quite a few. These RedZone tools already had sometimes detected Linden Labs own viewers, and TPV from the official TPV list as “copybot viewer”, for what ever reason – in this regard this system is as faulty as CDS. And hasn’t zFire learned yet that having the same IP does NOT mean it’s the same person behind the computer? That the same IP doesn’t even have to mean that it’s the same computer at all? Thus, this snake oil product is so full of faults in itself, it’s nothing but a data-miner.

    So this almost non-existence of “real positive” results (as in, catching real copybotters and griefers) of scanning sound familiar to me: a) from former times: the Stasi in East Germany (which in this analogy would mean that every land “owner” who uses RZ to protect their land would be zFire’s “unofficial informant” to fill his database – and b) from current times, the TSA (and everyone who had the questionable experience to fly during the past years knows of the nonsensical scanning and groping there). But even these analogies have a flaw: both agencies were set into place by the respective government (Stasi by the East German government, TSA by the US government) – while RedZone is not a service set into place by Linden Lab (which more or less is the “government” of SL), but it’s a service byjust a normal resident who has so megalomaniac opinions of himself that he claims to have the right to play grid police / grid secret service.

    I’ve been in SL for more than 3 years now and the things I “wouldn’t want to be caught doing” are none that violate the TOS or Community Standards or Privacy Policy of SL in any way. I own land, have a shop (you can even call it a kind of mall) – yet I do have high ethical standards regarding privacy: Everything NOT shown in any part of someone’s profile – even groups if they are hidden – and everything that is NOT been said in open chat, is PRIVATE, CONFIDENT, not someone else’s business to disclose.

    And yes, I do have alts as well that I’ve made for various reasons. And my alts do have my name and picture in the 1st life part of their profile. But it’s been MY decision to disclose me as their main account, and it’s only MY business to disclose it or not, and if yes, when and to whom and for how long. No other resident has the right to disclose anything about me that I haven’t made public knowledge before.

  11.  

    Jack, your information is inaccurate, one Phantom Zone does NOT Collect IP’s . Nor , as far as I know, and I should know being one of the developers, is it planned to. You will never see any media connections to a phantom zone server, doesn’t work that way and anyone telling you otherwise is feeding you FUD.. cheers

  12.  

    Gem, thank you for your comment. I added a couple of blank lines in between your paragraphs to make it easier for everyone to read, I hope you don’t mind.

    One item of clarity, though. There is a popular misconception that the term “data mining” is somehow a bad thing. It isn’t – data mining is a branch of branch of computer science,and is the process of extracting patterns from large data sets by combining methods from statistics and artificial intelligence with database management. Data mining is seen as an increasingly important tool by modern business to transform data into business intelligence giving an informational advantage. It is currently used in a wide range of profiling practices, such as marketing, surveillance, fraud detection, and scientific discovery.

    It is not, however, “rummaging through piles of data to find information about individuals”, as you seem to imply. Instead, it is more like “examining large bodies of information in order to survey trends and patterns in the data”. Whatever contributions you might make in the data used in data mining is like a grain of sand on the beach, and about as anonymous.

    As for zFire being a megalomaniac, as you put it, I have my own personal opinion about that comment. Anyone can create something to help the community be more secure, and while there are a lot of people who don’t especially like RedZone for various reasons, and while the claims of its effectiveness may be overstated, it does actually function in general as it’s advertised to. Something that isn’t 100% effective isn’t a fraud. It’s just not completely effective, and frankly, for what RedZone tries to do I don’t think anything can be.

    I think we can express our displeasure with the system, and point out its flaws and weaknesses without making personal attacks. It’s easier to have a conversation about it if we don’t cloud the issue with abusive language.

    And pondering this, I’d like to add one more note – this isn’t directed at you personally, but at the public backlash against security in all its forms.

    I see a lot of complaints about things like the old BanLink system, CDS, RedZone, peacekeeper groups like the League, and even security enforcement by the Lindens themselves, and one thing stands out: most of these complaints deftly sidestep the fact that what people are trying to do is control the lands which they pay every month for the right to control, or use the public lands to which everyone should be able to use, not just the griefers. It’s the estate, business and home owners’ land to do with as they wish – if they want to write letters of the alphabet on slips of paper, make people draw them from a hat and then ban everybody who drew the letter ‘Q’, it’s nobody’s business but theirs.

    People don’t have a right to go anywhere in Second Life they want to go, any more than they do in real life – and while I respect people’s right to privacy, that respect vanishes fast when people use that claim of privacy to violate someone else’s, and that’s honestly a huge part of the abuses I see on the grid every day. By the same token, if somebody thinks they have the right to come to a public area and trash it so nobody else can use it simply because it’s a public area, I should have the right as a member of the public to gather what resources I can to counter it – and then some. We have a right to the public lands, and every citizen is empowered by Linden Lab to stand up for that right, using the tools Linden Lab gave us all. That’s not megalomania – that’s civic responsibility.

    So it seems to me that many so-called “privacy advocates” and people who complain about groups trying to make life better for everyone are really just trying to destroy the few tools we do have to enforce the right to privacy and address the misuse of public lands.

  13.  

    Some fair points there Gem. I don’t think anyone is going to argue that Redzone or any such system is perfect by a long shot. As to your points about privacy, you’re right, this is why Red Zone’s creators have changed the behavior of their product. Redzone now no longer lists the names of potential alts without permission, but as functionally most will say no, the potential alts will still be banned , but it will not relate whose that is thought to be. Now personally I disagree there, such a system should not be automated like that, better to have a human in charge, as in Phantom Zone.

  14.  

    Honestly I wouldn’t be all that concerned about the wasted scans if I were you, Gem. I doubt 0.025% of walk-ins at most supermarkets result in hold-ups or theft, but the vast majority of the populace is pretty comfortable with security cameras being there to help resolve things when there ARE occasional incidents. And it could easily be argued that these SL security systems are a lot less intrusive than even your favorite supermarket chain, as they don’t track things like what products you buy–not even for statistical marketing analysis. :-)

  15.  

    I note that Gem is far from being alone in her opinions about RedZone and what constitutes privacy invasion in Second Life. The League and Krypton Radio want to encourage constructive dialog, and we would hope that providing an open, honest forum for debate serves the public interest in an equally constructive manner.

  16.  

    @Kalel: Thanks, it’s really easier to read that way. I was a bit fed up while writing it, so I didn’t focus on the readability.

    @Hewee: Actually I’m not at all comfortable with surveillance cameras, though they once helped me when I worked as shop detective in a supermarket chain in the ’90s. And most of the shop-lifters I caught back then actually had enough money in their wallet to easily buy the stolen product, they stole for the adrenaline kick, not because they couldn’t afford an item they really needed (like a starving person would need food). And I learned that people aren’t “comfortable” with the security cameras, but that they simply don’t care. Most of these cameras are fake anyways.

    I grew up in a country with nearly total surveillance and with walls and fences to hold the people within (“The Lives of Others” anywho?), so please allow me to react quite allergic to any attempt to increase security by invading privacy. Been there, had that, glad it’s over. Yes, that is why I used this STASI comparison, I experienced it first hand back then in East Germany how it is to live under surveillance. I won’t want to have that in SL again.

    In SL, I even AR’d a sim owner back then in Mid 2008, who copied entire avatars including their sometimes even custom-made skins and shapes – just to make fun of them, and to show he could do it. A sim I enjoyed going to was closed ’09 – I later learned that the owner had been AR’d by a few content creators who had seen their products standing there with the sim owner as “creator”, that everything on that sim had been copybotted. So it’s not always the Free basic accounts, or those without payment info who copy stuff. Sometimes it’s also those with payment info, with Premium account, who just do it for the kick.

    Would “Adult” help? No. Some of the most-copied stuff is originally placed on Adult sims.

    And alts? Alts are expressively allowed and condoned by LL. And even though there are a few who use alts to deceive and to trick (something I also had to experience already), most alt users don’t. And how would you even want to detect alts for sure anyway? As I stated above, two avatars accessing SL with the same IP doesn’t necessarily mean it’s the same computer, or that it’s the same person behind the computer. Speech/typing style patterns? I’ve met some I had suspected to be each others alts because their writing style was extremely similar – but during a RL meeting I learned that that was all: these people just had a similar writing style, but were different people indeed. So you won’t have any proof to have detected alts unless you had a look at the person’s computer (or, at least, into their AV/payment info files).

    So, I’m sorry to say that, according to my understanding, there is essentially NO workable way for a Non-Linden to build up what you call security in SL.

  17.  

    Since I don’t seem to be able to edit:

    If I were to choose between absolute freedom, and absolute security, I would always choose freedom.

  18.  

    While I agree that only the Lindens are really in a position to make Second Life truly secure, I have to branch off from there and say that because they appear unwilling to take full responsibility for it, that there is a role to play in this for the residents themselves.

    The notions of security and self-protection are not new – and in the real world, society polices itself. There is some kind of self-governance in every social system. Over the years, to fill in the gap between what the people actually need and want and what Linden Lab will actually do, there have been hundreds of security systems and various products made available. These have ranged from being free to being quite expensive, from the very simple freebies to the elaborate networked systems being sold today, and everything in between. People have a right to protect what’s theirs to keep others from abusing it or taking it away from them.

    By the same token, there have also been community watch groups like Proactive Security, Assistance Notification Network, GridWatch, the BanLink system (destroyed by griefer/hackers in September of 2009) and many others. Many estates have their own security teams, some more formally structured than others – so there are security minded groups which serve both private estates and the public welfare.

    What really bothers me about this is that these groups are genuinely needed – if they weren’t needed, there would be no social pressures that would result in their existence.

    It’s very easy to say, “The Lindens should be held responsible for all of the horrible things that can happen on their service”, because that statement is true as far as I can see. But we also have to take a step back and take a pragmatic look at the situation, acknowledge that they have never met that responsibility, and see what we as citizens can do to fill in the missing pieces. We can expect the Lindens to solve these problems for us, and be disappointed, or we can take an interest in the well being of our community and try to make a positive contribution to it.

    Different people express this civic mindedness in different ways, and with varying degrees of success – but to say that these efforts should not be made simply because somebody else is technically responsible ignores the fact that this responsibility has always been only partially shouldered by Linden Lab, and the fact that as citizens of this virtual world, we have a responsibility ourselves to create this civilization in a positive, constructive image.

    Freedom is attainable without pushing toward anarchy. The balance point between them is something each person must find for themselves. But once found, it needs defending.

    Speaking personally, I realize this is just a virtual world, on a service that will someday go dark. But for now, these are my people, my family, my friends and their families, their businesses and in some cases, wisely or not, their real life livelihood. This is my home, and the home of thousands upon thousands of people. And I cannot stand idly by and allow others to destroy it.

    And I’m not alone.

  19.  

    Wow! Even consent is not sufficient for being able to list alt information now?! I HAD to ask a clarifying question to Soft Linden on that one. Hopefully we’ll get a little more of a clue where the line in the sand is before we inadvertently step over it.

  20.  

    I believe Patsy Linden instructed Xue that the compromise he worked out with Soft Linden is invalid and that this new rule applies. I think it’s unfortunate that there seems to be no cohesion or consensus on this from one Linden spokesperson to the next, and is only serving to fuel further controversy rather than doing anythign to resolve it.

  21.  

    for the record There is the exact wording of section 4 of CS related to this issue:

    Disclosure

    Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about your fellow Residents without their consent — including gender, religion, age, marital status, race, sexual preference, alternate account names, and real-world location beyond what is provided by them in their Resident profile — is not allowed. Remotely monitoring conversations in Second Life, posting conversation logs, or sharing conversation logs without the participants’ consent are all prohibited.

    I expect the confusion is the use of the phrase “Sharing personal information about your fellow Residents without their consent” now as I read this consent is all that is needed. apparently some lindens disagree even there . Watch the CS page (as a supplementary document to ToS it can change without notice) Carefully over the next few days, I expect if they are indeed this fragmented on application of the rules Linden legal will step in with a clarification. For the moment , personally , if I’m given consent, that’s all I need and that’s how I shall continue until it is stated otherwise .

  22.  

    After further research it sounds like the issue isn’t so much whether consent is sufficient, but what information is shared once consent is given. For example, if I were at a university and shared an IP address with you while we are behind the same NATted firewall, then by revealing my own location and giving my consent to share all “alts” that an in-world system believes are mine due to a common IP address, I could be sharing to the public something about YOUR physical location too.

    In other words, depending on the design of the system I could be giving my consent to share not only information about myself, but information about any other residents who happen to have used the same IP address(es). In order to avoid this, a system might instead be designed to query me about each other account it has detected that might by my alts because they have used the same IP address I have. But then the system might be sharing information about YOU and what IP addresses you have used with ME.

    It’s kind of a Catch 22, and if security systems are going to be designed to fit with this strange new twist of the TOS, it’s going to take some major creativity. My suspicion is that such systems will have to go more on behavior (e.g. “a suspected alt of Wiggly Resident has harassed builders in the sandbox”) rather than actual identifying information (e.g. “Hoy Gardner is a suspected alt of Wiggly Resident”). It will present some significant social challenges in the areas of security and trust….

  23.  

    Personally I don’t see how this is supposed to work. IP detection isn’t against the ToS, but any action one takes apart from actually banning by IP (a messy, unreliable shotgun approach to the problem of alt abuse) is now likely to run afoul of this new arbitrary “privacy” rule. Knowing which account is an alt of which other account does nothing to reveal any real life information about a person any more than an IP address does, so this doesn’t make any sense to me. Certainly other people feel differently, but I also see that a lot of people who don’t really know how legal systems work believe that anything that limits their actions (justifiably or otherwise) must be against the law somehow.

    Linden Lab seems to be listening to a mob of villagers with torches and pitchforks, metaphorically speaking. There are extensive threads on the official forums and on SL Universe, but they’re the same sixty or so people posting over and over again, many of whom are alt abusers themselves.

    It doesn’t help that different Lindens are making conflicting public statements, so you get a different “official” statement from Linden Lab depending on which Linden you ask. But I think that as soon as they realize that this is a very vocal but relatively small minority out of the millions of registered residents in Second Life, I anticipate that their stance will change once again, and this time towards a more balanced, sensical view.

    It also bears noting that the Green Zone Users group in Second Life was founded by an avatar named “Fart Admiral”. The group contains known sim crashers and copybotters. And these are the people’s opinions to which Linden Lab gives so much weight? Something is very wrong.

    How odd it is that RedZone, CDS, BanLink, the Linden Governance Team, and the League itself have all been labeled frauds by anonymous angry mobs. How interesting that in each case, the system or group did its job very well, and the detractors all seem to be in the group that it worked well against.

  24.  

    I’ve just spent the morning talking to members of the Green Zone Users group.

    There is still a contingent in the Green Zone Users group that are there because they want to stop anything from interfering with what they were doing, but when I visited the group, these people didn’t chime in (though they were present and lurking). The rest of them just want their privacy, and the fact that the RedZone was being run by somebody who didn’t take very much care to avoid people being falsely accused hit a nerve with them. A lot of these people are just nice folks who don’t understand what’s going on, want to get a better handle on it and feel violated by people such as zFire Xue, whose system could ban people based on incorrect correlations based solely on IP address.

    A quick show of hands in the group IM at the time showed that out of the 70 or 80 in chat, only three or four had businesses. The rest were just regular citizens. I was also told that the reason for this was that when the business owners tried to steer the conversation toward ToS compliant solutions for business owners that they were invited to leave Green Zone and form their own group, which they did. I think this is unfortunate, because it takes the other Green Zoners out of the conversation on where things go from here, effectively removing their voice and condensing the group into an even more isolated single class of user. This only serves to reduce their say in what happens from here on out. The people with the commercial clout to make things happen have largely left.

    For all the Green Zoners out there reading this, I get it now. I don’t think I did before. I think the time is right for constructive dialog on how to make things better, but we all need to reach out across the gap and make an effort.

    At the same time, I have to caution against making a great deal out of very little (or incorrect) information about privacy and what it really is, and how much one can expect in an online service. So much of the drama has resulted from differing opinions on what privacy is, what data mining is, and uninformed rumors about what these various systems can and cannot do.

    We’re all supposed to be anonymous in Second Life, unless we choose not to be. And that’s how it should be. Our avatar names are not our real life identities, and nothing in Second Life can reveal that information by scanning your avatar. Not even RedZone could do this – privacy advocacy is well intended, but let’s all try to see to it that it’s well placed as well.

  25.  

    @Kal-el

    You claim about the Greenzone Users Group “The group is rife with known sim crashers and copybotters.”

    Please IM me the names of these individuals so I can take appropriate action and any proof of this you have would be helpful. Our group was not born as a significant “champion of justice” like yours. It is a USERS GROUP, there to disseminate information and to support a user base. This issue isn’t about Greenzone, or Redzone or Yellowzone, or any zones. It is a bigger issue about protecting the privacy of ordinary residents in SL. Redzone was a brick, useless, if you turned your media off. This privacy issue and the media exploit issue is over 2 years old and the Jira, if you go look, has many prominent SL residents as supporters.

    You say our group doesn’t have merchants? I’m a merchant but I wasn’t there when you asked and our group is a product USER group, not a merchant group. But like any open group in SL we do not have direct control over who joins, only who we kick out. My policy is, everyone is entitled to a voice so I don’t kick people out for having an opinion. zFire xue was a member for a long time, though he mostly was a lurker. Many other redzone users joined the group as well. We had more than our fair share of griefers (trolls) too.

    This post is rife with inaccuracies. Truth, Justice and the American Way means a free democratic society where people are innocent until proven guilty. That “guilt by association” is not the order of the day and protecting basic human and civil rights should be key.

    Seriously, IM me those names, should be easy to cleanse our group since it is only 200 people as you say… yes?

  26.  

    As you know, revealing these people’s alts is against the Terms of Service, Azure, so I can’t IM you with that information. This is at odds with the entire focus of your group, the single purpose of which seems to be to prevent the very thing you have now just asked me to do. It’s not my job to manage your group for you, and my meddling would certainly not be appreciated by the rest of your members.

  27.  

    Kalel, you are a liar. Nobody asked you to reveal alts. At least two, however, have asked you to provide evidence to back up your claims about GZ. You have refused to do so because you know as well as we do that your claims are untrue. I strongly advise you never to show your face in our group again.

  28.  

    Alts of griefers such as Nightmare Dench have been recently discovered lurking in the group, and there is substantial evidence to suggest that at least one of the group’s founders and the creator of the Green Zone device itself was a copybotter. I hardly see how I could point out alts of troublemakers without revealing alts, Pacha. And so now you see how privacy concerns have to be balanced against the need to strip that privacy from people who depend on anonymity to torment or abuse others. Sadly, with the new rules in place, that balance itself has been stripped away.

    It’s very easy to point to the light of truth and call it a lie. A militant response such as this one underscores that there is far more to the Green Zone Users that its members don’t want discussed or seen, and that the Green Zone Users group is not interested in anything other than screening the activities of its members from the outside world.

  29.  

    As you well know, Kalel, the founder of which you speak was added to the copybot list manually by zFire Xue. He was never discovered copybotting by anybody or anything. And you call this substantial evidence? As for claiming to know about people’s alts, have you been asleep throughout this entire saga? Same IP address does not mean somebody is an alt. A messy, unreliable shotgun approach, in your own words. If you’re going to bullshit, at least try to bullshit consistently.

    With every word you speak you discredit yourself even further. Your article is nothing more than a smear campaign against GZ, littered with untruths. You may think you’re clever; you may even be in possession of above average intelligence, however you make the mistake of assuming that everyone else is stupid and will believe anything you tell them. Remind you of anyone?

  30.  

    I’m sure that’s that founder’s assertion, and if IP were the only criterion used in this case to match up the founder with the known copybotter, your arguments might carry more weight – and your claims are certainly diametrically opposed to the corroborative information zFire has already published.

    Of course I know using IP addresses alone is not a reliable technique for identifying alts. There are other means for doing that. Don’t presume I have the same or fewer resources than you do.

    In this entire debacle, the Green Zoners as a group have done little that convinces me that their views are the correct ones. The founder(s) appear to have preyed on the fears of the uninformed masses, and whipped people into such a state of mass hysteria that they are now willing to do things which, by themselves as individuals, they would never consider doing. I still hold severe reservations about the value of artificially sustaining the level of paranoia that seems to define it, and given that zFire Xue’s server has been subjected to relentless cyber-attacks and a break-in that resulted in the destruction of the RedZone database, I have to wonder.

    To put the flame war and ad hominem attacks in perspective, the Green Zone Users appear to be about 70% BDSM, about 4% age play, about 3-4% griefer alts and about 5-6% business people or landholders. Somewhere between 10% and 20% are alts of other members, mostly belonging to just a half dozen people – mostly just there to “stuff the ballot box”. For the most part these are people with something to hide, not political activists. There’s a smattering of people in the group who are there out of civic responsibility, but not very many.

    But even if the body of evidence that zFire had amassed against the creator of Green Zone was entirely fictitious (hard to imagine given the detail), we are left with this, Pacha: Green Zone began as a vendetta, not a public service. It began as a personal conflict between zFire and the founder. That’s the point at which any rational person takes a step back and asks themselves, “What’s really going on here?”

    One thing I feel sure of, though, is that whatever veneer might have been applied to it, this was not civic responsibility in action.

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>