SocialSecond Life Vs RedZone Saga: The Symptoms & The Cure

Second Life Vs RedZone Saga: The Symptoms & The Cure

Why Linden Lab needs strict privacy policies and security controls.

To update everyone on the latest developments, on Tuesday March 2, RedZone once again disappeared from SL Marketplace. This time around speculation as to who pulled it down and why did not last long, as Soft Linden commented on the seemingly never ending JIRA (which has 1625 votes and 625 watches at the time of this writing), saying:

Soft Linden added a comment – 02/Mar/11 12:58 PM

Hey, all. I got the go-ahead to give an update on zF Red Zone specifically. Again, thank you for the ARs with specific info about violations. These have been very helpful for letting Lindens know what’s going on.

Tuesday morning, we removed zF Red Zone from the Marketplace for a second time. We removed the in-world vendor distributing the item as well. We determined that zF Red Zone was still in violation of our Terms of Service and Community Standards.

We asked for removal by no later than today of all zF Red Zone functionality that discloses any alternate account names. That is, even if consent is asked, the service may not act on the consent. In addition, we asked for removal by no later than Friday of the interface for and any remaining implementation of the zF Red Zone consent mechanism because it does not comply with our policies. If these updates are not made, we will take appropriate steps to remedy the violations.

As before, we appreciate your help in keeping an eye on content. If you find that any merchant’s product is not in compliance with our TOS or our Community Standards, please file an abuse report about the product. Do this even if you filed against a previous version. Include a specific explanation of what you believe is a violation, and ideally select and report the in-world object at issue in case it behaves differently than what’s in the Marketplace. Before reporting, make sure you have first-hand knowledge of the issue. Support can best react if you explain specific steps to reproduce or confirm a violation.

You will note that he says clearly, “a second time.” Now, last week I mentioned that speculation had gone wild as to who had pulled RedZone off Marketplace the first time, but it didn’t matter. It matters now because at that time zFire claimed he had done it himself.

zfireliesagain.jpg

Click to enlarge

Apparently, this isn’t true. The Lab pulled it both times. I would say I was surprised except.. well yeah, there’s no surprise at all.

But back to Soft’s message. What this means is that the entire alt disclosure issue is (almost) all over but the screaming. Any and all RedZone services that use any sort of alt disclosure have been declared firmly against the Linden Lab terms of service (TOS) as well as Community Standards. The reasons this was done are the same ones I’ve been saying all along the only way this could work would be if consent implied infallibility. It has been proven over and over that it does not work that way, and zFire had no intention whatsoever of asking *every potential alt account* for consent before releasing anything. With teens being allowed on the grid, the risk of false positives and the potential for abuse and exploitation (which has also been proven repeatedly) was simply far too much for the Lab to take on.

The Reaction Explosive and Predictable.

It is probably not surprising that within a very short time of this announcement, zFire went down to his store inworld and reinstalled the device for sale. I am told at that point that Soft Linden went down to his store personally and removed it again. Several other inworld locations selling the device received Abuse Reports filed against them by angry residents, complete with snapshots showing how the unaltered device was still for sale inworld. It was clear that zFire and his supporters had no intention of following this new directive.

Without the alt-viewing capability (lousy as it was), zFire’s device is no longer worth anything near the $17USD he was charging for it. In short, the main cash-draw for the device is dead. The party is over. Even though it can still perform other functions, it is no longer worth the current asking price, and the negative association of the object as well as its creator is likely permanent or as close to it as would make no functional difference.

To say the news was received poorly on zFire’s own forums would be an understatement. In fact, they set about immediately to try to find ways to “go underground,” including posting the database outside of Linden Lab’s control. In addition, they set about trying to find ways to defeat the patching system developed by Sione Lomu (and adapted by others) which is now making its way slowly but surely into nearly every viewer available on the grid. As of this writing, Sione’s patch has been submitted as a feature for Linden Lab’s official viewers as well (VWR -25062). Soon there will be very few viewers available that won t have this feature. This has led some RedZone supporters to call for creating an API to attempt to continue to avoid scan detection.

Wait, a What?

Basically, an API in this case would be a means by which RedZone could attempt to sneak in under the radar, even with Sione’s patch. Right now, people are aware that the RedZone server comes from http://isellsl.ath.cx (and several other iterations from the same domain). This API would allow authorized people to use their domains to mask the scan’s origin. You would instead get a request popup from an unknown domain, which might look very benign, encouraging people to allow it thus allowing the scan. Since most people are accessing Second Life through their home computers on residential Internet connections, they may be surprised to learn that what they re proposing may very well be against the TOS of their ISP. Not that I think that would stop most of them, but there you are.

Previously, the popup caused by Sione’s patch would occur simply upon landing at a location (lag may cause a delay). However, speculation began this morning that there has perhaps been a change to further hide RedZone from being identified, allowing the scans to continue unabated that the popup does not occur in certain locations unless you hit PLAY on your viewer’s media (as if you wanted to listen to music, for example). You can read more about that right here. However, it should be noted that if this change is true, it also means that the device would not be triggered to scan you *unless* you hit play in your viewer so unless the patch warns you via a popup, you re not at risk.

But even as RedZone moves further and further toward extinction, this does not mean the problem is actually solved. What needs to be focused on now is why these products exist, why they can do what they do, and why people continue to buy them.

All Eyes Back On the Lab.

The reason products like this work, as I’ve mentioned previously, is because up until now there has been an inherent security problem within Second Life viewers. This allows RedZone and other devices that operate along similar (if not quite as odious) principles to scan you and collect information (benign or maliciously intended) without any knowledge or consent on your part. Until recently, people didn’t think too much of the problem, as Second Life was a very closed-off system.

But in the past couple of years, there have been significant changes within Linden Lab, and in recent months the company has gone inexorably in a direction that would open it up to other, larger social networks (which, if you’ve been reading here, you would have seen six months ago). With this push toward opening the virtual environment up to these larger arenas, come the problems of privacy that they tackle and share (and very often completely screw up). At this point, the Lab cannot ignore these issues any longer. They must address them from the point of policy and governance.

Wherefore the Fan Club?

But why are the supporters of RedZone so adamant? All right, some of them truthfully are buying a placebo. Really. They are. RedZone cannot (really, absolutely can not) stop instances of copybot. In fact, the Lab can’t either which frantic content creators refuse to believe, but it’s true, on a strictly technical level. Some of them really are creepy stalkers, looking to find out personal information for their own malicious purposes. That’s entirely true also. But some RedZone supporters are saying something else, that this device does what the Lab *refuses* to do: give them greater control over their sims.

It is true that for most people, the tools already provided by the Lab are entirely sufficient to control any problems on their sims. It is also true that some locations are considered to be active targets for griefing and malicious activity. Further, there is no restriction on anonymous alts (no requirement for them to register with the Lab under a main account) and there are many locations which are only lightly controlled allowing a griefer to place a device, and use it to cause trouble on a sim remotely.

When griefing gets out of hand, it can cause significant drops in traffic, which in turn loses money for the sim owner. Full sims, as of this writing, cost $295USD a month. To feel as though you’re spending that much money and not getting sufficient tools to allow for security is, to put it mildly, frustrating.

Do the Tools do the Job?

Most people in Second Life do not have a paid account. Although you can restrict access to paid accounts only, this not only cuts your traffic by an enormous amount (though it will cut your problems down too) it may prevent people from living or working on your sim that you have never had any trouble with at all, as well as deny access to other potential new users via other free social networks once the Lab gets its act together more fully on that score. Though it is also true you can restrict access to age-verified persons only, this will definitely cut your traffic so much so that unless you have either Adult rated businesses or a strictly residential sim, it’s something that I would not recommend to anyone trying to make money in Second Life.

Ban lists are limited in Second Life to 500 people. This, I know, sounds like a lot. But for people whose sims are regular targets for problems, particularly when those problems come in the form of the same few people coming back with endless alt accounts, that number can fill up quickly. Further, there is no way to control any land functions unless you happen to be logged in. So if there’s a problem on your sim, and all you have is your cell phone, there is no way to access a “land management” dashboard through the web. It creates a state of hypervigilance, where people are worried about logging out, lest there be a problem that no one is around to handle.

The question arises why are some people having lots of trouble with this while others have little to no trouble at all? The answer, honestly, is it doesn’t really matter even if the sim owners are people you wouldn’t put out if they were on fire, it doesn’t mean that the constant harassment is the solution to that problem. The actual solution is that you simply never go there, and go on with your life as if they didn’t exist. This problem only continues to escalate as both sides keep upping the stakes.

The reason that RedZone (or any other system like it) ever made any money at all, was because it was filling a void in the marketplace one that by rights the Lab should be filling themselves as the provider of the platform. Until they take that reality seriously, and work to address these needs, there will only be another RedZone to come.

The Lab has to step up and deal with issues of privacy and security. Nothing else will stop this.

Resources

The 2023 B2B Superpowers Index
whitepaper | Analytics

The 2023 B2B Superpowers Index

8m
Data Analytics in Marketing
whitepaper | Analytics

Data Analytics in Marketing

10m
The Third-Party Data Deprecation Playbook
whitepaper | Digital Marketing

The Third-Party Data Deprecation Playbook

1y
Utilizing Email To Stop Fraud-eCommerce Client Fraud Case Study
whitepaper | Digital Marketing

Utilizing Email To Stop Fraud-eCommerce Client Fraud Case Study

1y