Crackdown on Third Party Viewer Encrypted IMs?
by Alphaville Herald on 21/10/09 at 8:33 am
Emerald Viewer's OTR at odds with SL Community Standards and ToS?
by Pixeleen Mistral, National Affairs desk
The grid is aflutter with wild rumors in the wake of the Lab's announcement of an impending crackdown on third party viewers. One source pointed the Herald to what is claimed to be an e-mail sent to the Emerald Life developers. If legitimate, the letter is likely to raise some serious concerns as it puts ability to encrypt chat on the same level as unauthorized content copying.
Is the Lab unhappy with the encrypted private IMs that Emerald enables? Experienced residents assume that the Lindens occasionally take the opportunity to monitor player IMs – but widespread use of third party viewers with OTR (Off The Record) features could curb that activity.
Look for a lively discussion of what is a legitimate expectation of privacy in Second Life as the third party viewer controversy grows.
[text of the alleged e-mail after the jump]
Dear Second Life Developers,
On behalf of Linden Lab, I want to thank you for all your efforts in developing alternate viewers for the Second Life platform. We appreciate and enjoy the creativity and hard work that all our developers put into creating new experiences for residents of Second Life.
In the past we have been happy to allow development to proceed on all viewer projects, but recently some functionality has been developed that is at odds with our Community Standards and Terms of Service. Some of this functionality includes the ability to encrypt chat, copy content in violation of the creator’s intent, and collect user data without clear disclosure. To help our residents and viewer developers, we are creating a viewer registry that will allow developers to register viewers with us that comply with our guidelines and Terms of Service. Viewers that do not comply may not be registered.
We are interested in working with you and other developers to set clear guidelines for the viewer registry. Our goal is to provide ongoing, positive development for our residents while protecting their content and privacy. Over the next few weeks we will be engaging with the community and other developers to incorporate your feedback into our process, and we would appreciate your input and guidance. Please feel free to email me if you are interested in sitting down with us, and we will find a convenient meeting time for those who wish to participate.
Thank you for your time,
Cyn Skyberg
...
Oct 21st, 2009
Think the proper response to that is… HAH!
Not to say I didn’t see it coming but well yah that was a long time coming. Especially with Emerald being full of Devs who also created Cryolife and copybot, just been waiting for LL to step up.
BamBam
Oct 21st, 2009
“Some of this functionality includes the ability to encrypt chat, copy content in violation of the creator’s intent, and collect user data without clear disclosure”
I can understand the copying content being an issue, even data collection, but I have a problem with them telling us no chat encryption. To me it says Lindens are data-mining chat conversation and they don’t like having that taken away from them. It feels like Lindens are on some weird power trip. I wonder if an external chat tool would not be allowed by Lindens in a SL client? Why do they need to see how great my virtual sex chat is? Is that why they buy so much lotion and tissues? lol
Are you starting to think that SL is loosing it’s fun edge. It is bogging down in controversy. Is everyone selling the same widget and crying about someone else selling one like theirs? Does it seam like Lindens are unable to manage SL effectively? A while ago I had heard LL was going to release server code at some point. Where is that?
Withdraw your cash from Lindens exchange! They will find a way to make it disappear if you don’t. Sooner or later… you know it is coming.
icallbullshit
Oct 21st, 2009
This is gonna be fun!
SusanC
Oct 21st, 2009
I can see why they don’t like viewers that let people copy content – though I think trying to enforce DRM is doomed, and ultimately counterproductive for LL – but I, too was surprised that they have a problem with encrypted chat.
After all, SL users can talk to each other in lots of ways that LL can’t monitor (e.g. they can exchange email addresses, and then email each other.)
Senban Babii
Oct 21st, 2009
Well I often chat to friends while in SL via Yahoo messenger for example. However, are LL worried about what SL users are saying to each other or are they more worried about what is being said through *their* system that they might then become liable for? Imagine if say paedophiles were using IM for chat. If they could encrypt that chat then LL couldn’t know whether their network was being used in such a way.
I’m not necessarily saying I agree with it btw. I’m just putting forward one possible reason why they might be taking this approach i.e. to protect themselves. Obviously if there was an investigation into say a paedophile ring that had been using SL to communicate, LL could potentially find themselves in a tricky situation. But it comes down to finding a reasonable compromise between user privacy and the need for legitimate surveillance of communications e.g. during a criminal investigation.
It certainly raises an issue of why someone would even want to encrypt SL IM communications but this isn’t necessarily to hide criminal acts. There’s a legitimate reason to encrypt in business for example and business users might consider whether they can encrypt their communications as a factor in using or not using the SL platform. So maybe LL need to consider allowing encryption with keys being submitted to escrow agencies for use in legal investigations? Yes there are issues with that too of course but it’s all about compromise, right?
Neo Citizen
Oct 21st, 2009
I can understand not being interested in having clients on that can encrypt chat – they’re not on a power trip, they have a right to be able to monitor and control their own service. In fact, they’re required to. Knowing the Emerald client feature list, it seems that the encrypted chat feature is probably the only thing about it the Lindens will have a problem with – except perhaps the ability to detect Lindens in a sim even when they don’t want to be detected. I’m sure that if Emerald simply removes those features, they’ll be compliant, and that will be that.
I can’t imagine what ‘collecting user data without clear disclosure’ means, unless somehow they’re able to harvest IP addresses or real life names and phone numbers or something. Anything else is something LSL already does. Anybody know what they’re talking about here?
Orion Shamroy
Oct 21st, 2009
Kinda makes ya wonder… What about the fate of other unorthodox clients like Restrained Life and Metabolt?
BamBam
Oct 21st, 2009
“I can’t imagine what ‘collecting user data without clear disclosure’ means, unless somehow they’re able to harvest IP addresses or real life names and phone numbers or something.”
When you first load Emerald it displays content from a web page. This gives up your IP address. From that IP they can determine a lot about you. Its like your street address on the internet. I have never seen the source for Emerald so I could not tell you if they are pulling any other information about you or not. Even a log file of hits could be considered data mining. But it would be extremely easy to insert code that can pull down a lot of information about YOU. Are you paranoid yet? LOL
Pappy Enoch
Oct 21st, 2009
Don’t y’all know nothin?
It ain’t about no instant massages and somesuch being encapsulated or whatever the hell you smart folks am going on about.
Linden Lab don’t like no wigglin’ boobs. Emerald gots ‘em. I planned to run off with her till I found out she won’t no gal but some computer thing for looking at nekkid gals.
I reckon that damn prude Miss Pee-tunia Amorous Talladega done turned in Emerald. She can’t stand no naughty parts nohow.
This hear confabulation are about cha-cha-bingos that move, plain as the nose on the side of my head.
Yuri Diot
Oct 21st, 2009
BamBam: better not visit any parcel with media on.
Zwagoth Klaar
Oct 22nd, 2009
Yes, the startup page for Emerald gives us your ip address, so does visiting our website. None of this however is personally identifiable to a specific user or character. It’s hardly in our interest to look through hundreds of megabytes of log files of website hits to harvest ip addresses that have no identifiable information along with them, nor is it feasible. That is even if we ever wanted to it wouldn’t be realistic to sort through all the data. Reality check please? We develop a viewer, not steal identities.
Parcel media is something else entirely, and can easily be linked to avatars, and for exactly this reason, I never have it enabled, as it tends to be rather highly exploited.
Obvious Schism
Oct 22nd, 2009
I can’t understand what people are saying in IMs even when they are unencrypted, so how the Lindens could make any more sense of this gobbledygook is beyond me.
Gwyneth Llewelyn
Oct 22nd, 2009
Security vs. Privacy. “1984″ fans will always go for security.
Atra Lupis
Oct 22nd, 2009
Linden Lab won’t be able to stop users from using an “unregistered” third-party client so long as the client has the features that those using them actually want.
They don’t like Encrypted IMs?
Tough luck Linden Lab.
I know several people who would rather keep the ability to complain in private and say whatever they want to, to their friends than worry even one bit about some nit-wit Linden taking action on a conversation that should remain private.
Copy Bot?
Give users a way to back up inventory and that will eliminate 99% of the need for such programs.
Emperor Norton Hears a Who?
Oct 22nd, 2009
‘collecting user data without clear disclosure’ combined with “Emerald being full of Devs who also created Cryolife and copybot”
Interesting combination of concerns. Wasn’t copybot the one with the secret back door and keystroke logging?
Icarus Ghost
Oct 23rd, 2009
Would Emerald be allowed to integrate a gChat client with OTR into the viewer? Why must LL maintain the ability to read all “private” IMs?
Are they logging all of them?
Are they reading them without a court order?
Sinden Lucks
Oct 24th, 2009
Linden is continually digging their own grave. I’ve never seen a company so mismanaged in my life. No visual perception, no innovation, no way to produce. All the real work is done out side of Second Life. The real innovations are always done “on the outside”. And what does Linden continue to do? Kick the open model in the teeth. The ones producing the next works. This is what proprietary software companies do. They love the idea of having free labor and donations of effort, but seldom comply with what it means to be open to such innovations. It’s their own demise, and everyone is witnessing it.
I’ve completely pulled out of SL and moved to opensimulator. Two years now. Far less lag, far better for those that prefer fast paced continued effort and an ever improving platform. All with open minds, and the talent to make it happen. And where does it come from? Open source collaboration where the best software in the world happens. Certainly doesn’t happen at Linden Lab.
hiddenbehindtheglass
Oct 24th, 2009
Lets put it this way, i think LL loves the idea of being able to spy on people’s chats. simply put dont say anything inworld that you wouldnt say on TV. if you are going to chat with your friends or family. use a IM tool like yahoo or skype atlest you know your not being spied on.
Also the SL veiwer returns data back to LL. such as your Hardware specs, your Harddrive ID and your OS. as well as this Linden Lab loves to collect data. so much so that they emoplyee someone to do this for them.
Jumpman Lane
Oct 24th, 2009
they sure read my ims lmao
JustMe
Oct 25th, 2009
BamBam said “I can understand the copying content being an issue, even data collection, but I have a problem with them telling us no chat encryption.”
I certainly agree with that. But what I’m wondering is why the Herald article singles out the least important item .. encrypted IMs, and ignores the copying and data collection issue? We can always do something about chat (use Skype, other chat/IM products, etc), but we have no protection against content theft or data collection. Isn’t THAT what the Herald should be reporting on rather than the ability of LL to read our cybersex sessions ?
Sinden Lucks
Oct 25th, 2009
Linden doesn’t just spy on people, if they don’t like what your doing they can shrink you to the size of a pea, throw you in an endless boxed loop, and completely control your client. To the point that you cannot even do anything except logout. I’ve been saying this for years and no one wants to believe it. Play a serious game in SL and see where it lands you. They can control every aspect of your client. Take a snapshot of all of your client buttons greyed out and inoperable when it happens. Spying on IM’s and chat records is the least of what Linden has allowed and done. Then call them on the phone and get the arrogant ass that tells you to “prove it”.
Try turning in 50 to 100 abuse reports when the virtual land scammer rips you off for a grand and see what happens. Linden allows it and supports the concept that they are not responsible when someone rips another off in-world. And for any amount.
If people knew the truth, they most likely wouldn’t appreciate Linden’s way of doing things, and most certainly would have a better understanding of their server/client and how it operates.