Emerald Gang Implodes – Viewer Ban Hammer Next?

by Pixeleen Mistral on 01/09/10 at 9:45 pm

Jessica Lyon has resigned from the Emerald viewer team and published the formerly secret requirements Linden Lab made of the group – which include the expulsion of Skills Hak, Discrete Dreamscape, and Lonely Bluebird (a.k.a. Phox) from the development team – previously Fractured Crystal resigned from the group.

Emerald meeting M Linden, Marty Linden, Joe Linden, and others in happier days (click image for closeup view)

The Emerald gang has been plagued by accusations they were responsible for a DDoS attack on a critic’s web site, revelations of leaking user-identifiable information, high profile resignations, and what is believed to be a case of using unauthorized access to the Vivox admin console to silence another player’s voice – then taunt him in-world. This led Linden Lab to issue a warning against the rogue viewer and remove it from the third party viewer list.

Understandably, Linden Lab seems intent on removing developers with questionable track records from the team, and threatened to block access of the Emerald viewer to Second Life. But in a desperate bid to keep Emerald alive, Arabella Steadham – who does not lie – and Lonely Bluebird felt it best that Lonely Bluebird remain on the team – and so have locked everyone else’s access to the modularsystems servers, according to Jessica’s resignation announcement:

As of some time this morning, all access to the servers have been severed to all but Arabella Steadham and Lonely Bluebird. Neither me, nor any of the other Emerald Developers have the ability to put out releases at this time.

Some speculate that the return of Fractured Crystal to the Emerald gang is now likely – according to an update on Jessica’s blog Fractured Crystal has applied for a trademark on the Emerald Viewer.

But this may all be in vain, if Jessica’s account of the Linden Lab requirements is accurate (full text at the end of this story). Will a skeleton development crew led by Arabella Steadham be able to comply with the Lab’s demand for a sanitized Emerald viewer by Friday?

Apparently Jessica’s ejection from the gang was the culmination of a heated discussion – portions of which were provided by Ms. Lyons, and say in part:

[1:02:01 PM] Jessica Trinity: users aside, everyone here is here because we want to see emerald succeed
[1:02:09 PM] Jessica Trinity: and we’re still here because we believe it can
[1:02:34 PM] Jessica Trinity: leaving for the sake of the project would be the only honorable thing to do hon
[1:02:55 PM] Phox: I guess I’m not honorable then.
[1:03:04 PM] Jessica Trinity: so your willing to be the reason emerald dies?
[1:03:25 PM] Phox: No, Linden Lab will be the reason Emerald dies, regardless of what I do.
[1:03:35 PM] Phox: If my staying results in that outcome, well you can say I told you so.

…

[1:07:14 PM] Jessica Trinity: If i was told to leave, and i had to leave to keep this project going i wouldn’t think twice about it. I would be sad, but i would also be proud that i made the sacrifice to keep it alive
[1:07:48 PM] Phox: Well when I’m told to do something I don’t immediately bend over and let linden lab fuck me.
[1:08:00 PM] Jessica Trinity: phox, they are going to kill the project
[1:08:04 PM] Jessica Trinity: are you living in denial?
[1:08:05 PM] Phox: Let them

Meanwhile an Emerald gang project meeting has appeared on YouTube – apparently Phox will include the capability for the viewer to spoof it’s identity in the very near future.

With an unrepentant Phox standing shoulder to shoulder with Arabella Steadham effectively daring the Lab to ban the Emerald viewer, the clock ticks toward a friday deadline for compliance – or an Emerald viewer ban. All of this suggest now might be a good time for even hardcore Emerald fans to consider their options.

Emerald Project Team:

We have removed the Emerald viewer from our Third-Party Viewer Directory because of its multiple violations of our Policy on Third-Party Viewers.

Our Policy prohibits the intentional targeting of third-party sites as was done recently by the Emerald viewer’s login page. Specifically, the Policy prohibits the distribution of harmful functionality like denial of service attacks or griefing attacks. (TPVP section 2.d.iii)

Our Policy also requires a published privacy policy that specifically describes what user data the third-party viewer collects, stores, or uses, and how it uses, displays, or shares that data. (TPVP section 4.b.i).

The published privacy policy for the Emerald viewer does not disclose what user information the viewer collects. When it came to our attention that the Emerald viewer was collecting the installation path without stripping any user account names present in the path, and storing it in textures produced by the viewer’s graphics library wrapper, we asked that this code be altered to omit full directory paths. After assurances from Emerald developers (Lonely Bluebird) that the code would be altered, we were disappointed to learn that instead of stopping the practice of adding data to textures, the Emerald viewer code encrypted the data in order to obfuscate the data collection practices.

In addition to violating our Policy on Third-Party Viewers, these actions are significant breaches of the trust of the Second Life community. Please remedy these breaches immediately by taking the steps outlined below. Taking these steps is critical to providing transparency around Emerald’s viewer functionality and collection of user data, and to ensuring that the viewer complies with Linden Lab policies and the law. The steps alone do not, however, guarantee that the Emerald viewer will be readmitted to the Third-Party Viewer Directory.

Provide transparency in your development efforts to both the Second Life community and Linden Lab, including:
- Use open mailing lists or forums for your developer communications.
- Provide a publicly viewable source code repository.
- Provide public code commit notices.
Demand accountability from each and every Emerald developer, including:
- Require each committer to provide real-world identity information to Linden Lab as a signatory to the certification of compliance with the Third Party Viewer Policy.
- End the participation of any developer who has deliberately violated Linden Lab policy or the law.
The Emerald viewer’s closed source emkdu library is not in compliance with the GPL. Bring all current and future versions of the Emerald viewer into compliance with the GPL by omitting emkdu. Use OpenJPEG or other GPL-compatible code.
Update your posted Privacy Policy for the Emerald viewer to specifically describe what user data has been collected or stored by any version of the Emerald viewer that may be used to log into Second Life. For all user data collected or stored, specifically describe in the policy how that user data has been used, displayed, or shared. If you wish to disable login of any versions of the Emerald viewer that may be collecting user data, please advise us immediately of the specific viewer versions.
Do not distribute any functionality that conceals information in Second Life assets, including through encryption or steganographic techniques, with the sole exception of information that LSL scripts produce or consume. We will be updating the Third-Party Viewer Policy shortly to clarify this requirement. Be sure to bring all current and future versions of the Emerald viewer into compliance with the requirement.

Please respond to this notice no later than this Friday, August 27 and confirm the date by which you will have completed the above steps. Failure to comply with the steps may result in further action by Linden Lab, beyond removal from the Third-Party Viewer Directory. We look forward to your prompt response.

Sincerely,

Oz Linden

And our second response from LL was.

Your responses are acceptable, with the following exceptions and clarifications:

We have considered your request to retain Phox, Skills, and Discrete on the team in some advisory capacity, and have made a final decision: No association with the project in any capacity is acceptable. All connections between those individuals and Emerald Viewer project must be terminated, and that fact made public by the team.

The time frame for a release that does not include the emkdu.dll is not acceptable. A release must be made available that will not use an emkdu.dll or an llkdu.dll even if they are on the users system must be made available.

Each of the above issues must be addressed no later than Friday September 3rd or Linden Lab will begin taking steps that will culminate in blocking all access by the Emerald Viewer.

With respect to the identification of contributors: the use of age or payment verification will not be sufficient. We will provide more details on the new requirements as part of updates to the Third Party Viewer Directory policies; these will apply to all new applications, not just yours. Specifics are still being worked on, and I’ll share them publicly as soon as possible, but the essence of the change is that each person with commit access to the viewer code or any project web assets served through the viewer will need to individually execute a certification of compliance with the Third Party Viewer Policy, including real identification and addressing information. Those identities will be confidential.

With respect to the public code repository – the googlecode repository is acceptable, but a link to it should be added to the set of links in your project web site footer, not only on the FAQ page.

138 Responses to “Emerald Gang Implodes – Viewer Ban Hammer Next?”

General Drama

Sep 9th, 2010

So phox gets a new alt (like that hasn’t happened before), changes his MAC/CPU/HDD hash, and we’re back where we started.

Only difference is now, nobody can claim Emerald didn’t have this coming.

So, Philip, going to refund Woodbury their money and apologize any time soon?
SweetAlabama

Sep 9th, 2010

LL found another way to identify the emerald viewer. Its not like they could get hold of the viewer to test how they could.

Arabella got on an alt but was bragging about it on her alt…. how dumb do you have to be to continually give yourself away?

Arabella, eat another cupcake, everything will be just fine.
Pepper

Sep 9th, 2010

@Nelson, look at About page.
Philip Linden

Sep 9th, 2010

@ General Drama

No.
history

Sep 9th, 2010

Ehhh, Jayd3n, the lab *never* claimed anything was owned. They always have made it clear for those who actually bothered to read the TOS that they could take everything away without so much as a warning or explanation.

They just idiotproofed it now by calling it a licence, and you and Intlibber are examples why they needed to do that. The woodbury crowd, same thing.
Lok Mistwalker

Sep 10th, 2010

@Nelson

So do you know if that skills hak and gemini ban is still coming? It’s about the only thing left that hasn’t happened
Jayd3n

Sep 10th, 2010

Yes Skills Hak is still in violation of TOS, and Real Life laws.

There is also another highly illegal system which can be abused, and or abused by other residents called ZF Redzone, it displays ur alts names to everyone.

Collection of any information, including contact information, user names, Keys, which can be used to contact a user without the option to OPT out is violation of Real Life privacy laws, let me explain…

When you get spam email it is illegal, unless you like it and dont mind, unless they send you an email with an opt out link, then its not illegal to advertise if you sign up for such a service and or third party sharing and such, as long as they tell you in their Privacy Policy that they share with their 3rd party sponsors and such.

CDS, and ZF do not give the option to opt out.

Just like Skills Hak, and other make claims it is legal for them to say Here is the privacy policy, but you step on someones land without any warning, or given a chance to read/opt out, we can illegally run scans, get data from your computer, and such. They are wrong… Linden Lab is wrong for allowing such, and these users should be removed from SL.

http://www.youtube.com/watch?v=xNnAvTTaJjM

http://treminarisecondlife.blogspot.com/2010/07/spywaretos-and-legal-violation-in.html?zx=12f743f4237b2a8e

http://treminarisecondlife.blogspot.com/2010/09/in-reference-to-comment-of-previous.html

The only reason I have not attacked ZF redzone much myself, is because they have not attacked me, and the creators have been victims of lots of content theft themselves, so I can understand why they want such, and as long as they dont abuse I really dont care, but what this person says is still true about both systems.

Also as for Copybot, there is no way to stop it until LL gives creators full rights, stops allowing residents to use any keys they want in LSL without placing the animaion, sound, ect. inside of the script. if this happend, then people would have to re uplaod copybotted content leaving a trail for LL to ban hammer way easier. As it stands, I can still login with any Copybot Viewer I please, Rip any creator I want, and do anything I please no one can do shit, I can IP Spoof, hide info, all 100% Undetectable by CDS now, Coypbot an entire build and leave it right there for the creator to see, maybe my account would get banned, but who cares I just make another. My point being that these systems dont really help, and its LL who has to do something to stop this. Also the use of UUID’s to copybot skins, and keep for personal use is quite easy, and 100% undetectable by Linden Lab, and if not passed around who is going to abuse report for such there is no proof, and even if they were passed around, no one would get banned because everything is spoofed + the creator is the original on the texture UUID.

I dont think Linden Lab will be around much longer anyways unless they totally fix this service, hire new employee to develop sculpties, and many other new features for the residents, and such. Give full powers over bans to the Residents. This way Linden Lab would not be wasting money on all these main land regions anymore. There would be no more bans from Second Life for any resident except for the acception of crashing a sim, or scripted attacks on a sim against the sim, or a DDOS,ect.

Linden Lab would be the simple host provider, all residents who pay for their own region can do what the F they want including racism, hate, griefing on their own region if they please, ect, whatever they want and allow they can do. This would mean if a user doesnt like it simply dont go to that region.

As it is I think Linden Lab is going bankrupt, just as three other companies in 2010 who support online games due to mistakes they made.
Jayd3n

Sep 10th, 2010

Oh yeah I forgot to say it would be a lot cheaper for LL if they were not paying for their software services like KDU to run on their service, and third party services, but actually wrote and code their own software instead of use third party software.

If they wrote their own code, and such our tier could be less, and the SIM buying cost would be a lot less, but they refuse to higher the development team to do such.

Also if they did this the in world physics, militaries, avatars that could be in a sim without lag, and support for crossifre/SLI, and graphics in peoples clients could be greatly increased. What about SL With direct X10 for example, real weather effects, and such.
Believer

Sep 10th, 2010

Who the fuck even cares about Skills and the CDS anymore?
Judge Joker

Sep 10th, 2010

They wont ban Skills because the SL Merchants would be up in arms, CDS is a placebo for people who don’t want to deal with the reality that Second Life is insecure and prone to rampant abuse.

That’s the main reason why Emerald Point was sold to Skills, because Fractured Crystal knows he can always come back and have his “sim” on an alt while in Linden Labs eyes it’s owned by someone else they can’t touch.

That’s another BIG F U to Linden Labs by FC, and will end up like with the Woodbury sim in Linden Labs eyes, as a point of congregation of unsightly elements that either seek to cause social disruption or as a point to get back at residents who have spoken out against them, but that’s a big list they will have to go though.

I suspect Linden Labs if they have any sense will keep an eye on who has “control” over the land, as that might point to being a FC account.

They really should force her to rename the sim, to INSILICO Point and rename the Emerald groups to Phoenix viewer, support e.t.c and hand the Emerald community over to the other Developers as most without sense are going there anyway.

Purge any remaining accounts under Modular systems e.t.c and leave it at that.

And even if you have evidence it’s against the law, Linden Labs wont get rid of her because no ones shouting about it, you have to bang on bins and shout, but people are content to feed on this placebo than having to worry about how to protect their shop.

You should be more concerned with the fact that InWorldz has accepted all 3 as refugees, which will undoubtedly lead to InWorldzs being used as a base to rebuild the client and membership.

Which will if you believe they data mine take the drama globally to an unregulated frontier.

Like it or not Linden Labs is a regulator and without a regulator the pressure of such acts falls on teams and businesses not setup to fight such behavior.

I’m sure there having enough problems with copy exploit clients e.t.c as it is, and to add such immature brats and supposed adults to the mix is a power keg waiting to explode.
Samantha

Sep 10th, 2010

So far nobody’s really shown why the CDS system is illegal. What am I missing?
Lok Mistwalker

Sep 10th, 2010

Nelson said he had a reliable source at LL and that skills and cds would be banned. Just wondering how come that didn’t happen considering that all of the rest did?
sole

Sep 10th, 2010

Quote
“Wow Arabella sounds like an arrogant JERK. And it seems like this reporter didn’t do much to make her seem that way either. Just this response
Arabella Steadham: you can read the correct interpretation on the MS blog
Pixeleen Mistral: I read that – but it confused me
Arabella Steadham: thats a pity
Arabella Steadham: It was quite clear to many of our users”
I heard her on voice once on the emerald sim and yes she was extremely Arrogant.
Jayd3n

Sep 10th, 2010

The reason Skills hak is not banned yet, is because he pays over $1000 USD a month for insilico sims, and because the Content Creators Assoication made by Gwen kisses his ass, and supports CDS I had a long talk with them about such before. Although I have respects for the CCA, and Creators, I will not support any type of illegal anti theft systems, or be part of a group that supports such systems, or copybots.

Well I will explain why CDS is illegal.

When you visit most websites, or use a service that collects any type of information including IP address, including Second Life. They all contain a privacy policy which you have to agree to use the service, and if you dont, you can terminate your service from going to that site they wont log or store information.

When you make a Phone Call, most companies say they may record your call for quality insurance, and such.

CDS, and ZF Redzone LOG Personal Information, IP, User Names, Keys, and possibly other indentifying content without giving any users a pirvacy policy to accept, or agree to. They are simply selling a product which illegally data mines residents, and no one knows that the land they are going to uses such a system, and it gives others personal info, as well as stores this data without the consent of users.

W-Hatt is an external Database that Datamines Keys, and they even offer a removal of your key if you do not want it there.

When I visit regions in Second Life, I am expected to read, and follow rules that are listed on such, however if a person wants to list they use such security in those, they have to give the user a chance to Leave before doing any type of illegal scan, and logging info still.

The only thing that is legal by all means is using the Second Life Ban Tool, in Second Life, as Linden Lab servers, and their privacy policy applies to such, any other tools that store any other type of information without user consent is not, and I have filed internet complaints about CDS due to their illegal logging, and I will do so to any other systems that store any information of mine without my consent.

–OFF Topic–
All I have to say, is that these abusers deserve to be gone from Second Life, and that I do support Legal Ban Tool In Second Life, what I do not support is Copybotters, like Smiggs groups in GOR, who denied anything ever took place, allowed her sisters to copybot many items off of users, clone many avatars, which there are snapshots of everything from day one of this, and then ban anyone who asks them or questions them about stolen content, saying they have a right to. While they may have that right, they are using it to cover up illegal stuff, and people who do that will pay with the truth and exposure of such. And group leaders who deny such even after being offered snapshots and proof of such is stupid. And personally, Smiggs can tell that to the last two sim owners she caused to get screwed over, zammy, and ali’s sim who got deleted by her best SL friend. Its her fault that these two had to pay for her tricking them into supporting the content theft and not reporting such, banning anyone in question of it. For their abuse until I personally can verify any time I want to that there is no stolen content on their regions at any time I please they will be labeled forever content thieves and supporters until I have evidence that proves otherwise from what I last collected, it is how I, and many others I know look at it. They are not the only ones either, You can see (New Jack City) which constantly had copybotted objects passed around by Many people, including one of my best friends who I once trusted, who had many alternate accounts, and these packages contained over 100 illegally copybotted skins using UUID exploits. They of course spread lies to their stupid friends antonio, and another person, and caused big issues for everyone by allowing Griefing, Theft, and many attacks on this region, now Dic Jacobus is either banned, or suspended, but the regions remain in Second Life, and status is currently unknown. Also its funny how when content creators teleport down into UC sims, all of us got instantly banned, someone there besides the owner was hiding something they didn’t want to see. I was later removed UC BL, because none of us did nothing. Also about NJC they wanted Roleplay Court over Real Life Intellectual Property Violations and such. How stupid is antonio, and Alonzo to have allowed this.

Fact, Second Life is full of ignorant users, and anyone who would believe people like this even with all the evidence against such people just because they have a bunch of groups they made friends with to Lie for them, and OMG I love you bro/sis get srs.
Nelson Jenkins

Sep 10th, 2010

@ Samantha

There are many reasons, but here is just one example.

Linden Lab’s ToS forces all users of the Second Life grid to be governed under California state law (ToS Section 12.2). (However, it is still questionable when they will ban partnerships between physically male avatars. That’s another story, though.) Under the California Privacy Protection Act, Section BPC22575, all software used within California must present a privacy policy, to which the user must agree to, before storing any identifier that permits the physical or online contacting of a specific individual, including IP address, MAC address, geolocation coordinates, et cetera. (For websites operating through HTTP, FTP, and similar protocols, the privacy policy must be “conspicuously posted” on the website, but this doesn’t matter, as CDS and zF RedZone do not provide any privacy policy at any time before or after being identified.)

Again, CDS and zF RedZone do not provide a privacy policy of any kind while being scanned. Its creators are in violation of BPC22575 – BPC22579, which require the following:

(1) Identify the categories of personally identifiable information
that the operator collects through the Web site or online service
about individual consumers who use or visit its commercial Web site or online service and the categories of third-party persons or
entities with whom the operator may share that personally
identifiable information.
(2) If the operator maintains a process for an individual consumer
who uses or visits its commercial Web site or online service to
review and request changes to any of his or her personally
identifiable information that is collected through the Web site or
online service, provide a description of that process.
(3) Describe the process by which the operator notifies consumers
who use or visit its commercial Web site or online service of
material changes to the operator’s privacy policy for that Web site
or online service.
(4) Identify its effective date.

However, zF RedZone does have a privacy policy on its website, which states:

“Before or at the time of collecting personal information, we will identify the purposes for which information is being collected. We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned. We do not consider any publicly displayed secondlife information such as usernames, account age, photos displayed to the world, payment status, join date, UUID, IP, platform, viewer, group affiliations, preferred language used, time of day, timezone, region, partner name or any other secondlife information to be private.”

However, since they do not consider IP addresses as private information, they obviously do not fall under the scope of their privacy policy. Nonetheless, one must do research to find this policy as it is not made conspicuously available during the scanning process.

How is this illegal? Look above at the 4 statements I quoted from BPC22575 – BPC22579. The privacy policy provided fails to identify what kinds of personal data are being collected, making it illegal under subsection 1. There is no method of revising or removing your personal data, making it illegal under subsection 2. There is no process to notify consumers of changes to their privacy policy, making it illegal under subsection 3. They do not even provide the policy’s effective date, making it illegal under subsection 4.

Even if one ignores the fact that both CDS and zF RedZone are illegal, the creator of zF RedZone has failed to acknowledge flaws and fatal errors with his system. For example, Snowglobe 2.0 is marked as a copybot viewer by zF RedZone. However, Snowglobe 1.x is not. Thus, this conversation took place in the Second Life opensource-dev mailing list:

http://www.mail-archive.com/opensource-dev@lists.secondlife.com/msg02048.html

Obviously this is horrible customer service for someone that is scamming thousands of paranoid content creators with a placebo. This kind of illegal activity mixed with a blatant disregard for security flaws warrants both systems to be removed from the grid immediately and their creators banned.

I crunched some numbers, as well. The zF RedZone system had approximately 2500 violations of this law the last time I checked, each violation being a rezzed version of the zF RedZone sensor, as it counts as a copy of the software under the law. In addition, each day the software is in operation counts as an additional violation. We’ll say the software has been in operation for 300 days (just under a year). Each violation of this law imposes a fine of up to $6,000. Thus, zFire can be fined up to $4.5B. (Yes, it won’t happen. But it puts into perspective the severity of this crime.)
Baaa Goat

Sep 11th, 2010

“they have to give the user a chance to Leave before doing any type of illegal scan, and logging info still.”

IRC servers don’t, I see no “international Internet” law stating giving a chance to opt out beyond NOT visiting the location to begin with either.

Baaaa
Baaa Goat

Sep 11th, 2010

“(1) Identify the categories of personally identifiable information
that the operator collects through the Web site or online service
about individual consumers who use or visit its commercial Web site or online service and the categories of third-party persons or
entities with whom the operator may share that personally
identifiable information.”

Weird, I looked up the CDS product page and I see a privacy policy right there. Which seems to fulfil the above statement with regards to “online service” on ” its commercial Web site”

“The privacy policy provided fails to identify what kinds of personal data are being collected”

This could be because they actually don’t have your real name to begin with, so there is no collection of “personal data”.

“There is no process to notify consumers of changes to their privacy policy”

From CDS’s privacy policy, “We do update this Policy from time to time so please do return and review this Policy regularly.”

Honestly, I don’t know how you can miss this stuff at all. I’ve seen far worse privacy policies else where that are considered ‘legit’.
Jayd3n

Sep 11th, 2010

Your correct that CDS, or Insilico has a privacy policy, but I do not agree to it, and I do not agree to Redzone privacy policy, however I have no way to avoid being scanned in world if I do not agree with such neither gives us that option, which makes what he says correct.

While the website may have a privacy policy, he would need to ask permission in world each time a person enters a region if they accept the privacy policy or not before running a scan, if the user doesnt respond in like 10 seconds they get kicked. This is the only way to make such legal, and to provide costumers with a fair warning, and inform people who do not wish to visit his, or their website.

Saying that by entering Region Name, you agree to This privacy policy does not work either, both of those guys are data farming people, getting geo locations, as well as user names, contact information, and such which is illegal like it or not, and I asked nice when they first did this to me, and to my friend from GOR to remove our information, and we had no problem, but they refused. I did not purchase the products, I did not consent to any such info being stored off servers of Linden Lab, which they have clearly

1. Invaded my privacy.
2. Requested Data from my pc without my knowledge (Spyware) doesn’t matter what it is viewer info, or a single word its illegal.
3. Violated my privacy by storing contact inforamtion, in game, and or IP Info on external servers without consent, which I did not agree to any of this.

Personally I would like to see Skills Hak asked to remove the system, or just give him the Ban Hammer as well, and anyone else who will not remove such illegal systems without asking permission to scan first. These are disrupting the community for long enough. The Snow Globe Viewer bans by ZF come the hell on.

Also these guys are just making stuff much worse with the viewer wars, its not like their systems protect anyone anymore, its just the fact that they have disturbed the peace, and illegally logged us, abused their rights with their own systems and such, and Skills Hak was part of the Emerald Team, which proves that he himself, and Phox/lonely his buddy that CDS banned me manually. As I have said before anyone can make many alts come back and RIP a bunch of stuff, it doesn’t matter how many times these systems ban a person, or a bot from a region. What matters is that a lot of people have been abused, spied on for many months by them, and no one wants to spend money anymore in SL, this is a big Loss of profit to LL and why the Economics are so screwed up.
deadzone

Sep 14th, 2010

Here is the kicker on zfRedzone, not only does it collect personal information, (some of which i have personally found to be innacurate) it publishes it for all to see. So if you have a secret alt account, for whatever personal reason, if your scanned, the land owner will know who your alts are, and you can be banned from over 3K regions in SL for it. Yes it actually NAMES the alts. Now how can this be allowed in SL according to LL Community Terms of Service?? Does that apply to some but not to others? Maybe i’m naive, but i’d really like to know.
Senban Babii

Sep 14th, 2010

Serious question (for once). How exactly are they able to discover who your alts are (if any)? How exactly are they gaining that information? Let’s say I have two alts as an example. One I run on the same machine that I use for my main and one that is only accessed from a totally different machine in another location. I’m guessing that the alt run from the other machine wouldn’t be able to be linked to the other two? I can think of a couple of reasonably obvious places that hold such information on a machine such as AppData>Roaming>SecondLife. Is it that simple? I mean if I go to Billy McNugget’s machine and look in that folder I know immediately who his alts are and could even find out what he gets up to via chatlogs.

By the same token I’m guessing that accounts used on a machine that is subsequently formatted and then reinstalled would not link alt accounts to each other if they weren’t used post-format on that machine?

On the other hand, I guess it’s possible that the connections are being made not by gathering data from your machine but by simply gathering the data from contact made inworld between you and the system and then matching up certain information in a great big databse to be able to say “Avatar X and Avatar Y share certain unique signatures, therefore they are alts of each other”.

Can anyone help clarify this? Inquiring n00bs are vaguely interested in knowing 8P
Nelson Jenkins

Sep 14th, 2010

@ Senban Babii

The original idea was that they were scanning your computer’s HDD, but after reviewing the code most people agree that it just uses fingerprint matching style identification. If you’ve got the same IP, it assumes you have alts.

The downside to this detection method is that people that are under NAT’s (home networks, college dorms, businesses, etc.) end up being matched up as alts of each other, while they may be owned by totally different people. Or, even worse, someone could just register a throwaway account and use it with that IP through a copybot viewer, get detected, and now that whole group of people is banned without knowing anything about copybot. However, the creators of such system don’t care, because more bans means more “copybotters taken down” for their statistics, as they routinely ignore requests for being unbanned.
Senban Babii

Sep 14th, 2010

@Nelson

Thanks for giving me a better idea, I appreciate it
deadzone

Sep 15th, 2010

The entire idea of ZFRedzone, and CDS is good, yes we would all love a “sure proof” way of ridding ourselves of copybotters and griefers. However…..there should be alot better way to do it. One with a bit more ethics..remember those??
Using a bit of common sense, they creators of those could have put themselves not in the same category of the listed above.
zfRedzone states his system goes by IP address, and cookies..the 2 critera together could rule out doubt on the offending avatar, but no names of alts need to be named, if the system kicks them anyway. So whats the point of naming them, because i guess they can, and it sells this claptrap. I will continue to AR both creators and perhaps have an attorney friend in California write a letter to LL, stating explicit misuse of their own TOS rules that all others must obey to have the benefits of a Second Life.
Tarheel McCoy

Oct 14th, 2010

I don’t think it’s claptrap, I think it’s obviously working.

Using cookies bypasses the primary complaint that one IP address could be a gateway used by an entire building, or an entire dorm, or an entire cyber cafe and unfairly block the innocent based on IP alone. It does not handle the problem of multiple people using one machine, and all users of that machine being blocked because one of them is a dickwad.

This is a lot better than just blocking by IP address, and frankly, since most people have dynamic IP addresses anyway, blocking by IP alone is a waste of time.

Can you point out to me where exactly in the ToS it says security systems like RedZone and CDS break the rules? I can’t find it. If you can point out explicitly where it says that information gathering like this violates the terms of service, then move over, ’cause I’ll be jumping on your bandwagon.
Nelson Jenkins

Oct 14th, 2010

@ Tarheel McCoy

The ToS allows California state law and U.S. federal law to enter into the Second Life world (for obvious reasons), and California state law says that every website that collects any data from me, including my IP address, must provide a conspicuously posted privacy policy, and if I do not agree to that policy I can opt-out and have my data removed from the system. CDS nor zF RedZone provides either of these (because when I am forcefully and covertly directed to their website, I don’t have any idea that it’s happening nor am I presented with a privacy policy).
Yep

Oct 14th, 2010

“CDS nor zF RedZone provides either of these (because when I am forcefully and covertly directed to their website, I don’t have any idea that it’s happening nor am I presented with a privacy policy).”

Time out. These two devices send you to a website without you knowing about it? That is spyware.
Nelson Jenkins

Oct 14th, 2010

@ Yep

That’s the POINT.
Tarheel McCoy

Dec 1st, 2010

I have to laugh, “Yep”, that’s not spyware. Spyware is something you install on your computer that secretly sends information about you to some other location on the internet.

Getting your IP address is not getting information about you, let’s get that straight first.

Second, if you’re looking for the conspicuously posted privacy policy, here ya go:

http://secondlife.com/corporate/privacy.php#privacy3

Linden Lab tells you right there it’s going to happen, so you’re on notice. Don’t like it? Don’t use Second Life.
Nelson Jenkins

Dec 1st, 2010

@ Tarheel McCoy

Way to be a smartass. Linden Lab’s privacy statement does not cover software that uses exploits to obtain your IP address without knowing it, nor does it legally fulfill the requirement that software that takes and stores or distributes your personal information must, by California state law, provide a privacy policy. CDS and RedZone run entirely in the background, taking your information and storing it on their servers against state law without you knowing it’s there most of the time. Most Second Life users wouldn’t even know anything is going on if they hadn’t read up on the news about it, which is entirely off the grid.

Second Life does not come with any warning or agreement that if you use its service, other companies may store your personal data.

This is against California law, which Second Life falls under as per the TOS.
Belial Fhang

Jan 14th, 2011

Oh dear (totally facepalming)
rather than read all this obvious claptrap about the way you assume anti copy bot systems work, have you ever stopped to think that if this jerk, Jayd3n, actually knew anything about the law and terms of service then they wouldnt have to come here and spout off about it. You abviously arent a lawyer Jayd3n so why pretend you know what the law is? Its this simple really. The data they use is simply the same as any website collects and also your avatar names are not owned by you they are owned by linden labs and linden labs allows them to be used, yes even your alt names, on 3rd party websites.
just how much of an idiot do you have to be to not realise that if the law were being broken a proper lawyer would have contacted LL by now, possibly their own lawyer. Secondly why not argue about how google and akamai and amazonaws is collecting the exact same data from exactly the same source (your viewer) for commercial purposes? also since the data collected by the anticopybot systems is directed from an inworld server to a website then there needs to be no opt out clause simply because they allow media with no opt out to be played inworld. your ip address is derived from data that must be passed to the media server.
sorry but people who dont research and people who waffle on like they know something when they really dont just get right on my big hairy balls, know what i mean?
Nelson Jenkins

Jan 14th, 2011

@ Belial Fhang

You still don’t prove why zF Redzone and the like are excluded from California law to provide a conspicuously posted privacy policy to site visitors. Most Second Life users never even know zF Redzone is collecting their data and displaying it to their own customers. I would not want someone that hates me to have instant access to every IP address I use to connect to Second Life.
Yep

Jan 14th, 2011

Go getem Tiger
Yep

Jan 14th, 2011

I keep my media off, do not have any quicktime products on my computer and do not allow cookies to be sent to me in SL.
From what I have read, this keeps the spyware from working.
Plus a lot of people that I know in SL avoids sims using this objects since they are nothing more than spybots.
Tarheel McCoy

Jan 14th, 2011

I’m sorry, guys, but the reality check has already been written. You’re on notice that third parties are going to record your IP address. It’s not an exploit, unless you call the internet itself an exploit.

The same technology you used to post your silly comments is what these systems are using, and frankly, the Herald is getting much more of an eyeful of your personal information than SL avatar trackers ever will.
lolol

Jan 14th, 2011

Using a hack/exploit to obtain information about any user without their permission is just as devious as a person copying or griefing.
Maybe a person could write us a privacy viewer with safeguards built in to block such intrusions from these hackers.
Billy Beer

Jan 14th, 2011

What other information is stolen using this hack to by-pass the firewall?
Nelson Jenkins

Jan 15th, 2011

@ Tarheel McCoy

You volunteer this information by accessing the website knowingly. You can use NoScript or the like to figure out what comment system Alphaville Herald uses. zF Redzone leaves no trace of your visit, besides your IP address and list of alts (which I would rather keep private, but most have already been “caught”) permanently stored on its servers with no course for removal.
deadzone

Jan 22nd, 2011

I think the point I was trying to make is this, yes IP addys are collected by even Linden Labs, and they too know all of your alts, but what gives anyone the right to make them public. While the IP addy in zfRedzones instance is not made public, the Alt accounts are. To me that is seriously against the TOS privacy policy. Every one for whatever reason in this game has the right to privacy, for whatever reason. Stalkers should love this tool, it will give them all they need to track someone down in the game that is trying to avoid contact with them. LL needs to take a serious stand on the publication of private information in the game.