Tuesday, March 1, 2011

raise your glass, we have incorporated

The latest list from MMORPG rife with stunning truths. Not to be missed if you play ANY MMO, really.

Oh my, so much drama in the air, and a lot of people missing the point entirely. Including, I am shocked and astonished to say, Hamlet Au. And I quote:
However, it's unclear how much of a "war" this controversy actually amounts to: The JIRA thread has less than 1500 "votes" from Residents who consider the request valid and important... which amounts to less than .002% of the active SL population.
Well. Pretty much says everything, there, dunnit? Condescending, superior, and completely wrong all in one quote.

Since Au is clearly living under a rock--which, personally, considering his career as a journalist and his active involvement in Second Life, two things I thought were not conducive to head-in-the-sand speechifying--let me make some things plain.

* Few residents in Second Life read the blogs. Flat out. It will never matter how many updates there are or how many new glossy features the Labs add. Few residents in Second Life read the blogs.

* Fewer residents use the JIRA. Because it's confusing for them, because it's hard to track issues to actual in-world experiences much of the time, because it's difficult to search the JIRA years after it was introduced...for a whole lot of varying reasons, the JIRA still isn't that popular. And it's not going to get more popular any time soon.

So that ".002%" of the "active SL population" you mention there, Mr. Au? These are the residents who are trying to pay attention. These are the residents who are fighting the Labs' own labyrinthine processes to get information to them, somehow, that they deem valid, and--more importantly, I think--these are generally (though not always) the people who think about Second Life, about how it works, about why it doesn't.

These, in short? Are the .002% to which the Lindens should listen. And they do not. They have, in fact, a steady track record of ignoring the people who say nothing right along with ignoring the people who scream and shout and carry on. There's no way to win, here. The Lindens don't care.

But it's distressing and not a little depressing to find out you don't care, either. Way to go, Au.

In the meantime, that JIRA that obviously is meaningless (because only .002% of us pay attention, apparently), has garnered a TON of comments after the "votes" (we'll get to some of those later). And Axi Kurmin has written another entry on RedZone, and, regardless of your personal stance on good or bad regarding RedZone? If you're reading this, you need to read that article. Flat out, no exceptions. What it says about consent in the era of internet privacy is eye-opening (I for one hadn't even thought about the teen angle re: informed consent) and also, absolutely true. Ignore it at your peril, if you use RedZone for any reason.

Now, then. That JIRA. Let's start from the top.

First of all, several pictures have been attached to this particular issue. There's one where zFire Xue gives a not-so-veiled threat--but against the Labs, or against the residents on the grid? Maybe it's against both. And there's another where he says he could just circumvent everything and run the system entirely off-site--which in his mind makes it uncontrollable by the Lindens (which hasn't proven true in the past). And it looks like he's still fixated on that 'auto-consent' issue.

(For anyone who doesn't get that--zFire has this idea that if someone ports into a sim that runs RedZone, they'll be sent a drop-down warning that the sim uses RedZone, and if they stay in that sim longer than sixty seconds, they will have automatically given their consent to be tested for IP matches. Note: the drop-down will not be asking for consent to be scanned in the first place--that seems to be an independent action.

(I have big problems with this one. First: what if the resident given the drop-down doesn't speak English? Open an off-world browser; pull up translation program of choice; flip back and forth between SL and the translation site to type in the words they don't understand; hit "Translate"...by the time they do all that? Sixty seconds could have easily gone by.

(Second: what if they're under the age of eighteen? By legal rulings in the US, there are specific classes of things for which the under-eighteen cannot give consent, even when asked. And here's the double edge on that one--to verify that person is under eighteen, one would have to engage in acts which are against the Labs' ToS, yet--the act of scanning them or their giving 'silent assent' to be scanned, depending on how that information is then used, is against at least US law, if not international laws.

(Third: this takes us right back to all those witty little statements on profiles now: "If you are reading this, you consent to having your chat logged and saved and used in a manner however I deem fit." Um, no. That's not what that means. You have no legal standing per the ToS to do that, nor do you have Linden support to do that. I'd think it was the same thing here. But I digress.)

There's another little screenpost capture where he demonstrates his appalling misunderstanding of "consent" as a word, and this is sort of the lynchpin of the entire thing, innit? To zFire, all IP addresses that match mean alternate accounts. He has not budged on this one iota. Internet cafe? Same IP, they're all the same person. Dormitory? Same IP, they're all the same person. Friend of yours stopped by your house to Google something, and he lives in Indiana and you live in Florida--doesn't matter, same IP, same person.

Beyond being almost monumentally stupid, if this flawed conclusion is the basis for his application of code, then it won't get better from there. Flat out.

And the last line of this just sends chills through me: "As for LL, they will allow me to be creative with consent as long as it is in all languages. and gives them a sporting chance."

"Sporting chance". The hell. Like the residents of Second Life are prize bucks at the start of hunting season.

Jessica Lyon's also been screencapped here, and what she says is alarmingly relevant--namely, that only the truly stupid infringers are being caught by RedZone; if the infringer has any brains whatsoever, they're running on a viewer that has all media options off by default anyway, so no scanning programs can scan them!

Next up, random lines from the JIRA That Will Not Die (there's another JIRA, btw, while we're discussing things--it's more specifically targeted to the direct media-on-a-prim exploit. Still, it's worth voting and/or watching).

Kyyrii Askari says:
Redzone acts like spyware, exploiting the vulnerabilities of some functions in SL to uncover information otherwise considered private. This is a breach in the TOS, as it reveals personal information beyond that of the first life tab on users' profiles. Besides this, RedZone is a tool meant to grief users and take advantage of less-informed sim owners, in the hopes that they will spend a considerable amount of money to buy a product which has been known to only accurately ban copybotters some of the time. Out of over 69,000 users banned so far, only 0.026% have been proven to be actual copybotters (a statistic found on the official site at the time I last saw it).

RedZone treats residents of sims using it like criminals before they have the opportunity to even enjoy the sims. Boycotting of stores using RedZone has already begun by several users, as it is hidden under the guise of a "security measure", when in reality it is more effective in harassing, IP tracking and, in turn, stalking.
Simple and to the point. This is the main fear that people have, and it's been dismissed by zFire and everyone associated with it--everything from Oh, like anyone would stalk you to If you're not doing anything wrong, why worry? That isn't the point. The point is, we barely trust Linden Labs with this level of access, why are we supposed to trust some random scripter we don't know with the same level of access?

The rumors that he's linked with Skills Hax do not make me inclined to trust him as far as I can throw him, frankly.

brock Enyo states things plainly, too:
I have begun boycotting sims that use IP detectors like redzone. I have stopped buying from their vendors as well as informing them I have stopped because of the detectors.
And that should be a big fear in Second Life, that people are refusing to shop at a given merchant's shop because they use RedZone.

Sling Trebuchet notes:
The thing invades privacy by attempting to discover links between user accounts - using IP, cookie and viewer ID that are logged by third-party servers.
LL can't do anything about the third party servers but it can move against the use and distribution of in-world devices and against the selling of such systems in Marketplace.
Which is true, and between the actual date I started writing this (the 26th of February) and now (the 1st of March), the Lindens did move to take RedZone off the Marketplace.

Arkady Arkright says:
It also advertises that it provides tools for griefing - caging outside your own land, orbiting etc.
Is this true?

Darien Caldwell notes:
There is no valid reason any Resident in Second Life needs to know other Resident's IP addresses, or who their alts are.
Absolutely agree with that comment.

Vick Forcella comments:
IP's are not private. Resident names are not private. Combining the two is illegal.
And there's the real lynchpin issue. Taking two allowable things, and combining them, then offering that combination to anyone who owns the system. That's wholly against the Terms of Service...and also creepy as hell.

Sidius Core asks:
What i just don't get about it all...
If the system is used ONLY for copybotter detection and banning, why is there a need to hide it?
I mean, if i have a security system to protect my property (and the stuff on it) i have visible signs like red lights, sirens and signs, telling this property is being monitored.
These signs are one way to repel people thinking about breaking in and stealing.
There's a point there, and it's a good one.

Saphyrie Ruby states:
Sounds like CDS all over again. A list of any and all establishments using this device should be compiled and boycotted. Answering a wrong with another wrong is never the answer. IP theft is wrong, and data mining to harvest people's PRIVATE information is equally wrong.
Yep.

Then on February 8th, Oz Linden said:
This is not a viewer issue, and should be dealt with through Support.
And what everyone reading along wondered at that point was, how is it not a viewer issue? And if it's not a viewer issue, then where do we file it for a fix? (Which, btw, turned out to be a place that only Lindens and those on the narrow Linden list can even see on JIRA...so...yay?)

Past this point--the point on which a Linden weighed in for the first time--it's all baseless bitchery, but that will be covered in future blog entries.

2 comments:

Diamanda Gustafson said...

This almost-just in.

Soft Linden commented on VWR-24746:
-----------------------------------

Hey, all. I got the go-ahead to give an update on zF Red Zone specifically.
Again, thank you for the ARs with specific info about violations. These have
been very helpful for letting Lindens know what's going on.

Tuesday morning, we removed zF Red Zone from the Marketplace for a second time.
We removed the in-world vendor distributing the item as well. We determined that
zF Red Zone was still in violation of our Terms of Service and Community
Standards.

We asked for removal by no later than today of all zF Red Zone functionality
that discloses any alternate account names. That is, even if consent is asked,
the service may not act on the consent. In addition, we asked for removal by no
later than Friday of the interface for and any remaining implementation of the
zF Red Zone consent mechanism because it does not comply with our policies. If
these updates are not made, we will take appropriate steps to remedy the
violations.

As before, we appreciate your help in keeping an eye on content. If you find
that any merchant's product is not in compliance with our TOS or our Community
Standards, please file an abuse report about the product. Do this even if you
filed against a previous version. Include a specific explanation of what you
believe is a violation, and ideally select and report the in-world object at
issue in case it behaves differently than what's in the Marketplace. Before
reporting, make sure you have first-hand knowledge of the issue. Support can
best react if you explain specific steps to reproduce or confirm a violation.

(From SLU forums)

Diamanda Gustafson said...

This almost-just in, from the SLU forums.

Soft Linden commented on VWR-24746:
-----------------------------------

Hey, all. I got the go-ahead to give an update on zF Red Zone specifically.
Again, thank you for the ARs with specific info about violations. These have
been very helpful for letting Lindens know what's going on.

Tuesday morning, we removed zF Red Zone from the Marketplace for a second time.
We removed the in-world vendor distributing the item as well. We determined that
zF Red Zone was still in violation of our Terms of Service and Community
Standards.

We asked for removal by no later than today of all zF Red Zone functionality
that discloses any alternate account names. That is, even if consent is asked,
the service may not act on the consent. In addition, we asked for removal by no
later than Friday of the interface for and any remaining implementation of the
zF Red Zone consent mechanism because it does not comply with our policies. If
these updates are not made, we will take appropriate steps to remedy the
violations.

As before, we appreciate your help in keeping an eye on content. If you find
that any merchant's product is not in compliance with our TOS or our Community
Standards, please file an abuse report about the product. Do this even if you
filed against a previous version. Include a specific explanation of what you
believe is a violation, and ideally select and report the in-world object at
issue in case it behaves differently than what's in the Marketplace. Before
reporting, make sure you have first-hand knowledge of the issue. Support can
best react if you explain specific steps to reproduce or confirm a violation.