You’ve probably already heard of RedZone, a system which is used to implement ban-by-IP-address functionality, and to make (variably accurate) guesses at alt accounts.
Avoiding RedZone data collection has been a bit tricky for the average user, since RedZone uses a scripting trick that allows it to perform data-collection, even when media-autoplaying is disabled (you either have to block traffic to RedZone’s server, or completely disable the Second Life viewer’s ability to access the Web and all forms of media to get around that – just disabling autoplay isn’t enough).
Linden Lab has stepped in, made a couple of updates to the Second Life Terms of Service (Community Standards: Disclosure), and required RedZone to obtain consent before displaying alt accounts. Note that this doesn’t in any way stop the data-collection process or banning by IP-address.
A message recently sent by RedZone creator, zFire Xue, goes as follows (typographical errors have been left intact):
Hello RedZone owners.
After talking with Linden Labs over the past month we have reached an agreement.
Effective now and retroactively the RedZone system will request Consent to display alt name information.
LL policy will reflect this change by tomorrow the 25th.
The zRZ HUD will now request consent much like a bloodlines bite.
The zRZ Website now offers a system to send an IM to request consent for a zF RedZone Alt Background check.
The system is already in place, new functions and consent methods will be offered as we discover how best to implement this feature.
Linden Labs has been good enough to suggest many ideas that settled on this one.
Alt names can still be viewed to settle disputes, run security background checks etc. (With Consent)
Please see http://isellsl.ath.cx/checkconsentinfo.php for more.The RedZone system has been, and always will be current with SecondLife(tm) terms of service.
I would like to thank Linden Labs for working with RedZone and providing enough time for RedZone to make these changes.
Best Regards,
zFire XuePS: Everything is still logged as before, everything still works as before.
Only now to view the alts you need consent.
Alts are still banable if they are related to a new user you do not want on your land.
Alts of people you banned are still banned, alts of copybots are still banned, alts of anyone you have banned are still going to be banned, just not named.
Of course, one should remember EU courts have previously ruled that the collection of IP address data of EU citizens in order to associate that data with identities or alt-accounts is unlawful without prior, express consent – IP address data has been determined by the EU judiciary to be private information as far as this purpose is concerned; so RedZone would be in the wrong if it retained any IP address data from EU citizens or used it for matching alt-accounts, without seeking consent prior to collection of that data.
EU citizens who are concerned that this may have already taken place or be currently taking place should file a complaint with their Information Commissioner or European Union Representatives.
Some alt disclosure system operators are in possession of alt account relationships. They will argue the data was collected before the policy was changed on the 24th of this month. And that is fine. Possession of data is not the issue the policy addresses.
The Community Standards policy does not exempt data collected prior to the change because it is not necessary to do so. The policy addresses the act of sharing the data. Since there was no opt in prior to the policy change then, according to the policy, none of that data can be shared with anyone going forward unless all accounts involved in the transmitted data have explicitly taken an action (like clicking a button intentionally, implied consent is not consent) to consent to the divulging of the data.
The act of an alt disclosure service operator transmitting any account alt relationships to anyone other than him or her self in SL is now a violation of the Community Standards unless all of the subjects of the data have explicitly opted in before transmission. This is because IP address relationship data is clearly error prone (dynamic IP addresses) so all accounts must be contacted first. It does not matter when the alt disclosure service operator collected said data. It matters that the data is transmitted after the policy changed. This can also be interpreted that alt disclosure service customers initiating the transfer of unauthorized data are also in violation of the Community Standards by initiating transfer of said data from alt disclosure service’s servers without advance explicit permission by every account in the data transmitted.
The implication is that all alt disclosure system users are now potentially subject to disciplinary actions unless they discontinue use of alt account data transmission systems immediately or never ever initiate a data transfer unless all data has been explicitly consented to by every account in said data. This is unlikely to be possible anytime soon short of a database wipe and the entire system starts over from scratch collecting consent along the way.
If a single person creates the entire data mining system themselves, collects data on their parcel(s) in SL, mines the data, establishes the relationships, and never shares the data with anyone else, there is no violation, based on how the policy reads, until such time as a do not track opt out system ( https://jira.secondlife.com/browse/SVC-6793 ) is established and functioning on the grid at which time their code would have to check the opt out status before collecting/storing/displaying any data.
This is how the legal aspects of the new Community Standards read to me. I would love for LL’s General Counsel to explain exactly what the new policy really means if she has a different interpretation that allows any resident to continue an alt account disclosure operation without explicit consent by all accounts in the transfer of data.
A good friend, who I trust, has told me not to worry about this issue. On the other hand, it annoys me that someone can be spreading inaccurate information about me. I don’t have an active alt but I DO log on from an IP that other SL customers use. But I am not them and they are not me. I don’t want to block SL from web access – if I understand what that means, I couldn’t open items in my browser nor could I paste slurls to and from my blog. How do I block traffic to Red Zone? And isn’t that basically pointless, as anyone else could be doing the same thing, and Red Zone has been collecting such data for over a year?
@Tateru
My knowledge is one of a viewer developer (Cool VL Viewer, developed since viewer sources have been open, and published since 2007), and I’ve got over 30 years of coding experience behind me…
You can trust me that as long as you keep both audio streams and media *disabled* in your viewer no script can grab your IP address (i.e. force you to load a web page somewhere on either an external server or in-world, scripted server).
Note that *disabling* means unchecking all the “Streaming preferences” checkboxes in the Audio & Video tab of the preferences settings for v1 viewers. For v2 viewers, I admit that I didn’t check what it does exactly in the code but I did test (I don’t *use* v2, since its UI is unacceptable for me, but I do test it), and you can disable them entirely as well in recent versions (i.e. after v2.2, IIRC): just uncheck “Streaming music”, “Media” and “Play Media attached to other avatars” in the “Sound & Media” panel of the Preferences floater (tested and confirmed with v2.4 and v2.6).
It is true however, that if you have media enabled and “auto-play” disabled, the scripts can still detect you even if you don’t trigger manually the media playing.
Oh, and for info… The Cool VL Viewer v1.25.0.23 (published yesterday) implements an improved version of Sione Lomu’s patch which allows to filter media and audio streams URLs (asking you the permission to load them each time a new request for an unknown URL arrives), also plugging the “media enabled with auto-play disabled” security hole…
@Henri: The article says:
Which is the same thing you are saying. Unless Tateru corrected the article after your comment but forgot to make a note of it, then there was never any disagreement.
@Alexander – perhaps the 5% commission on Marketplace sales of a lot of RedZone devices colors their actions? They are not a disinterested party in this matter.
@Jacek
Not at all, because even with media and audio streams disabled, the viewer may still access other web assets (web links, search results, web profiles, etc).
[...] Full blog can be found here; Dwell on it by Tateru Ninu [...]
Henri’s right. I had been led to believe that the internal Web-browser was also partially complicit in the process.
I don’t use the internal browser. Doesn’t seem to have the security options that my default browser has.
It’s interesting that ath.cx [63.208.196.104] is using a DynDns mask for administrative contact while going through an obvious “flag of convenience” .cx [Christmas Island] ccTLD.
It’s my guess that ath.cx is neither located at 1230 Elm St.
5th Floor, Manchester, NH 03101 nor located on Christmas Island.
I guess they never heard of a router/modem reboot to obtain a new dynamic IP, have no idea what iptables or “router MAC cloning” (I mean geez, Linksys helpfully provides a nice easy web interface to do just this) is or any of the dozens of easy ways to “mask” such ip traces. Usually, those kinds of things are useless unless
1. Someone’s using a fixed IP (hardly the average user or griefer)
2. They collect additional data like MAC numbers
I’ve been checking on the UK and EU law.
First, is an IP address “personal data”? The advice is for a company to treat it as if it is. If it can be linked to an individual it is personal data. There’s no easy way to tell in advance if the IP address will identify an individual, so the data should be handled in accord with data protection law. A lot of that would be good practice anyway: security, safety, and accuracy.
Second, what is the law on transfer to another country? For the USA, there is the Safe Harbor Scheme, which turns out to be irrelevant. We are not, as individuals, data controllers within the meaning of the Act, so the laws in Europe do not apply to Linden Research Inc. I doubt they apply to Redzone either.
Of course, if you’re sneaky, and have deep pockets, you could sue Redzone for libel in a UK court, if they mistakenly identify you as a copybotter. Have they published their libel in the UK: probably. How much will it cost? Oodles of boodle, which is why I think you might do better looking up the address of Simon Templar.
Oh wait, don´t Europeans pay VAT to Linden Lab? European law obviously applies very much to Second Life and Linden Lab.
It’s an import of services. A foreign company can sign up to collect the tax, otherwise the purchaser has to hand it over direct. Easy for physical goods, but the delivery service charges you a hefty fee, so letting the supplier handle it makes sense. Go look at US handling of sales taxes: from the customer’s point of view VAT is a sales tax.
This whole area is a very difficult one. Second life does not protect us from unscrupulous users. This discussion seems to be about user/avatar/alt privacy and protection of that right. However, it is also about something very serious- cyberstalking/cyberbullying. In SL we call them griefers at times. There is no protection provided by Linden Labs. RedZone is an imperfect tool to deal with these kind of people. This is a widely recognized and significant threat!
UK MEP Liz Lynne has called on the European Parliament to implement tougher punishment for cyber stalkers. “The crime of cyber stalking has exploded across Europe with the growth of the internet and social networking sites.” said Lynne. The Crown Prosecution Service (CPS) in the UK is aiming to take stalking and cyber stalking in the UK more seriously and has unveiled guidance for the matter. Official recognition of cyber stalking issue. The CPS’s community liaison director Nazir Afzal has said “Stalkers steal lives, that was the message I picked up from speaking to victims. Victims stop trusting those they know and every stranger is seen as a threat,” said Afzal.
“We want to give people their lives back.” (http://www.siliconrepublic.com/new-media/item/17889-calls-for-the-eu-to-take-ac)
I own a sim and we use RedZone because of this very problem in SL. Where are the tools to deal with cyberstalking? People there and elsewhere in SL have been victims of this unacceptable behavior in a virtual environment and there is no protection. If I ban a Cyberstalker, he/she simply creats one of an unlimited number of alts and returns to stalk again. No wonder RedZone has users. Do we sacrifice our members safety and peace of mind for the right of data privacy? Not if someone is Cyberstalking.
Look at this website. They have done an excellent job of defining this crime: http://www.wiredsafety.org/cyberstalking_harassment/definition.html
There are different ways to define cyberstalking
One way to define it is to see how the Law defines it (check out our legal discussion of cyberstalking laws and offline stalking laws). We would like to begin, however, by defining “Cyberstalking” from the point of view of the target’s (victim’s) experience.
When identifying cyberstalking “in the field” , particularly when considering whether to report it to any kind of legal authority, the following features or combinations of features can be considered to characterize a true stalking situation:
■Malice
■Premeditation
■Repetition
■Distress
■Obsession
■Vendetta
■No Legitimate Purpose
■Personally Directed
■Disregarded Warnings to Stop
■Harassment
■Threats
My group has reservations too because it is an imperfect tool in many ways and does seem to threated privacy. One member summed it up by saying, “I have been a victim of sl harassment, and although I value my privacy, I feel safe at this sim because you have redzone”. Linden Labs- find a way to address this cyberstalking without a tool like RedZone – This is a threat not only to my group, but to everyone in Second Life. Linden Labs needs to address this issue with tools of some sort and not let people have unlimited free alts whenever they want to grief and cyberstalk with no consequence. In the meantime, I will do my best to protect my group and sim from cyberstalkers no matter what some may think.
Maybe, Wolf. But i doubt LL would have taken that burden if there would not have been an imminent threat of whatever kind coming from across the ocean directly or indirectly. Face it, the days of 3rd party dataminers and exploiters in SL are counted. And no one but a few paranoid androids will miss them.
@Ratzu:
If your stalkers* aren’t able to circumvent a simple IP based system like RedZone, they shouldn’t be too hard to deal with, given that they’d have to be pretty damn bad at stalking.
*stalking somebody in “cyberspace” (whatever the heck that is supposed to mean) is actually considerably harder than one might think. It’s just that so many people make rudimentary mistakes online that makes it so easy in those cases.
99% of uncovered identities I’ve seen on /b/ (f*ck rule 1&2, btw) were people that had public facebook profiles. (The other 1% were recognised by rl friends, just in case anybody was wondering)
Facebook however does make it hard to “lock down” one’s profile, and it’s nature as a social networking site makes it a perfect target for online stalking.
Secondlife, however…not so much.
Since outgoing tp’s stopped being trackable, there is no way for any stranger to actually follow one, there is simply no way for anybody to gain access to private IM conversations, there is no way to get your location, your friendslist, etc.
Heck, I’m a pretty experienced SL user and I honestly do not have any idea how to stalk on somebody who wants to stay private in SL.
Oh, actually I do have *one* idea that might work…if I had a network of sensors across thousands of sims that provided me with real time avatar data and IP adresses, I could recreate a significant part of your SL. But, hey, nobody would be stupid enough to let me put up sensor like that across thousands of sims, right?
…right?
@Ratzu
“Second life does not protect us from unscrupulous users”. That is correct. That’s what the law is supposed to do. If it isn’t doing that, your local MP or representative of the legislature should be made aware of your needs.
“My group has reservations too because it is an imperfect tool in many ways and does seem to threated privacy” Actually, the primary function of RedZone appears to be to breach privacy. Once that has been done, the exposed information can be used for security. Well, assuming the data is accurate of course. My IP4-address has changed five times this month alone. I have no idea who might have been using this address prior to me. Most users of most ISPs are certainly able to change their address almost at will, if they care to find out how to do so.
Since all of this is data that Linden Lab already has – and since the Lab already has alt-detection systems – it wouldn’t cause any additional privacy issues If Linden Lab were to provide similar functionality. You could ask them.
Doubtless, I imagine the response would be “Well, it wouldn’t be useful, because changing IP addresses is so easy, and people might get incorrectly associated with something someone who had that address previously did. Maybe we could get sued for that.”
And, indeed, without proper legislative backing, they probably could.
@ Ratzu
Have a fabu day 
now I do not want to start a debate here but on the flip side of that rosy coin your holding is this;
By you having RZ on your sim it scans and loggs innocent bypassers, some of them could be people hiding from their own stalkers. Do you inform ppl that you have RZ? Do you inform ppl what it actually does? Like logging them and storing their data on a third party website, that is beyond LL controll? Do you inform them that this database can be hacked at any time?
Now I know you know have to seek concent to share data via RZ. BUT what you do not take into consideration is the fact that not all of us has static IPs. Meaning if you have the same ISP comp as me you could one day get the IP Im using at this very moment. Now that the scenario that Im a griefer / copybotter and has been logged and labeld as such. Now also take the scenario that I DI give my concent (cos Im an evil grifer that knows full well that I wont have this IP much longer and just for the hell of it Im giving concent to share data) Now you have the IP, your name will be linked to mine and hey I gave concent didnt I ? Hey preto RZ givces anyone the info they need on you cos the IP holder gavve the concent .. right ?.. Now take this a step further, following me so far? Good …. now you had a stalker .. He gets the RZ and Bingo .. we have a winner!… Not so good anymore is it? Now the very device you hold as protection just got turned around and used as aid to your stalker. *sighs* When will you learn that this devise is NO good ? IPs can change, stalkers, griefers and copybotters can spoof their IPS/MACS easy as pie. The only ones you get is the really stupid ones and I can tell you how to avoid those without charging you 4000L or putting other ppls privacy at risk.
This is a grifer tool nothing more than that .. oh one more thing.. can you plz put me on your Estate ban list? Yes Im dead serious, I dont wanna accidentally run onto your land / sim
Thanks everyone for all the comments. To Lady Sakai- I do post as much information as I can about RedZone to everyone publically. I believe in being transparent. I try not to hypothesize abut hacking and such since I suppose anything can be hacked theoretically and would open another can of worms. Alex and Tateru, you both make solid points. This thing has been useful but far from perfect. I have no desire to defend it, but I think it showed a promise of something Linden Labs may need to fill, create some security for those who have been harassed. As the world moves to get rid of RedZone, I would like to get LL to see it did serve a purpose, however poorly. And there is still an unserved need. I suspect more cyberstalking/cyberbullying laws will be passed and something like this that works yet doesn’t violate privacy will be used to stop Linden Labs from suffering like MySpace did.