On tools which seek to invade user privacy

There always seems to be one big issue or another floating around Second Life. Over the past few weeks, the biggest that comes to mind has been the ZF RedZone device (not to be confused with RedZone the band, who are awesome).

For those who aren’t in the know, ZF Redzone is a product that operates very much along the lines of Gemini CDS, in that it exploits media parcel settings to collect IP information in a database, associates it with your account and compares it to any other listings that come from that IP address. In ZF’s case, alts are also recorded (by some accounts incorrectly), so this product preys not only on merchants’ paranoia but on just about anyone who seeks to learn private info about anyone else.

The problem is that none of these detectors actually prevent intellectual property theft – they only invade customer privacy and serve to foster a paranoid and detrimental environment to social, merchant & content creator communities (essentially all communities within Second Life).

Examples:

– Want to know whether any of your visitors are stealing your assets to resell later? Gee, let’s scan and connect each and every one so that everyone who’s found to be an alt can be outed. (Never mind the fact that viewer identification is easily circumvented, there are methods of intercepting any content being streamed to any viewer, and the fact that anyone could simply take the content they want whether they are in your shop or not)
– Want to know if some newcomer to your establishment is an alt of a griefer? Let’s scan everyone, and if they share an IP with that griefer for whatever reason, out they go! (Despite the fact that if you are regularly attracting griefers there is a bigger problem at heart than simply seeking a technical solution to your social problem).
– Want to know if your partner is cheating out on spending time with you by using an alt? Hell, why not invade their privacy and find out? (Never mind the fact that if you have already gotten to this stage, you have more things to worry about in your relationship than the fact that your partner wants some private time).

I am sure there are many many other situations in which paranoid users are encouraged to invade each others’ private personal space… but there is NO excuse to contravene the Terms of Service and Community Standards as set out by Linden Lab which very clearly state:

Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about your fellow Residents without their consent — including gender, religion, age, marital status, race, sexual preference, alternate account names, and real-world location beyond what is provided by them in their Resident profile — is not allowed. Remotely monitoring conversations in Second Life, posting conversation logs, or sharing conversation logs without the participants’ consent are all prohibited. – Second Life Community Standards.

(emphasis mine)

Following the change in the Community Standards last week and apparently a warning to zfire Xue(the creator of ZF Redzone), an update to the system was made such that visitors had to be asked whether they wished to be recorded. Further discussion in the ZF forum was unearthed showing the maker’s intention to accept implied consent in place of explicit consent; IE: If no response is received from the user within a certain amount of time it will be assumed that they consented to be scanned and recorded. (I can think of more than a few perfectly legitimate reasons why a visitor might not answer right away – language, viewer and/or region lag, unfamiliarity and distrust over what the menu may truly be asking, user being AFK, etc)

What’s worse is there is documentable proof that zfire intends to make the contents of his database widely available outside of Second Life if Linden Labs shuts sales of his system down.  Let’s keep in mind there that, alongside any possible content rippers the product may or may not have recorded, there would also be names of people who use alts for completely legitimate reasons, or there could be people who are erroneously marked as alts when they may share a household, block, neighborhood, city or even country with someone else who’s been suspected. Essentially, it would be very easy for someone who is completely innocent to be marked as someone who has done illegitimate things… and for many folks that could be extremely detrimental to their SL experience.

Would you want your personal info (or that of your friends’) in the hands of a guy like this?

As a content creator as well as a Resident and potential customer, I would not want to subject my customers to any sort of invasion of privacy that I would not personally want to be subjected to. I am not a copybotter, a cheater or a griefer and the vast majority of visitors are not either. The assumption that my privacy can and should be invaded without my consent is contemptible and extremely upsetting. It is a presumption of guilt until proven otherwise and that’s not the right way to treat anyone.

The use of products such as these both feeds on and creates an environment of fear and paranoia, leading customers to avoid exploring, socializing or shopping for fear of Big Brother. Even merchants who *don’t* use these products are affected, since potential customers are being driven off from purchasing entirely rather than having to figure out which other stores use CDS/ZF Redzone/Etc. too.

So it is in this spirit that I 1) won’t be shopping at any stores which use these intrusive tools 2) I’ll be deleting inventory I purchased from them in the past 3) I will never recommend their products or services to anyone.

Moreover, as a merchant I won’t use CDS, ZF Redzone or any similar IP/alt tracking device, I won’t be participating in events which presume to take enforcement against intellectual property infringement out of the hands of their exhibitors by using these devices and hereby challenge all merchants who’ve been sitting on the fence about this to do the same.

3 thoughts on “On tools which seek to invade user privacy”

    1. There are a couple of solutions at present – both are third party solutions and both have their own downsides.

      Greenzone HUD detects all media requests within a given sim whether the request is made on the parcel you’re standing on or not. Some versions are more effective than others though, since the maker of ZF Redzone has made many attempts to obscure his product from discovery.

      Alternatively, a user scripted patch has been put together for use in third party viewers; it will automatically detect foreign media requests and ask whether you want to accept, deny, whitelist or blacklist the media URL in question. It has been incorporated in the Cool viewer by Henri Beauchamp. The patch is also being added to Phoenix soon. The original patch scripter has also submitted this patch for inclusion in the Snowstorm project so users of the official clients will likely be able to make use of it soon as well. the current implimentation is a little buggy and can sometimes get overloaded, however.

      The safest route to take, regardless of whichever client you use, is to disable all media requests by default for now. That includes music, video as well as HTML on a prim.

      1. Additionally there is a list of URL s that you’ll want to avoid loading, if you do choose to use a viewer with the media check patch; I’m typing from my phone and don’t have access to the list right now but will post once I get home.

        EDIT:
        Apparently Dolphin viewer has also incorporated the media filter patch, so that’s another option for those who want to detect bad requests that way.

        Here’s the most up to date list i could find detailing URLs related to ZF Redzone, Gemini CDS and Quickware alt detection, which I recommend you deny access to:

        127.0.0.1 isellsl.ath.cx – RedZone
        127.0.0.1 isellsl.com – RedZone
        127.0.0.1 zfire.isellsl.com – RedZone
        127.0.0.1 girlsofthevip.com – RedZone
        127.0.0.1 hamlinpro.com – RedZone
        127.0.0.1 syscast.net
        127.0.0.1 media.syscast.net
        127.0.0.1 apache2-blow.port-au-prince.dreamhost.com
        127.0.0.1 quickware.net – Quickware Alt detection
        127.0.0.1 quickware.zapto.org – Quickware Alt detection
        127.0.0.1 wh0.zapto.org – Quickware Alt detection
        127.0.0.1 m.sparkgap.info – CDS
        127.0.0.1 policedepartmentonsl.info
        127.0.0.1 cp3.digi-stream.com
        127.0.0.1 digi-stream.com

        Additionally, apparently there’s a new set of alt scanning products to watch out for called ‘Soniada’, ‘eXternal HUD’ and ‘Sparrow Bee’ made by Sparrow Industries.

        They appear to seek access through the following URLs:

        www. sparrowindustries.net
        216.218.159.151

        Here’s a good post on the SL Universe Forum which compiles solutions to the alt-scanner problem: http://www.sluniverse.com/php/vb/general-sl-discussion/56056-notes-zf-redzone-disclosure-secondlife.html#post1169616

Comments are closed.