Thank you SOE for respecting my privacy

Ellie,

Good luck with rational arguments * sigh *. It will only frustrate you, trust me.

This thread is silly.

I feel like writing all about this on my blog.

Names and everything

At first I thought this guy Tcoz was simple, and didn't understand that the SL names don't need protecting, because, being anonymous pseudonyms, they are themselves the very protection he seeks. The only things LL needs to protect are the links from the pseudonyms to the real identities of the RL subscribers.

Then it began to dawn on me. Tcoz is not simple. He has a real and genuine concern.
He was the victim of a misunderstanding at his first registration (probably the "fault" of software "error" in not making it impossible to make this mistake).

The dreadful truth is:

Tcoz Bach is his REAL NAME .

It's the only possible explanation I can see for his posts.

Since this is obviously entirely LL's fault, what we need immediately is several extra pop-up boxes saying something like
"Are you absolutely certain you are not entering your real name by mistake"
"Could you have a look at your passport please, just to be sure" etc
Of course we would also have to have an option in preferences to disable this for really confident users who planned on registering many times more.

I dunno. I understood everything y'all said. Still, it seems like an unnecessary intrusion. It ought to be, at the least, an opt-in kind of thing, not an opt-out thing. I mean, more or less we know people will have things of yours when you go to their site. And you can always go back in later and take out cookies. But to compile these things purposely, and then provide whole huge lists of everybody as some sort of "service," with the only way out of it to go to the trouble of opting out -- no. Doesn't seem right. Seems like asking for trouble. And unnecessarily, too.

No one has convinced me there is any good need for this thing.

coco

"People compiling these lists of keys are simply providing something scripters need because LL are unable to supply it."

For what?

I have been a scripter within SL since the very beginning. I've written scripts for some of the earliest builds, for buildings used as demos (phil asked me at one point if he could walk investors through one or two of my builds), I've created some of the first gambling machines, the first and currently only long running PvP arena with complete weapon system and online stats, created an original Linden Top Pick (when they still picked them) and so on. I've taught numerous scripting classes of all levels, and participated in a game contest. I think it's fair to say I'm an experienced scripter, and one of the oldest scripters on the grid. People still ask me for help because they know I generally can help them no matter what the problem is.

And I've never, ever needed anything like this. I've never even seen requests for it.

And have you considered that maybe LL doesn't supply it for a reason? There is obviously no technical reason they can't do it.

Scripters don't "need" it. SL has existed for years without these intrusive things. LL chooses to remain completely uninvolved regarding them. There is no Name2Key service.

There is NO TECHNICAL REASON LL can't provide this. They just don't. You think that's accidental?

No matter whether you are pro or con, there have been no formal policy statements regarding the following:

- Can you extract Account Name and Key info from their software. Is this an intended use of the SL software. It doesn't matter how easy it is. The name.cache file is a portion of the LL software.
- LL is the owner of this info. I pay them to use the info that is uniquely assigned to me. Do they release all responsbility for the use of the data, and ownership, once you take it out of SL.
- Can you sell these lists? Whether or not people would buy them is not the question. If I wanted to sell a list with name, key, current land holdings, first life profile, approximate ratings and wealth level, could I do it?
- If I can't sell it, can I give the above away for free to anybody, anywhere?
- Do they acknowledge these lists enable a unique level of attack, particularly from alt accounts, which are well known to frequently be employed for in-world griefing.
- Do they believe publishing your account name and key adheres to their policy of "protecting security and privacy in the broadest sense".
- Does ALL INFO within SL that is obtainable by similar means fall under this "public" definition. This includes your 1st life profile and any other info of any kind obtainable via extraction from the software files, and/or scanners etc.

If yes, to any of them, they should inform users of this in the EULA. It is the right thing to do. I will tell you, if I had seen this info in the EULA, I would never have subscribed to Second Life. Had I done so and immediately found out after that it was allowed, but not stated anywhere, I would be extremely dubious of the honesty of LL.

I do not consider it out of the realm of possibility that LL is watching this carefully to explore the viability of these "vendor services", after which they may very well create "services" of this nature of their own.

I also find it very interesting that in the recent town hall, LL did not request of the user population any kind of "vendor service" that would take advantage of any of these intrusive lists.

I just don't understand this specious difference people make between what is "public" and what is available inside SL.

SL is public. Entry is not only open to everyone in the world with a credit card and the technology, it is even free for 7 days. Everything in your profile is thus completely open to the public. Everything discoverable about an avatar by an ordinary SL user is by that fact publicly available. (The entire list of names for instance, in alphabetical order, is fairly easy to get from "Find people", if you could stand the tedium, or manage a bit of automation.) Anyone who doesn't like this shouldn't join.

I can understand how, without very clear thinking, people might come to imagine that ones key is ones "secret name of power" to lose which is to lose your soul. But Tcoz, you are posting like that about your SL Name for heavens sake. This is ludicrous !

I cannot overemphasize that this is an anonymous pseudonym. This is what protects your privacy. Everything your RL side of this barrier is private, protectable, and validly subject to all the concerns you express. Everything the SL side of this privacy barrier is public, unprotected, and unprotectable.

There is nothing strange about this. It is how your privacy protection works. To try to creep the privacy demands and obligations across to the wrong side of this barrier is not only silly, it is totally impractical. Any attempts to do so would be purely cosmetic and hypocritical as any data anyone tried to protect could easily just leak round the side.

Just accept it. All significant aspects of your privacy end at your pseudonym.

Any privacy apparently available in-game is not privacy for you, it is pseudo-privacy for your avatar. Like the rest of the game, it is not real. It is a metaphor. It is pretend. A pretend privacy for a pretend identity.

SL is by no means public. It is a privately held organization. It isn't even public in financial definitions.

It is a privately owned service, owned by a privately held corporation, that has complete and entire control over all aspects of it. The "public" will has absolutely no power other than to collectively stop paying/using the service. Your account, and right to use it, may be terminated at any time, for any reason, valid or not. There is no notion of "justice" or any other such thing you would expect as a "public citizen". There is no "vote", or public representation, of any kind, insofar as LLs authority is concerned.

LL is the supreme ruling authority and owner of any and everything this is within the domain of Second Life. They can destroy all the information if they wish. Because they are the sole proprietor and owner of it. They can forbid, or allow, distribution of it, at a whim.

Easily obtained != public.

If you were to call LL, and ask them, "Is Tcoz Bach an avatar in SL, and if so, what is his key", they will not provide you with the answer.

Why not? Because perhaps...it would be a violation of privacy? Of security? The info can't be used to yadayadayada.

So then, tell them, "but I'm a resident. So now you can give me that info".

They still won't do it. Why not? The info is freely available within the environment.

WITHIN THE ENVIRONMENT.

I still await answers to the following:

Why do people "need" this info? What is the purpose? What do people intend to do with lists of 10s of thousands of unique user account names and in world key/email addresses?

Why not ask people to "opt in"? Why force people to participate? I am apparently on several such lists. I want nothing to do with it. I never authorized this in any way, and entirely resent it, as do many others. I do not want the inconvenience of having to scour the web to find these lists and opt out. "Opt out" is also a well known tactic used to validate information and/or redirect to other lists.

Is it acceptable to extract this, and any other, info from LL's commercial software? Is this "intended use" of the software files, or does it violate the EULA? If it is permitted in name.cache, where else within the SL software is it permitted? To what extent may I reverse engineer, inspect, or otherwise extract information from the product?

Does Linden Labs release this info into the true public domain, and their responsiblity for the creation and/or use of it, to anybody, for any reason, as long as it is not used to attack the SL network?

Can the information be sold? Or rather, can the service of compiling an extremely detailed list that contains this information be sold? If not, why can it be given away?

Everybody is focusing on the simple aspect of spam. I'm sorry but it is shortsighted to not see the precedent this will set if LL permits this abuse of their service and software. It opens up multiple forms of attack that will be nearly impossible to deal with. LL bans alts all the time and they just keep coming back. Anybody who contradicts this is just ignoring the mountain of evidence proving it.

It is only a matter of time. Stop it now, at the source. Forbid external publication of this information. People pay LL for SL, not for "Vendor Services" slapped together by some bottomfeeding spammer that may or may not be resident.

Ok, Tcoz, fair enough. I am guilty of loose speech. Obviously SL is not a public organisation. I meant to say the information made available to players in game is in practice, and irretreivably, released into the public arena. This is because SL is open to the public.

Unlike a museum, they cannot prevent use of cameras, or restrict information copying by the public who enter, because the very means of entry is its self a ready tool for doing exactly that.

It is true that in legal terms they could attempt to take action to protect any use or storage of such information outside SL. An action by LL alleging financial loss to itself would clearly be viable. But basing a complaint on inadequate protection of anonymous pseudonyms would not only raise very curious issues, but if allowed would cast into doubt a whole huge area of information holding even by individuals in private life.

In Europe there are data protection laws that govern collecting and storing peoples RL identity information, but in the US where SL is located even this truly critical information gets little protection. It would be hopeless to try to extend it into a virtual situation, ignoring the fact that actual identity remains safely locked away behind an anonymous pseudonym.

You would in effect be asking to extend the definition of a legal person to an anonymous pseudonym, which can in practice be transferred from hand to hand, and operated by any of a multitude of anonymous legal persons, simply by the informal loan of a password.

The answer is, any legal (ie RL) person operating an avatar is adequately protected by the anonymity of the pseudonym. Nothing more can be expected unless or until avatars achieve full legal status and independence under the law, as companies did so long ago.

Heaven's above, even true RL persons find it virtually impossible to prevent their names and email addresses being collected, stored, and used to deluge them with spam. If this problem has not been solved for people, how can you hope to do it for a pink penguin with bats ears and and a spinning propellor on his head, who has no existence except as the figment of a computers imagination ?

SL is a private club with a TOS which includes very specific privacy regulations -- the strict prohibition on releasing RL information is the first thing mentioned in the TOS.

We know how much it's worth, but it is a value and it is cited.

Indeed there *is* a script operational within the game that converts an avatar's name to their key, I've seen it in operation.

These keys are used to deliver products from the websites that sell goods for SL, and they are even used now to rent or buy land on private sims. They no doubt have other uses and misuses.

Marketing data is no doubt gathered with the use of these keys.

We don't see (yet) any spamming from the possessors of these keys, but we could well see it.

We could also see efforts to block movement or sales of objects or access to land by certain disliked people in the future. That's exactly why science fiction novels of dystopias always feature those sort of "mark of the Beast" numbered IDs as a worst-case scenario.
You don't have to be an end-of-the-world nutter to realize that.

You don't have to be a non-tekkie or Intarnet tinfoil hat donner to just raise some basic concerns about these issues.

As we can see, even a knowledgeable scripter, no tekkie diletannte, like Tcoz, is able to argue with others on this matter, and informed minds can disagree.

The absurb touchiness and derision around this issue from those grabbing this information only serves to make us raise *more* questions about them.

It seems to me that Linden Labs should simply review this issue. They're quite capable of doing that on their own without a lot of helpers. They should see if in fact this game leaks more than they thought, with emails being linked up to IMs, with passages to third-party sites becoming more frequent, with even in-game prompts if you don't have enough money to buy something that take you to a link that then takes you to all the third-party currency sites -- with their info-grabbing functions.

The seamlessness and permeability is growing between private information and "public" or insider-SL information.

I'm here to tell you that if you are vocal or visible in particular, your RL information is going to be scraped up from all over the Internet, and people will be none-to-careful about even finding the *right* RL information.

It just seems to me that without a lot of drama, without a lot of anger and touchiness and derision, both LL and the third-party sites should simply reassure people in a straightforward manner that they are not misusing RL and SL information, and that they they will take measures to close off the gaps.

My trust in those sites and those individuals behaving in a derisive, abusive, and condescending manner is going to decrease in proportion to their bad behavior.

I haven't read the whole thread, so I apologize if this has been brought up. If this is deserving of its own thread, then I apologize for posting here. That said, has anyone considered the potential harm one could inflict upon both SL and the SL users with a public list of keys?

Were someone so inclined they could take the list of user keys, plug it into a script, and begin giving copies and copies of objects to people. Clogging up their inventory. Bogging down the inventory server. Essentially holding SL hostage. All because of a list of user keys.

I agree with Tcoz on this one. Keeping user information, even something as seemingly innocent as the av key, should be a priority for Linden Lab. For me, it's not paranoia, it a question of usability.

Ok, I'm bored at work and curious. So here's my hypothetical question:

Suppose I have a list of 5,000 keys. I then sell the list to my friend who runs a spamming business. My friend then mass-emails all 5,000 keys. Now, since my friend has never used SL before, will those emails go through and be received as IM's? If so, there's nothing LL can do to prevent it. They can take measures to block an IP, but that action does nothing to stop a spamming business.

Now, suppose I've placed my key-farming scripts in certain locations and do a little database processing on the outside. I can then begin to recognize trends such as when people are online and off, and what type of shops they visit. I can make algorithm-based guesses about gender/age and so forth (FYI, Walmart has been doing this for years). Now, I can target the IM spam to users at times when they are 'supposed' to be online. Maybe someone is online from 3pm-6pm, then offline from 6pm-8pm, and back online again from 8pm-midnight (local). I could theorize that the user takes a break for dinner from 6pm-8pm and deliver the following IM at 5:45pm: "Mmm, you must be hungry. Call Papa John's to have pizza delivered without leaving your Second Life!"

Okay, that's my hypothetical situation. It all hinges on whether or not a non-SL user would be able to send email to those published keys.

DoteDote,

No, a non-SL user could not send IMs into SL using the keys. Even an SL user cannot do it directly. I can't write a script on a web site that processes a list of keys and starts IMing people. The script would have to communicate with an object in SL that would then send out the IMS - there is no external access to IMs, except through offline IMs to email - that only works if the user initiates the IM from in SL first, and they expire after a certain point. That is why all of the constant harping about email and spam is silly.

It can all be done in SL right now, no external site needed, and like many things, is a TOS violation. Anyone could write an object that would send an IMs on a timer to a key (you can only IM one key at a time). Granted, none of this is needed - you can group IM the hell out of people now without any keys - I get spammed all the time by people who happen to have my calling card and decide that everyone they have ever met wants to know they are having some event.

You cannot communicate with SL without being a member, and without an object in SL handling the communications to an external site.

Jarod,

Flipper posted in a different thread about his experience when SLBoutique sent out wallet objects to its registered customers - he was contacted by a Linden almost immediately. There are flood protections in place to handle this kind of issue, and it is monitored.

Mmm. The great taste of Tcoz and Prokofy together at last.

~Ulrika~

Not to be argumentative, but I'm curious and you seem to know more about events surrounding this better than I do. Was that fully automated and/or designed to be maliscious? I have this image of someone rezzing a hundred or so prims in the sandbox, each primed with a key, that start pushing inventory items to people.

I'm being pessimistic, and obviously such a tactic would be avatar/account suicide for a person, but it seems like a valid concern none the less.

(Please don't think that I'm on a witch hunt or anything; up until my post above I was on the fence about Name2Key lists. Potential threats to the asset server just make me nervous these days.)

Edit: I will go look for that FlipperPA thread by the way! Thanks.

Jarod,

No obviously it wasn't designed to be malicious - Flipper was providing an updated object to customers of SLboutique. However, the thing you just pointed out - that someone could set up hundreds of objects, each with a key, all set to start doling out inventory repeatedly - all of that can be done right this minute, no key list needed. Stand at the welcome area or a busy telehub and you would have hundreds of keys very quickly that could be used.

I personally don't see a point to the public lists, however I do a see a point to something like Rathe's Name2Key service. My web based business does not operate with keys, but if it did, I would love to be able to deliver an item to customers to authenticate themselves instead of having to go find some arbitrary ATM terminal to link their avatar. Also, a very popular thing on third party store sites is the ability to send gifts to a friend - I send more items as gifts than I ever buy for myself. Without a key database, you could only send items to someone who had already registered with the site - hardly spontaneous. It is why I used SecondServer.net over others - it did not require me to go to an ATM to pay into or to link my avatar, and I could send a gift to anyone.

Yes, there is malicious potential in almost every LSL script function - it does not mean they should be hanicapped. It means that protections need to be in place for misuse. The oft used example is you can kill someone with a hammer, should we ban hammers? There needs to be a balance, and it gets lost in the midst of the hysteria about keys.

The point is, that it takes an asset that was collected covertly and sold (Rathe's service) and puts it into the public domain, where it should be. Folks can create a competing service, use the list so that they don't need a service, or just sign up for an opt-out list -- things that were not possible before the public list was published.

~Ulrika~

Tcoz,
It is not that you don't make valid points. The issue is this, right now you cant be spammed from outside of the grid. There are many useful things that furutre technology may be able to offer with key list. Much of it good.

So we could just forget anything good that comes from this. Or, LL can deal with abusers swiftly and with an iron fist, this would control any possible problem and allow those purposes that are for good.

So far, there is no problem. So don't see the reason for your fight against nothing.

I have yet to see any of this "good". The point is still "vendor services". It's Gator for SL.

You also seem to be assuming that the current state is the forever state, and that nobody will ever be inventive enough to abuse the compilation of these lists.

And, my questions remained unanswered.

What, specifically, are the intended uses for thousands of account names and keys compiled into lists and published on the public internet?

Is it right that people force this onto residents that want nothing to do with it, and require them to "opt out"?

Does SL release this information, which they own and control, into the public domain, as well as any responsibility for how it is used?

Is extracting the information from their software files, no matter how easy or hard it may be, considered "intended use", and therefore not a violation of the EULA?

If you call LL, and request info regarding an avatars account name and in world key, will they give it to you? They certainly are capable. If not, why not?

Why has LL declined to create a name2key service, or provide an account name/key list? They certainly are technically capable of doing it.

Where does it end? To what extent can I create out-of-world monitoring services, compilations of avatar info, etc? Yes, with XML RPC, I can create a tremendous amount of reporst regarding avatar movement, log ins/outs, and so forth. I've already done it, it works. In fact I was one of the first to actually produce an avatar tracking script that was published externally. Interestingly enough, people OBJECTED (I was not confining my efforts to my own land, I used the data to show me that people were not showing up for work on a particular project) so I REMOVED it. Out of RESPECT for PRIVACY and the security of the SL environment.

As also indicated, this "wallet" incident only resulted in a query by SL. They actually took no action.

People are deliberately understating the potential for abuse here, trying to convince people that it is essentially impossible. I have already validated, on my own, that it is much easier to do than people in these threads, who appear to have a vested interest of some kind if perpetuating this, state.

My questions remain unanswered.

Consider the overall vision of SL, and the intended scope and reach. Looking only at the "now" and "today" is deliberate shortsightedness.

I have also determined that, with the account info published on these lists, I can easily begin a dictionary attack on the login portion of this website. I know exactly what pages to call and how to do it. Once I have that...I HAVE YOUR ACCOUNT DATA. That's right. Last four digits, the whole bit.

Because you can not create an account with a different name than your avatar name. Which is now, thanks to bottomfeeders like Ulrika who apparently feels the need to continue to provoke me, published for everybody's use on the public internet.

Your account data is NOT confined to the SL environs. It can be used to hack your account on this very website, and a user does NOT require an account to do it. Particularly since the SL password policy is extremely lax.

One very big step in the right direction would be to enable creation of avatars that are not named the same as your login credentials.

"I can create a tremendous amount of reporst regarding avatar movement, log ins/outs, and so forth. I've already done it, it works."

Ew . . . you mean they would be able to tell exactly when and for how long I play the game?

Not that anyone in his right mind would be interested, but . . . ew.

How many of these lists are there? And how do I go about opting out of them?

coco

It is a shame that any decent conversation or ideas you may have are going to be completly ignorned because you resort to statements like this. EDIT: Glad you removed it...

Avatar Key = Avatar Name

Remove the ability to post Keys on 3rd party sites and you also remove the ability to post Avatar names on 3rd party sites. And this would mean that a person could not even start their own blog about SL if they used their very own Avatar name.

To me this is MUCH more harmful to SL than what you propose Tcoz.

Not only that, but for how long you've been on, and where you've gone.

Everybody in the game is basically a licensed PI.

And, remember, that list makes it very, very easy to begin a dictionary attack on the login portion of this website. That is most definitely not hysteria.

As I said before...

Allowing creation of accounts that do not have the same login credentials as the name of your avatar would be a big step in the right direction. That would make a CLEAR distinction between "public" and "private". Whether you agree or not, people ARE publishing your account data, and it CAN be used to hack your account. On this very website. It is done all the time all over the internet, and these lists largely enable it.

And how about a real password policy, alpha numeric and so on? There's a reason people do that as well.

And requiring that the services are "opt in" seems reasonable to me. My objection is that people seem to believe they have an implicit right to publish your data just because SL has not said they can't and has been ambiguous about their policy on the matter. Assuming such a right is presumptious to say the least.

Nobody has answered the question. Why not opt in? Why force people to opt out?

I can totally agree with this request!

*decides to join everyone else in beating a very dead and decaying horse* I'm bored, waiting for the grid to come back up... After reading this.. Maybe I should go outside and actually play in the sun for a while.

Frankly, I'll side with the public lists on this. Collecting keys is actually a public service to provider of goods in this manner:

Say I create an object that animates (Owenamation's Chimera's anyone?) dances, but there is a bug that seems to occur in a few of them, or even most of them. I have a list of names of people who bought said object and I have a working update to fix the glitch. Unforunately, I only got their names, not their keys (which if I had 'em, I could just do a mass IM via another object to alert them that there is an issue and that there is an update to fix it.) I can plug their names into the system, get their keys and be able to do the mass IM easily. Probably also calling down a Linden in the process and getting questioned to the n'th degree for doing it.

Public lists are actually both good and bad, but right now, the good outweigh the bad.

Not to mention it does make it a bit harder for some idiot to make a profit off of selling keys that they'd collected over time via their vendors and other such objects. I mean without 'em, I could easily collect keys, sell 'em to another, without ANYONE KNOWING. And since doing that would prove how amoral I was, I wouldn't care about the moral/ethics of the person I was selling to. This way, I'd make a profit, and everyone would be miserable. Do we really want THAT? And don't say no one would pay for a list of keys either...