Is RedZone allowed?

9 02 2011

In the RedZone forum today, zFire’s biggest Fanboi writes:

(Privacy Policy) TOS
“Further, you agree and understand that Linden Lab does not control and is not responsible for information, privacy or security practices concerning data that you provide to, or that may otherwise be collected by, Second Life users other than Linden Lab. For instance, some services operated by Second Life users may provide content that is accessed through and located on third party (non-Linden Lab) servers that may log IP addresses.

Looks like am not breaking any law to scan people

This user is from Blackburn, England. So I have news for him. Yes he is.

As we have seen, Even zFire is breaking European law, because he uses equipment in Europe for his data gathering. But you would think a British citizen would be a little more aware of the protections and rights afforded him in his own domicile.

As for this favoured quotation that Redzoneophiles keep trotting out. The Second Life Terms of Service are an agreement between a user of the Second Life Service and Linden Labs. The purpose of that clause is so that Linden Labs will not be held liable if someone does something illegal with IP data gathered outside of their service. Like what RedZone is doing.

See the key terms here are “Linden Lab does not control and is not responsible for”. It does not say that Optimus Prime or Micky Mouse or anyone else has a legal right to harvest data in a way that contravenes the OECD privacy definitions and breaks European law. It just says that we have to file suit against the perpetrator and not Linden Labs.

Of course, we won’t file suit. But YES Cole, you ARE breaking the law.

Advertisements

Actions

Information

10 responses

10 02 2011
Florimel Enderfield

Hmm. Given that the fans of RedZone enjoy pointing out that paragraph in Linden Lab’s privacy policy, then perhaps they might be willing to answer a question about that paragraph….

In what way does RedZone provide me any content? Seems that if they’re sending me a media URL for my client to connect to, then it should be common sense for them to provide me some actual media to listen to or watch.

10 02 2011
zFire Xue

RedZone is not offering you any content unless you view the RedZone website. I suppose you are welcome to the forums, or information on that site. Please note that RedZone is not required to offer you any content.

10 02 2011
zFire Xue

IP addresses are not private information nor personal information.
Are google, hotmail, yahoo, ebay, facebook, myspace, amazon, and every other major website therefore illegal in your eyes?
European law, and every other law, has no right or ability to restrict IP logging or data use. Otherwise the internet itself would not function.

Furthermore, usernames are not private information.

I quote Samuel Linden
https://jira.secondlife.com/browse/VWR-21305
Samuel Linden added a comment – 26/Feb/10 2:32 PM
We need to thank the resident for bringing this to our attention. We do not consider IP gathering to be an actionable security exploit. This has been possible for quite some time with 1.23 and earlier viewers. Shared Media makes this easier, but we have provided residents with the means to turn off Auto Play. We can communicate that they disable Auto Play if they are concerned about having their IP address logged.

10 02 2011
no2redzone

Welcome zFire. We were all wondering when you would show up. Before getting your facts wrong in further comments, please read the article in this blog onRedZone and personal data. That will help you with your continued confusion of “private information” and the legal definition of “personal information”.

And as you are suggesting that turning of shared media is an acceptable solution to avoiding data harvesting, would you mind explaining why you think banning people with media off is a good idea?

Could you also please tell us how you wish to comply with the principles of the UK data protection act for UK users and victims of your service? In particular the first principle on fair collection, and the principle on data accuracy. Also our rights in the UK to inspect the data you hold on us.

13 02 2011
zFire Xue

Thank you for the welcome.
I expected nothing but foul language from you to be honest, but I realize you are working on a Public Relations campaign to attack RedZone, in order to unban fellow copybots.

I would love to remind you IPs are not private, and Usernames are not personal. See above links from last post.

Great question about banning people with media off! It sounds like you think that is a bad idea?
That was a feature request by a user who offers an entertainment sim who was getting griefed by someone. They realized people with media off had no reason to be there. I realized that so many people including greenzone people think that they are not logged with media off. You have given them this idea that they are invisible when copybotting with media off. Sort of as a slap in the face of a myth, I created that option for some of my very own zRZ users who believe the rumor. Many people have media off, and it is not effective to ban people with media off. Clearly.

I even explain right next to the setting to ban people with media off, that it is a BAD setting to use due to the number of people that have media off for lag time issues etc. You might not know that I offer many warnings, links, and explanations in an attempt to educate people who are a victim of a rumor.

UK data protection. Another great question!
The UK version of eBay, google, yahoo (Must I honestly continue this list?) all log IP addresses. Logging IP addresses is normal. Anyone that even knows with wireshark is MUST know that.
This is why I assume your effort has nothing to do with “privacy” and everything to do with revenge over the deaths of copybots.
I do not give out IP addresses. However WordPress.com DOES!!! Why don’t you write a blog about them? Make it look as good as your story about me. Tell people how you hacked the IP database of wordpress.com and offer some pictures, mentions of hacker buzzwords and people will believe you again.

Data collection is fair around the world. Accuracy, is double checked with the Alt Metrics Tool. You should do an article on that next.

Why do people keep talking about the UK?
I am not in the UK, and the UK has no right to inspect my data.
Seriously, you have made a mistake.
England? Where did you get that idea.
Anyone can ping my server and see you made some big mistakes in your facts. And you ask me about accuracy?

13 02 2011
no2redzone

Why do you expect nothing but foul language from me? I never use foul language. You are indeed welcome here. I would, however, like to know what you are doing to ensure you comply with European data protection law.

You say I am working on a PR campaign to get copybotters unbanned. Is this nuspeak? Where do I support copybotters? why do you persist in this errant line? Could it be another attempt at guilt by association? Let’s het a few points clear:

1. I pay for ALL my content. I do this on SL and RL. I am frequently the target of jesting by people who cannot believe I would choose to do so. I know nothing of copybotters. I do not personally know anyone who has been banned for copybotting.

2. Your software is also useless for the detection of copybots, as you well know. Its only ability is to link a ban list on multiple sims, if – through some other means – you have discovered a copybotter.

3. I have nothing to do with Greenzone. I do not even know who the Greenzone team is. I only very recently got myself a copy of the now free Greenzone software.

4. Your continual attempts to belittle and slander those people who object, on philosophical and legal grounds, spyware collection of IP addresses by a third party who links those data with personal data and sells it to customers (who clearly believe it now has value as personal data or else they would not pay) really reflects very poorly on you as a person.

Despite the rumours I have heard, I do not go around accusing you and others of various things. But this “copybot” allegation is made up in your head. You do not seem to realise that the vast majority of users of the Second Life service seem to find your operation either laughable or else highly objectionable.

Yes I think banning people with media off is a terrible idea, as would you had you thought about it because:

1. It is illegal! It discriminates against a group of people, specifically people with hearing difficulties, who do not use streaming media. There is case law on this point (EU versus Greece 2010 comes to mind. I can get you an exact reference if you care). Just to be clear on this again, as you operate in Europe, you are subject to those laws. If you take steps not to collate data on Europeans and not to sell to Europeans, you can ignore those laws – although may fall foul of similar legislation in the USA.

2. Linden Labs’ argument for not plugging the security exploit in their browser is that media off is a solution to it. To ban people for having media off would probably therefore be grounds for an AR. But who knows – ARs seem to be a blunt instrument.

3. Many people keep media off to save on bandwidth, either because they pay for it or are on slow connections. Your assumption that all people with media off are people trying to avoid your software is as stupid as the assumption that I and others have anything to do with greenzone, or that all people with objections to you are copybotters. Silly boy.

3. How would you implement it? The only way you can detect media off is to send the results of the redzone scan back from the sim, and match these with GET requests from a client of the same name. But what happens if there is packet loss, or some firewall filtering outside the users control, such that you get the sim result but do not (in a timely fashion) get the other. As your database is extremely overloaded (time to buy a second Mac Pro perhaps? The one you have is a nice machine but seems to be struggling under the load), it is entirely possible that you would simply discard the user GET requests for an extended period owing to insufficient database connections. You will thus end up banning people with media ON as well.

Why do you need me to tell you this? Because frankly, you do not know very much about writing security software. Not that you care. For you, I suspect it is all about your bottom line.

UK ebay etc must comply with data protection law, which is why they do not do the kind of thing you are doing. Your ignorance of the law is not, btw, an excuse.

And once again, if I collect your IP address and share it with other wordpress users and then sell the results, I too would be breaking the law. I don’t do that, because unlike you, I am a law abiding citizen.

Lastly, yes, in law I do have the right to all data you have relating to me. If you think I think you are in the UK, you are wrong. I know full well you are in a small apartment in a locality to the North of Washington state.

13 02 2011
zFire Xue

Next time you have an REAL facts or questions, do not expect me to find some random blog among the piles of blogs. Come and ask me on my forum, Notecard, email, or something. Seriously.
But I would buy you a drink for the free awareness campaign and making my points for me. Sales are way up do to the uproar your people have created.

Intelligent people can verify your information and see where it falls short of actually doing or meaning anything.

Most people stop listening after the whole IP privacy nonsince.

13 02 2011
no2redzone

I will not be posting on your forums owing to your penchant for deleting threads that show RedZone in a bad light.

I leave all comments to stand on this blog. I think that is fairer. There is nothing worse than writing a long message just to have someone delete it because it shows their software in a bad light. If you do not wish to engage here, that is your choice. At least you know I will not delete your messages.

If I have to edit anything to comply with data protection law I will ensure I mark quite clearly what I edited and why.

13 02 2011
zFire Xue

Did you seriously remove my link to your banned copybot founder?
http://isellsl.ath.cx/madsci/forum/viewtopic.php?f=8&t=397

I would not delete YOUR slander from my forums.
In fact I would collect them to catch you in your words as you should do with mine. So keep that link.

13 02 2011
no2redzone

I did not remove your link. I approve all posts without editing except from spammers.

See above re copybot founder though. Nothing to do withme. I have no idea who you are talking about, although I note it is not RedZone you use to present evidence.




%d bloggers like this: