A Recap of Last Week

20 02 2011

It really has not been a good week for zFire. As he desperately tried to fix the gaping security holes in his software, and kept breaking it in the process, he rolled out a grand total of 6 updates in a week. Sim owners have become heartily sick of updating. His server was offline for up to 5 hours at one point, attracting criticism and for several days there were no updates being taken into the database. More criticism was fired at him when he disabled the alt scanner HUD for several days, only to relaunch it without any changes.

Also last week zFire Xue claimed Linden Lab approval for and impending public endorsement of his spyware:

by zFire Xue » Mon Feb 14, 2011 9:17 pm

[…] I try to explain and they make up random stuff.
Wait until they see an LL endorsement. I have asked to meet with them regarding a public endorsement to put all the lies to rest and help the security of SL businesses, economy and reduce drama to improve the enjoyment of secondlife.
Greenies are in serous trouble with LL.

Three days later Linden Lab responded by delisting RedZone spyware from their marketplace.

The last product review for his software before it was delisted read:

big redzone problems
Posted February 15, 2011 by Jeremiah Grigorovich 1 star
This thing has never worked as it said. It keeps listing me as alts of people, that I don’t even know. How do I get my money back?

Advertisements

Actions

Information

17 responses

20 02 2011
VeiledVamp Veranes

Curious how you know it was LL who delisted the product, and not zfire.

20 02 2011
no2redzone

1. Both RedZone AND Quickware Alts Pro were removed. Both are alt scanners.

2. zFire tried to hush up the problem – deleting forum threads where concerned owners asked about it. He still has not actually admitted it is delisted and is leaving the PR to his flunkies.

3. Comments by certain employees of Linden Lab have tended to confirmed this

If I have misread that, zFire may now relist and show me up big time. I am not holding my breath though.

Looks like Linden Lab has taken its first step towards enforcing its TOS against the spyware operators.

21 02 2011
VeiledVamp Veranes

Thanks! Appreciate your blog, nicely done. 🙂

21 02 2011
Nelson Jenkins

I can confirm that LL themselves removed both RedZone and QAP last Monday primarily at CEO Rod Humble’s request, mostly because of the uproar from Second Life residents, not because of any particular legal reason (or so I am told).

20 02 2011
Azure Twine

Linden Lab and the merchant are the only people who can de-list an item. suspiciously the other alt scanner, that none of has really mentioned has also been removed.

zFire has yet to give any reason himself for the item bot being on marketplace and it was a huge seller.

I don’t know what planet zfire lives on, but as long as I have been on SL, Linden Lab has never come out “publicly” endorsing a product. the closest they have come is by not pulling it and saying it is ok, like Zyngo.

Finally, while the name “Greenies” sounds cute and stuff… it is already the name of a sim and place of business within second lfe. There may be some trademark violation there for dear zfire in continuing to refer to greenzone users as such. And we know he loves him his trademarks!!

21 02 2011
John Williams

I found this on another blog. Don’t know if it is true or not.

================

You always can give him a call to stop scanning:

Insanity Productions LLC
5030 212th Street Sw Apartment A
Mountlake Terrace, WA 98043-3353 map

(425) 877-5890

http://www.manta.com/c/mtcn0q1/insanity-productions-llc

21 02 2011
Goodnight sweet prince

Nice. Give him a call? Nah. I think I’ll pay him a visit. He’s only a couple of miles from me.

21 02 2011
Magnuz Binder

@Nelson Jenkins
Wait wait wait! Are you saying that Mikey-boy wasn’t right when he stated that the opinion of the Linden Labs CEO didn’t matter??? (concerning Rod’s views on privacy)

Still, it’s a bit sad if Linden Labs interpret their own ToS so differently from how very many of their customers do, so they believe there is no legal ground (violation of ToS) to remove the systems.

21 02 2011
Magnuz Binder

Seems like Mikey-boy is at it again, trying to make a slap on his wrist seem like a victory (http://www.sluniverse.com/php/vb/general-sl-discussion/47314-zf-redzone-disclosure-secondlife-alts-87.html#post1157103).

My guess is, if it’s not all bull, that for Linden Labs to permit any continued existence of RedZone in SL at all, they have required the avatar name/data to be transmitted in a non-recoverable hashed format from the in-world script. That is the one part they can easily check and enforce.

That still doesn’t solve the problems neither with the very flawed alt detection, nor with the existing database though, and the fact that Mikey-boy most definitely will circumvent the anonymization by linking hashes to user names, at least for his own and some trusted RedZone users’ continued stalking.

21 02 2011
Nelson Jenkins

I asked my contact about this.

1.) There has been, and never will be, any concession in the ToS for RedZone and other alt-detection products, as claimed in the post you linked. The Lindens are apparently working (slowly) on a way to eliminate these services entirely from the grid while not having to refund hundreds/thousands of people their money for falling for this scam. Virtually none of them find RedZone and the like actually useful for Second Life, but they know if they flat-out say no, they’ll have a few hundred/thousand users in uproar (I suppose this outweighs the thousands more that would sleep with a Linden employee if they were to follow through with this, but that’s beside the point).
2.) LL will not follow through with a “private” RedZone if zF changes the domain name and hides his activities through encryption (even though it would be very low-grade since we’re talking SL). There is simply no effective way to combat such a system, especially if none of its users squeal.
3.) There has been virtually zero headway in finding an “opt-in”/”opt-out” solution because of users that wish to (or need to, by contract) keep their streams hidden.
4.) LL will be unable to force zF to remove the database entirely, but they will be able to prevent it from being accessed in-world. I have been told the only way to force the removal of the database would be through legal action, and LL has no grounds.

21 02 2011
Nelson Jenkins

*has not been

I’m a bit drunk.

25 02 2011
Rooted

No grounds?

I find that somewhat at odds with California’s Online Privacy Protection Act, and LL’s TOS (the latter requires all users to use Secondlife in accordance with Californian law).

I’m no lawyer though.

28 02 2011
Jenni Darkwatch

Sorry for the late reply. “Hidden” streams always have been fairly pointless, they’re not hidden except from very casual users.

Making an opt-in/opt-out would be totally trivial, while still keeping the illusion of “hidden” streams. Hide the TLD by hashing it, only showing the host and any parameters… i.e. http://stream1234.somehost.abc/bleh.php?x=abc&y=def would become http://stream1234.*/bleh.php?x=abc&y=def, for example. Could even go further and just say http://stream1234.*/bleh.php?* with a warning that the URL contains parameters.

Why only camouflage the TLD? Because I could conceivably write such a silly “alt-detector” and employ a wildcard domain to grab the actual data, i.e. along the lines of http://jenni.darkwatch.somehost.abc/ and a catch-all web-server which simply checks $_SERVER[“HTTP_HOST”].

1 03 2011
Jenni Darkwatch

Eh… replace TLD with registered domain… But I’m sure you knew what I meant.

22 02 2011
Anonymous

Don’t worry about the database guys, we’ll take care of that.

We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.

21 02 2011
Magnuz Binder

@Nelson Jenkins
Thank you for the information, and if it’s accurate, it’s some light in the end of the tunnel for those who’ll remain in SL.

Personally, I’ve already lost my trust in LL though. My account has been suspended for more than a week now, owing to what an inside (RedZone) source has told me was organized and false abuse reports against me, and without any response to the appeal I posted.

I’ve spent that week discovering that the OpenSim worlds are now reaching a maturity where they can compete well with SL in most respects that interest me, and at a far lower price. So, basically, I am seeing less and less reason to pay USD 6,000/year to LL for something they at any time can and obviously will bereft me the possibility to even use for no valid reason.

13 03 2011
Prokofy Neva

Nelson, can you account for how it is that you happen to be so “well plugged in” to the Lindens? Are you a former Linden? Or a resident who is pals with a resident-turned-Linden? Or how does that work?

While I personally would never use Red Zone or any similar product in my business, and I use only the land tools for bans and ejections — I don’t allow any security devices whatsoever on any of my properties and that has always been the best policy for all — I do have to say that this guy wouldn’t have a business if it weren’t for fear and loathing in Second Life and the desire not even to combat copybotting, but to out alts due to distrust in the anonymous environment. zFire would not exist unless everyone who bought from him and looked at alt lists bought from him.

And his product is back up on the Marketplace, with a chance that it no longer allows the individual user to see the alt links, but apparently still allows him to. He himself is still in the people list.

So the idea that there are these Lindens swaggering around (like Soft Linden) on bidding from various FIC types like yourself, deciding to remove people and their products from the world on an ad hoc basis contravening the TOS is in fact not true.

And that’s a good thing. This company already has too much discretionary power. Long ago (June 2010) I first encountered zFire, his nasty security persona, and saw reference to his product, and I criticized him on my blog — back when others were rushing to buy his product.

But I have to say that he has played to the market perfectly, he is creative, he has made a variety of products that have been in demand, his business cannot be characterized as illegal if he himself does not out the alts, and as for his third-party site grabbing SL passwords logged in as mistaken tries by habit, sure, that’s unethical and illegal if he uses it for theft or blackmail, but it’s not LL’s problem, and it’s not something you would want them to enforce because that would be overreach.

You all have such a thin grasp of the rule of law, and you’re prepared to let Anonymous/Woodbury/whatever do your “justice” for you — those disgusting e-thugs who are worse than the criminals they fight.




%d bloggers like this: