Are We Nearly There Yet?

8 03 2011

I have been quiet the last few days, but not inactive. I am doing some research on the number of sims that actually have active RedZone installations, and I hope to have something reasonably conclusive to report fairly soon.

In the meantime there is a burning (or at least warmly glowing) question that people are asking:

Has Linden Lab done all that it can to ban RedZone spyware from the grid?

When I started this blog, only about 6 weeks ago, I had no idea that Linden Lab would move so far so quickly. The reason for this is that prior to my blogging, I had been following RedZone for some time, and in that time there was simply no sign that Linden Lab were taking the issue seriously. ARs seemed to be ignored, and a comment on another JIRA by Samuel Linden appeared to be totally dismissive of real security concerns regarding the Second Life client software.

But the last 6 weeks saw a storm of protest, and all the time it seems that there was an internal fight going on in the lab between those who felt that residents concerns about privacy were very important, and those who apparently felt a hands off approach was better. I will note that no one in Linden Lab ever gave the impression they actually liked what RedZone was doing.

And so at last we have seen action. As per the news on the JIRA and various blogs, including this one, we all know that Linden Lab has clarified their community guidelines to make it very clear that harvesting of IP addresses and linking to second life avatar profiles to provide profiles of users is clearly against their terms of service (as well as the law in many localities). They banned RedZone from the marketplace twice, and also removed it from in world stores and have insisted that alt outing functionality should be banned.

Additionally Sione Lomu and other developers have provided fixes to the SL client along the lines that I suggested were necessary in this blog in my article on “The Security Hole in the Second Life Client”. (I am not taking credit for the idea of the patches; I suspect work was already underway on these, and the fix is obvious to anyone with an internet security background).

It is also clear that Linden Lab will be incorporating the patch or something very similar in their own official viewer. Moreover, the hiding of the stream URLs, which I argued was wrongheaded and ineffective, is coming out of the client as per Oz Linden’s own JIRA.

So in essence everything I suggested Linden Lab should do has been or is being done. They are fixing the security holes and forbidding use of alt outing functionality.

So why not stop there?

The problem is zFire’s database still exists, and his customers are still freely gathering data for him. Most of those customers do not have the links to alts, but he does. That is problem number one. This data collection remains illegal

But the problem is not really one Linden Lab can act on. They can ban zFire and his alts, but that won’t stop him coming back later with new alts and the same database, or leaking the database to all his friends (if he has any).

Linden Lab could attempt to get the courts to seize the database, but this is both messy and difficult. The legal grounds for such seizure must surely be based on the personal data that is held in it. But any such action would have to be prosecuted first in Europe. To be clear, I have spoken to the Information Commissioner’s Office in the UK about this, and the process is rather complex. The ICO, in the first instance would just try to speak to zFire to get him to desist from the data collection. Any action prosecuted under English law, at least, would be long and protracted and the database would no doubt be leaked or moved long before we approached any resolution – even if anyone thought the prosecution was worth the substantial costs involved.

So zFire’s database is not an easy legal target, and I fully understand why Linden Lab does not move against that. I don’t like it, but I think the lab has gone as far as it can on that point.

Data collection is another issue. Data collection without consent remains illegal and also against the Lab’s own TOS, and I think Linden Lab could continue to ban this product from in world stores wherever found. That is the only point on which I think Linden Lab has fallen short. Other than this they have done all that we asked and that they reasonably could.

Oh except one other thing:

The database and RedZone systems are linked to the neighbourhood watch website. This website continues to out people’s alts, because listed on it are literally hundreds of avatar profiles with alts listed. The neighbourhood watch is, in my opinion, one of the nastiest things about RedZone. It is full of slanderous accusations and petty spite. Anyone who posted there needs to be firmly slapped with a damp eel for several hours or until they begin to see sense.

An argument will be posited “this is a website outside of Linden Lab’s service and thus not subject to TOS”. To which I say fuey! This database is populated by RedZone systems and available to in world RedZone huds. It acts as a database back end to the RedZone system. I therefore believe that RedZone remains in contravention of the Terms of Service, and should ARd for revealing alt information and other personal information about users of the Second Life service to those using RedZone in world.

Let’s hope Linden Lab will move on these last points, and then at last perhaps we will have seen the end of this nasty little system




11 responses

8 03 2011
Azure Twine

Thank you for the update 🙂
Yes I agree with all your points. Unfortunately the US is not any swifter and it is difficult enough to make the case for a crime with no clear victim.

Linden Lab really needs to make a stand against ALL these devices. Redzone was a good target because of its larger user base, the extra “features” like the neighborhood watch and zfire’s arrogance. While CDS and quickstart have tried to keep a low profile, zfire has been flamboyantly flaunting his wonderful gadget. He continues to flaunt how he plans to circumvent the TOS like a spoiled child trying to figure out how to sneak out of the house.

Anyone who truly had common sense, morals and a concern for the community at large would not be behaving as if this is a “holy war to the death”. None of us supports copybotting and griefing. real griefers and copybotters are not gonna put their names out there, they will lie low and see what happens. Will someone please help zfire grow up?

8 03 2011
Verina Resident

Greenzone alerts us to the zfRedzone. Does it work also for other systems, i.e. the CDS and quickstart mentioned by Azure?

8 03 2011
A User

Finally someone said it! Someone finally said everything that no one else has. Especially the last 2 paragraphs. Their website is slanderous and it still reveals alt information.

By the way, on your topic about taking legal action against zfire, LL or anyone whom wanted to take zfire to court, would have to be done in a World Court because zfire is not in the same country as LL. World court won’t do anything to solve anything.

9 03 2011
Azure Twine

A User? really you don’t know? zfire lives in the United States. Google his LLC (Insanity Productions) and also you can look up his IP for the server. You will discover exactly where he lives and it is the united states. What made you think otherwise?

10 03 2011

Where does he live? I’d like to file a lawsuit against that man for discrimnation against a disabled person. If Linden won’t do anything about this crook I will.

9 03 2011
Michelle Massivitus

You talk about the neighborhood watchlist, some sims/store owners are using that list to ban avatars from their sims and stores. How do I know this? I was wrongfully accused with redzone because of a petty argument with someone who uses redzone. Now I’m not able to get to some sims and stores because someone has decided to be a child about this and to ruin my second life. So those who have been having hell from redzone are still affected by it even after it’s been banned from sl. Shows that you can’t really get rid of it no matter how hard you try.

10 03 2011

THey closed my account because I complained about RedZone and the terrible emails he sent to me saying blind people shouldn’t be allowed to use SL and he represented himself as being “foreign” and not able to speak english and called me a “princess” whatever he meant by that, I didn’t use foul language or anything with this man, I just told him I wasn’t a copybot and he said if I begged his forgiveness he would think about letting me back into Second Life otherwise he’d have me kicked out. Now after I complained apparently too many times and Charlene Linden told me she couldn’t do anything about RedZone or even wanted to hear about it they put my account on hold and now I can’t even access it. No reason why no explanation they just did it and I have money in my account and they have my credit card info to charge my premium account and I’m not even able to use my account. This is disgraceful I think but no one in Lindens seems to care about the people who have been loyal customers for many years, I have been in SL for almost 5 years with no problems until RedZone called me a copybot. Now my SL is ruined and I have to find another way to talk to my friends every day, being homebound this has broken my heart.

9 03 2011
Magnuz Binder

I know the feeling, since I’m one of the 2360 “copybots” manually added by Mikey-boy for him having a grudge with. He prefers labeling those as “copybots”, since that means they’re globally banned without the individual RedZone users having to do anything. Still, I have no major problem with that, since I wouldn’t like to sponsor those using RedZone with my money or my visits anyway.

Now, in the end, I had enough of LL continuing to permit Mikey-boy’s spyware running on their servers, so I decided pulling the plug on SL entirely, withdrawing all my content and abandoning all my land (almost 2 full sims) there for the same reason I boycot any RZ user. Today, LL no longer has a monopoly, but there are OpenSim worlds with the same functionality out there to chose from as well, although still much smaller and with far less richness in content than SL.

9 03 2011
Michelle Massivitus

My friends have boycotted those who have redzone, or who have banned users who were labeled as “copyboters” but I highly doubt that those store owners/sim owners won’t really care if a few people stop shopping or going to their sims.

9 03 2011
Florimel Enderfield

Actually, zFire is being more than slightly foolish hiding his Second Life business under what looks like a LLC that also does things in real life.

Mikey was kind enough to update his information at as recently as Feb 15, 2011, so there’s a nice current up to date entry there.

Interestingly enough Insanity Productions LLC seems to be more than a single person in a basement. It claims to have between 5 and 9 people according to manta.

And more interestingly, the business areas claimed are:
Online Security
Video Publishing
DARPA Research

I think we have plenty of evidence on how good his “Onlne Security” is.
The “Video Publishing” explains the rather wide variety of names you need to use in the hosts table.
The “DARPA Research” looks rather interesting. Wonder what DARPA would do if shown how immoral zFire is?

And as icing on the cake. Mikey uses COMCAST as his internet provider. And he’s in violation of at least 2 sections of the COMCAST Acceptable Use Policy. And possibly 4 violations if he’s using a residential account instead of a commercial account.

For those of you who read this who live in Europe, pay rather close attention to this paragraph.

undertake or accomplish any unlawful purpose. This includes, but is not limited to, posting,
storing, transmitting or disseminating information, data or material which is libelous, obscene,
unlawful, threatening or defamatory, or which infringes the intellectual property rights of any
person or entity, or which in any way constitutes or encourages conduct that would constitute a
criminal offense, or otherwise violate any local, state, federal, or non-U.S. law, order, or
zFire may not consider European law to have any force in the United States, but COMCAST seems to feel otherwise given the “or non-U.S. law” clause in their acceptable use policy. May be useful to have an official send a message to COMCAST. Of course, it would be a pity to have COMCAST terminate zFire’s internet connection especially since it seems to be used for other purposes than Second Life commerce. But then again, he’s the one who decided to have RedZone covered under it’s umbrella.

9 03 2011

Hi, well I complained to Lindens many times and they told me they were very sorry and so on they couldn’t do anything about RedZone, and I guess I complained too many times about RedZone so they put my account on hold with no explanation and now I can’t even access my account online to see if they are still using my personal credit card info. I was accused for months for being a copybot and being ejected every day from many sims as soon as I would land then for being a former copybot by RedZone. When I continued to complain Lindens put me out with no explanation, they didn’t even tell me they were doing it just one day I couldn’t get logged on then I get an email my account is on hold,but I could still access online to see what they might be doing, but I couldn’t even read my ticket history, and I have a premium account. How can I keep them from taking money out of my account if I can’t even cancel my account? or even see what is going on? I can’t even file a ticket or complain now. I have heard of other people wrongly accused of being copybots by this RedZone and complaining and Lindens banning THEM for complaining…now I am a blind woman who uses SL as a social gathering place to meet my friends, I don’t even build I don’t do perverted things I don’t use foul language and I certainly don’t “copybot” I spent hundreds of dollars in SL and have an inventory probably worth 3-4 thousand of dollars over the years, I have rented land and houses and can’t even get to them. What do you do when they make a decision about you and don’t even tell you what is going on? I have filed a complaint with the BBB of San Francisco not that will do any good, but when you feel helpless it was all I could think to do. Is there anyone who can help me?

%d bloggers like this: