The First Spyware Definition

18 02 2011

Spyware is any software which employs a user’s Internet connection in the background (the so-called ‘backchannel’) without their knowledge or explicit permission.

Steve Gibson. Excerpted from Privacy Invasive Software


What was zf Redzone? (updated 7/7/11)

1 02 2011

zf Redzone was a Second Life spyware product that used a security hole in the software from Linden Lab to collect and collate user profiles of the users of the service recorded against IP addresses. The software attempted to do two things:

  1. It attempted to identify people using unapproved viewers by looking at the browser User Agent setting in the viewer. It labeled any viewer using an unorthodox user agent as a “copybot” (i.e. a malicious user attempting to make unapproved copies of in world creations of other users). Needless to say this was easily bypassed by actual malicious users (who generally make their viewers respond like the genuine article) whereas developers or anyone having the audacity to modify the user agent got labelled as copybots and banned from all redzone sites. The maker of the sofware also added people manually to the copybot list if they annoyed him and they thus earned bans on all sims using the product.
  2. It attempted to identify alternate accounts (alts) by matching IP addresses of users. Needless to say this was naive in the extreme, as use of web proxies is extremely widespread, and shared DHCP ranges often cause IP address sharing between unwitting users of the same ISP. The maker of the software rather disingenuously claimed that false positives were probably known to the malicious users and therefore malicious themselves.

Additionally the maker of the software was secretly harvesting the SL passwords of his own users where those users accidentally or deliberately entered SL passwords against thair SL username when logging in to his site. Many of those users also used the same passwords for their alts, who – as noted above – were also being identified by this software.

The utility of Redzone was limited and its risks very high, but many are suckered into paying the rather high cost of this spyware for what they perceived as the ability to discover the alts of other users. This raises a number of privacy concerns and related legal concerns, and Linden Lab specifically changed their terms of service to make it clear that sharing of alt information in this way was not permitted on their service.

Concerns were dismissed by the RedZone author as being inconsequential. His argument that sim owners have a right to protect themselves from the alts of people they have banned from their sims for whatever reason carries some merit – with one very large caveat: Those sim owners should have been front about the spyware and its purpose, and allow opt in access – access the simulator if you are content to be scanned, or leave if you are not.

It is the fact that Redzone did not give that choice, but secretly collected data through a security vulnerability in Second Life software that made this spyware and not a security tool. The spyware was operated by a US felon (criminal), and he is now back in prison – at least in part because of his spyware operation.