zFire Taken to Wearing a Skirt

24 02 2011

Rumour has it that zFire is having trouble with incendiary pants these days, and his only solution is to start wearing skirts instead.

Why is that? well it does rather look like he is suffering from pseudologia fantastica. The last couple of days have seen his fabrications reaching mythomaniac proportions.

Let’s unwind some of these. Starting with his stats again, he published more today. Despite the fact we have observed almost zero activity at his shop, his latest stats tell us he has sold another whopping 342 RedZone units in the last 2 days. That is still well over 7 units an hour – one unit every 10 minutes 24 hours a day for 2 days. Once again, this despite the fact his product was banned from the marketplace.

Pretty good going on sim traffic if 1400. That means that everyone wanting a RedZone device TPs to his sim, spends 7 minutes purchasing the product and TPs out, and that no one dawdles, and ever person on the sim buys the product.

Oh wait – except that AFK avatar avatar is still there… now if that avatar is there all the time then that actually means that his shop gets no other visitors (or as close as makes no difference). Real total sales of RedZone last 24 hours? 0 (or maybe 1 if the AFK person bought one).

The other stats continue to lie too… but thats okay because zFire entertained us with new lies. His customers were expressing concern that his product was about to be banned, and asked why he had remained silent on the marketplace ban of all alt detectors last week. After much begging, he finally broke silence

Re: Sharing GreenZone griefers with the community‬
‪‬by ‪zFire Xue‬ » Wed Feb 23, 2011 1:03 pm
So what is the latest Rumor about RedZone not being on the Marketplace? =)
I have been speaking with LL in regards to a group of people who have been harassing a group of Tier paying RedZone owners.

If I only had a penny for every time zFire claimed to be speaking to Lindens, or working with Lindens to ban all the evil terrorists, or assisting a Linden investigation, or getting Linden Labs to change their TOS, or helping Linden Lab improve their security!!! I would be rich enough by now to buy Linden Lab myself!

If zFire Zue has been speaking to Linden Labs, then frankly I am Dobby the House Elf.

Ll does not stand for that, but they are slow to suspend and ban the GZ griefing.

He has to say this because 2 weeks ago he said al the GreenZone people were about to be banned or suspended. He predicted the end of GreenZone within a week. Now apart from his usual conflation of all criticism of him with GreenZone, the proof of his lie is in that no such bans or suspensions seem to have happened.

I have also been talking with them about how to continue banning Copybots, their alts, and alts of people you have banned

Let us be clear on this: Random guy in a Washington basement, who thinks user agents and dynamic IP bans are a good way to ban people, and whose own security is so ludicrously weak that I could crack his encryption with paper and pencil, and I did not even mention all the other stuff that he has done so terribly wrong that it would take me several lectures just to cover it all… he wants to talk to Linden Labs – people with actual *qualifications* in Computer Science – how to go about banning copybots and alts?

That is like me going to tell a ballet dancer how to pirouette! (For those who don’t know me, which is nearly all readers here, I dance like a dyspraxic hippo in a kilt).

I am not sure if the above was a barefaced lie. I expect it is, but its just possible that he is talking at Lindens, who are soothingly patting his head and smiling condescending smiles, as they fight down their urge to break several of the 10 commandments in quick succession.

I even assured one of the more polite GZ members that the idea of stalking will be impossible with the zRZ HUD v1.5 (Currently not released).

This may actually be true. When his product was banned from the Marketplace, the Lindens may have told him that it was specifically the alt detection he had to remove. It may be he is attempting to comply. I hope that this is not the case, as the problem with RedZone goes beyond alt detection, and is bound up in the existence of that illegal database, and its silent collection of data through a viewer exploit. A product that actually said “click this URL to have your IP address permanently recorded against your avatar name” would be the only thing that would be legal, although the existing database would also need to be purged. We will see.

Linden Labs is more interested in protecting their tens of thousands of Tier paying residents then responding directly to the rumors created mostly by problem people.

Linden Lab is more clever than that. They know that (1) Only 3% of sims run RedZone – most sim owners do not run it. (2) More people who oppose it have sims than those who own it and support it, but even if neither of these were true (3) Sim owners are often there to make money. They buy the sim and rent it out. If they are succesful at all, they are net drains on the SL economy. The financial inputs come from the non owners who rent from the sim owners, paying over the monthly tier which covers the cost of the sim and a profit for the owner.

Now if you chase away the end users, then those sim owners are not going to hold on to their empty sims. They are here to make a profit, and the Lab knows this. They know they have to keep *all* the residents happy, because if people walk away en masse and in disgust, those sim owners are simply not going to hang around.

Of course, zFire has no more clue about economics than he does about Computer Science.

Now here comes the real whopper.

I myself have delisted RZ from the marketplace for a few reasons. Many sales marked as “delivery failed, payment not received” yet the buyer has a brand new RZ unit online. Also because my own vendor system works just fine, without commission fees. But lastly, because I would love to see who claims responsibility on the record for it not being on the market, so that I can make an undeniable point when I relist it.

Get that? Zfire claims his product was not banned, but that he delisted it himself.

Hmm.. I smell the heady aroma of burning pants.

Zfire is not the only liar though. Look we have this from the ever foolish Crackerjack:

Seems an odd train of thought that?
whats going to be killed by the Lindens, as far as I know, Linden Labs is extremely happy with the device and have stated so, many times

No, they have not ever once said they are happy with this product. Not once.

And when zFire claimed they were going to give an endorsement – they banned it from the marketplace.

Someone pass Crackerjack a skirt too. Looks like he is another one who cannot wear pants.

Lies, Damned Lies and ZFire’s Statistics

22 02 2011

I don’t know why ZFire keeps updating stats on his site as they only make him look more and more dishonest.

According to his stats, between 20 February and 22 February, RedZone installations leaped from 20281 to 20647. That is an increase of 366, which is nearly 8 units an hour. Not bad for a product that has been BANNED from the SL Marketplace.

So let’s think. The only place we can buy these devices is at the store in world. That must be quite some traffic on the sim.

So I popped into the sim (which was empty as usual except for the camper that seems to be there all the time some distance away) and I checked the traffic. The traffic was a stunning..er…1367 (which is lower than my homestead). That translates to about 56 avatar minutes per hour.

Did I mention the camper?

So actually there is no evidence that Zfire has received enough traffic to sell even one unit, let alone 8 an hour every hour for 2 days!

Zfire is a fibber. Redzone was installed on about 3% of sims, and the number is going down.

Another Look at RedZone Statistics

17 02 2011

Once again we shine the spotlight on zFire’s dodgy statistics, as he continues to fib with them. His last two sets of statistics published on his site were between 12th and 15th February. Now this is an interesting period because after I published my article “Adventures with RedZone” on 10th February, zFire reacted by breaking all inworld scanners. Literally he placed a break in the PHP back end to prevent scanning. After he rolled out his ill fated 4.1.5 on 13th February, we noted that it was now extremely difficult to get scanned by RedZone, and in support forums it turned out he had broken the “bones” used for remote sensing. 4.1.6 came out shortly after but this fixed the bones by breaking probes. Now we have 4.1.7 but that was released after 15th February, so is irrelevant to these statistics.

So what should we see? Well clearly there should not be many RedZone scans. What does zFire tell us?

Apparently avatar scans reached 9,062,891 – an increase of 149,547. Sure enough, the rate of growth slowed – but surely 150,000 based on survey estimates of just 3% of sims having RedZone seems a bit high considering how hard it is to get scanned these days.

In fact, zFire admits this is a mskey uppy figure lower down on his page. Reacting to criticism of the failure of his system for its purported use of detecting copybots, he annotates his copybots detected figure (upa grand total of 6 in 3 days) by saying this is “Unique CBs vs Non-Unique Total Scans.” Now I don’t believe the copybot figure, because I don’t actually think RedZone can detect copybots at all (unless someone is stupid to compile their client with the User Agent “copybot – please ban me”). Evidence suggests this is in fact simply 6 viewers with estoeric user agents – which would probably have been some of the adventurous readers of this blog, inserting dummy data from web pages outside of SL before zFire managed to insert the break in his PHP code.

Nevertheless his statement is telling, because here zFire admits that the 9 million figure is not actual avatars scanned – it is the number of scan returns he has received at his server.

Prior to everything breaking, Redzone sims scanned people repeatedly, and the most common setting was once every 10 seconds. Even assuming some much lower scan rates on some sims, the average RedZone sim must surely scan avatars a couple of times a minute. That 150,000 scans therefore equates to 25,000 avatar minutes per day using historical scan rates. If the number of RedZone devices is 1000 that would equate to 25 avatar minutes per sim per day. If we go for the upper estimate for the real number of RedZones in use – about 2,500 then that is 10 avatar minutes per sim per day.

That sounds too low right? But remember most RedZones were broken or scanning infrequently or in 96 metre mode in that period. Thus traffic on RedZone sims will average a lot more than 10! But the figures are about what we would expect. redZone has performed 9 million avatar scans, but the number of avatars scanned? That must be much much lower.

Meanwhile zFire continues to count each new rezzed RedZone as a new installation, so apparently his installations jumped by 565 – although in the same period he managed only one customer review on the Marketplace website – and that was a disgruntled customer giving it one star and asking for his money back, because it kept telling him he was the alt of people he did not even know.

How Does Linden Lab Detect Alts?

10 02 2011

zFire writes some more fibs in his forum today:

If you or any of your alts are LL banned from SL, your other accounts are subject to the same.
LL and zRZ Link alts the same way, for the same reason.
If Person A is not the same human as Person X, but one of them later turns out to be a copybot, a computer would think they are the same.
For security reasons this is good. If they know and trust eachother that much and one of them is a CB, it is highly probable that they both are. At the very least one will jump onto the others account as needed. (If they are banned, blocked or need to pick a fight)

[My emphasis]

Now let us get one thing clear at the outset. What zFire here is proposing is the well known ad hominem fallacy known as “guilt by association”. Consider:

Fred is a thief
Mary is Fred’s wife
Therefore Mary is also a thief.

In law, of course, we would not countenance even a prosecution of Mary unless we actually had some evidence that Mary is a thief. Nevertheless this argument often feels instinctively right to shallow thinkers. Let us consider a variation:

Fred is a wife murderer
Mary is Fred’s wife
Therefore Mary is also a wife murderer.

Now that one is obviously wrong. But many people assume that people who know one another must share their morality and ideals. The idea goes against sound reason, psychology of human behaviour, natural justice and, often, common sense. But we won’t disabuse zFire of this idea, so let’s move onto the fib.

Once again zFire tells people that Linden Labs detects alts the same way that he does – through IP address matching. We must sadly leave aside his odd belief in sentient computers (no, zFire, computers do not think anything. We leave the thinking to people). nevertheless he is wrong. Linden Labs know that IP address matching is a terrible way to try to identify alts, and all the evidence I have seen is that they simply do not use it.

Linden Labs are much more clever about what they do. They identify people based on the hardware they use to connect. Not the IP address which gets shared between multiple people who often have little to do with each other. In this way, unlike RedZone, they avoid catastrophes where they would ban entire countries that use shared proxy servers (like RedZone did to the United Arab Emirates).

Specifically, the code in the Second Life clients that authenticates users to the service passes hashed copies (hashing is a type of encoding) of the mac address (media access control, or link layer addresses are used to talk to other equipment on a single network link and differ from IP addresses in that they are usually tied to a specific piece of hardware) and also the identifier on your hard disk. Both pieces of information are passed back to Linden Labs, who record this and thus know who logged into Second Life on your computer.

This works much better than IP address matching because people have literally shared computers if they match in the database. Nevertheless it is not perfect. If someone is banned from SL, and they used your computer, you may be banned too. In such cases, a polite appeal to Linden Labs, offering proof you are not the same person as the banned one has historically proven successful for people so affected (I personally know of two such cases).

For the curious geeks or anyone inclined to disbelieve me, below is a snippet of the second life client code, taken from the lluserauth.cpp file. I have bolded the key sections. Notice how the mac address and host id get wrapped up in the XML authentication packet which is sent to the second life service at login. Linux users looking at this file themselves will see they have an interesting variation.

LLMD5 md5Mac((const unsigned char *)strMac.c_str());
LLMD5 md5HDD((const unsigned char *)strHDD.c_str());

// create the request
XMLRPC_REQUEST request = XMLRPC_RequestNew();
XMLRPC_RequestSetMethodName(request, method.c_str());
XMLRPC_RequestSetRequestType(request, xmlrpc_request_call);
// stuff the parameters
XMLRPC_VALUE params = XMLRPC_CreateVector(NULL, xmlrpc_vector_struct);
XMLRPC_VectorAppendString(params, "first", firstname.c_str(), 0);
XMLRPC_VectorAppendString(params, "last", lastname.c_str(), 0);
XMLRPC_VectorAppendString(params, "web_login_key", web_login_key.getString().c_str(), 0);
XMLRPC_VectorAppendString(params, "start", start.c_str(), 0);
XMLRPC_VectorAppendString(params, "version", gCurrentVersion.c_str(), 0); // Includes channel name
XMLRPC_VectorAppendString(params, "channel", gSavedSettings.getString("VersionChannelName").c_str(), 0);
XMLRPC_VectorAppendString(params, "platform", PLATFORM_STRING, 0);
XMLRPC_VectorAppendString(params, "mac", mac, 0);
// A bit of security through obscurity: id0 is volume_serial
XMLRPC_VectorAppendString(params, "id0", hdd, 0);

Redzone’s Scan Statistics

8 02 2011

Whilst we are looking at zFire’s statistics for zfRedZone, let’s look at his headline “number of people scanned” figure. Today this stands at 8,624,865. Wow that is a lot of people he is scanned.

Or is it?

Because it was less than 14 days ago that this figure stood at 7,833,410. That is an increase of 791,455 scans in under 14 days.

Why am I suspicious? Because whilst I don’t have the data from the last 2 weeks, the number of unique logins in the whole of Second Life in a 14 day period has historically remained very close to 600,000. So if that scan figure is of unique users, not only has Second life enjoyed a bumper fortnight, but every single online resident has been scanned (despite active RedZone scanning happening on only 3% of sims) – and indeed not a single one of them had been scanned before! Wow, Second Life must be bigger than I thought!

So in fact, that cannot be unique people scanned. What is more, as we know there are only in the region of 1,000 active RedZone scanners out there, this increase suggests 791 unique visitors per RedZoned sim in a 2 week period. Frankly that is a lot of sim visitors! As most redZone sims I have seen have been all but empty, some sims must be heaving.

So what is it actually counting?

RedZone sends out multiple scans. Each user who unwittingly has their parcel media exploited by a RedZone device has this done repeatedly. RedZone recommends every 10 seconds or so. What is not clear is whether each of these is counted as a new scan. But it seems likely to me, as the alternatives are:

1. Each sim really does get an average of 791 unique visitors per fortnight. Sorry, I don’t believe that.
2. zFRedZone uses a visit algorithm much like the one used on web site analysis tools, which will count a user as a new scan if they have not been scanned for a period of (say) 30 minutes. This frankly sounds like more trouble than zFire would normally take over his software.

Thus I think he takes the lazy option. In which case this figure is utterly meaningless. The total number of actual people scanned by RedZone is a fraction of this.

Redzone’s Scan Statistics

7 02 2011

Today the zfRedZone site gives the “official” number of Redzone locations as 17480, which is up almost 2068 in a week. If this were a true representation, zFire would have netted income of well in excess of US$ 30,000 last week alone from people wishing to profit from his illegal enterprise. Not a bad income stream.

But I am sorry, I find these figures not just dubious – I believe zFire is downright fibbing about these statistics. Here is why: The last quarter report from Linden labs puts the Second Life world size at as little over 2,000 square kilometres. A sim is 256×256 metres in size, so you get under 16 sims to a square kilometre. Multiply the two figures together and the SL world size is about 32,000 sims.

If we are to believe zFire’s statistics, we should be finding zfRedZone spyware on in excess of 50% of all sims in Second Life[1]. This frankly does not afford with my experience. Most sim owners, in my experience, are honest people and do not make use of spyware.

Thus I decided to conduct a survey. I used a pseudo random number generator to generate coordinates for in excess of 100 sims on the whole grid map. If I chose a location in the sea I reselected with a new coordinate pair. If I could not access a sim, I likewise reselected until I had a list of 100 randomly selected accessible sims[2]. I then visited each sim with parcel media enabled, and flew around each sim for long enough for RedZone to detect me even if it is in 96 metre mode. I collected all attempts to make my client return data to the Redzone database.

Of these 100 random sims, 3 used zfRedzone[3]. That is, based on this survey of 0.3% of the whole Second Life grid, the number of sims running zfRedZone is 3%. Further testing will increase the confidence in this estimate, but it’s a pretty good estimate. Based on 3% of sims running zfRedZone, we would have a figure of under 1,000 locations across the whole grid.

So where does the 17,480 figure come from?

Only zFire knows for sure, but I do not believe he just makes the figure up. My hypothesis is that each time a copy of zfRedZone is rezzed and “armed” it calls home to zFire’s Mac on which he stores the RedZone database. I believe he may count each rez/arming as a new installation, whilst taking no account of old “installations” that have been removed. Thus if someone picks up and re-rezzes their device, this may count as a new installation.

It may also be that upgrades do the same thing, and here we see some evidence for the hypothesis. A new version of RedZone was released this last week with the failed “stealth” mode (it attempted but failed to hide from Greenzone). In the same week, zFire’s installation numbers jumped by over 2,000 (the previous week, new installations only edged up by about 300).

So why the sudden jump in installations? If each upgrade counts as a new installation, and there are about 1,000 RedZone installations out there, if everyone upgraded, we would expect a 1,000 jump in installations in addition to the usual 300 installation churn. We actually see a bit more than that, which indicates either I have slightly underestimated the number of installations out there, or perhaps that sim owners, when upgrading, rez the device more than once. We must of course remember some owners will not have upgraded, but this hypothesis broadly agrees with my survey results.

If there are about 1,000 RedZone installations, the GreenZone project have currently mapped about one third of them. Their map is becoming a seriously useful resource to inform SL users where the spyware is located in Second Life.

It seems unlikely that there are greatly more than 1,000 RedZone installations out there. Only zFire will know for sure. Sadly we cannot rely on him to give us an honest answer

[1] Of course some sims could have more than one copy of RedZone running, as the software can be run on individual parcels, not just whole sims. What the distribution of installations would be is not clear at this stage.

[2] These figures therefore suffer selection bias in that they are true for the population of accessible sims, but not true for inaccessible ones. The avatar I used was not age verified and was denied access from some sims for this reason. It may be the spread of RedZone use is significantly different in inaccessible sims, but I was not too worried by this selection bias at this stage, as I was only looking for a working estimate of RedZone use.

[3] Specifically, 3 sims had installations of RedZone that were actively scanning avatars. Again, it is possible the value is underestimated, as RedZone may have been in other sims but temporarily switched off, or scanning so infrequently that no attempt was made to scan my avatar during the fly through.