Monday, December 31, 2007

Finger pointing

There seems to be a need among some people to always have an enemy to blame for every little thing. Somewhere down the line we've become a culture of finger pointers, and you can see evidence of it all over the place.

I'm referring, in this instance, to Jira Web 382, which in its original form was quite deliberately worded to be finger-pointing. While I have nothing against backing up a proposal with factual information, finger pointing is always subjective. One persons enemy is another persons friend. To say a group of people you don't like is responsible for something that is somehow sinister and conspiracy-theory isn't a seemly way to conduct yourself in a public forum setting.

Unfortunately the shield the internet provides us all makes that kind of thing much easier. You wouldn't go up to a belligerant drunk who is holding a smashed bottle and shout at him for being wrong about something unless you were prepared for him to take a swing at you, because that's exactly what he'd do - but on the internet it's easy to take vicious swipes at someone just because they disagree with you, and for this reason everyone with even the smallest of grievances can cause an escalation of these grievances to sometimes monumental proportions.

In the case of Jira 382 I've apparently become a hostile tribemember who purely wants to get her own way in everything. I've even been referred to (by inferrence) as a Nazi because I'm taking what I see as a stand for what I see as right. Suddenly there are battle lines being drawn, and I'm taking quite vicious fire from people I don't even know. Aside from reading with some amusement, odd comments on the Linden Blog about how Ann O'Toole keeps commenting a lot, I'd never heard of her, and I've never met her. Yet according to her, I'm a Nazi. According to her and Ciaran Laval I'm part of the "cabal" (Prokofy's term) that is involved with this, despite the fact that I've never actually closed a JIRA issue (other than trying to close this one), which you can see from my JIRA profile.

So we get a situation that's gone from factual to hearsay to bitter contention. People aren't researching before they shout their mouths of. If we were all in the same room, I wonder, would that happen? In my RL job I have had to deal with drunks wielding broken bottles, and let me tell you it isn't a situation you really want to be in. But the confrontation is limited to those who can see what's going on - the whole picture - and still want to risk being hurt if they become involved. Not so these internet confrontations, where anybody can - and does - wade in, often far more viciously than they'd ever dream of doing IRL.

I'm sure they get something out of it. They must do, otherwise they wouldn't do it. But it seems a really sad aspect of the internet, reflected in some ways in Second Life that those who would be sitting quietly at their chairs looking the other way in a confrontation, are at the forefront of finger pointing and shouting from the safety of their keyboards on the internet.

Friday, December 28, 2007

Could this be the most reliable form of age verification yet?

I have some of my best ideas while lying in the bath. This one came about as a result of me thinking that if I wanted to start a “mature” MMORPG, how would I go about age verification in such a way that it was the most secure and policeable ever? I then attacked it with two criteria: How would I implement it, and if I was deliberately setting out to abuse it, how would I do so?

And then it came to me.

What I would do would be to make a deal with a telephone service company that provided specialist premium rate numbers. I’d tie my computer system to theirs in a similar but more extensive way that Ebay and Paypal use. The age verification routine on my website would give the person about to go through the check a unique identifying number. It would also feature prominently the warning “CALLING THE AGE VERIFICATION NUMBER WILL COST $5 PLUS APPLICABLE LONG DISTANCE CALL CHARGES. YOU ARE RESPONSIBLE FOR THIS CHARGE, AND BY CALLING THE NUMBER AND PROCEEDING YOU ACCEPT LIABILITY FOR ALL CHARGES RESULTING FROM THIS CALL.”

Here’s the thing. The number it gave me to call and give my identification number that I’d just been given can ONLY be called from a domestic residential landline. It can’t be called from a mobile, and it can’t be called from a public callbox or a business landline. It can only be called from a domestic landline, which, correct me if I’m wrong requires the owner of the landline to be over the age of consent in their country.

So, I call the number, and I enter my code, and I’m age verified. I haven’t passed ANY identifying information that could be abused to any third party, and by verifying that I called from the number at that address, I do provide a method for legitimate law enforcement to track me down should that ever be necessary.

Now here’s the kick. I know you’re all thinking “How does that prevent my 12 year old calling the number?” Well, the answer is, it doesn’t. BUT, when the parent/owner of the bill gets their monthly telephone bill, ONE call costing at least $5 is going to stick out like a sore thumb. What happens if my 12 year old has done this? Here’s part two of my idea.

Say my underage son/daughter has done this, and I get my bill and find out someone made a call to “ age verification” which cost me $5. I contact my phone company, and ask who the hell this is? They do a check their end, and they say “Well, we can’t refund the money, but there IS an abuse line on their record for people who feel that they’ve been the victim of fraudulent use.” I call that number, and register my telephone number, then I go and ground my kid.

My kid throws an almighty sulk, and decides that while grounded they’ll play the mature game. They go to sign on – and their account has been banned. Raising a query about the number automatically results in an account ban for the misusing account. Furthermore, the telephone number is ALSO banned, so when (s)he goes to open a new account and tries to age verify again, the number won’t connect from that landline. Without it connecting, they can’t verify.

I’m not claiming this is foolproof. I don’t know any system that WOULD be foolproof and implementable across the globe. But as far as I know It’s the best I’ve seen to date… I would welcome feedback on this, and if anyone wants to knock the idea around a little, I think this is a firm foundation for a secure method of age verification that doesn’t require giving away potentially illegal information, it would work worldwide, it wouldn’t require very much in the way of equipment to make it work and I recommend this idea to the population!

Saturday, December 22, 2007

It figures

The latest big thing in gaming for virtual world enthusiasts is bringing your avatar to life in the form of a miniature figure. I didn't realise that a company called "Fabjectory" has already been producing Second Life figures for almost a year, so when the news broke that my other favourite virtual world, World of Warcraft, now also had a company producing miniatures I thought this was completely new.

I have to say, I am surprised that Linden Labs didn't link it from their blog. A quick search on the official Linden Blog confirms that no, I didn't miss it, there never was a link about it.

I have to say, though, you can see where business backers and professionalism tell. The Figureprints site is slick, modelled on the WoW site and the quality of their models is fantastic; as you might expect from a company set up by the former VP of Microsoft Gaming. Figureprints got a whopping ONE MILLION hits in the first week to their website, and are now so popular that they actually have to have monthly draws to decide who gets the figures. The figures are manufactured by a 10,000 line script that actually grabs the exact details of the original avatar from Blizzard's studios and renders it in dull grey. It's then hand painted and finished, lacquered, placed in a glass display dome and shipped out to the lucky recipient. Signs are that the other big boys, including Sony Interactive Entertainment are very interested in Figureprints, and looking to get avatars from their world produced too.

Which begs the question, since Fabjectory have already been around for a while - why aren't they getting all the good press? Chances are it's at least partially down to their presentation. Fabjectory meet your avatar within SL and take pictures and measurements, dimensions and details required to make your avatar from scratch. They save the time in the print process, by having the miniature made from coloured materials, but the end result isn't as pretty and they also charge substantially more if you have a complex avatar. My normal wood elf avatar in Second Life would cost around $99, but my furry complex werehouse avatar would cost quite a bit more because of its complexity and detail. In comparison, Figureprints charge a flat $95.

I can speculate that Figureprints also have a much better, newer, next generation printer than Fabjectory (four of them, in fact, each costing $50,000) and this is also bound to influence the quality of the finished figure. While I'd like to see a Fabjectory model "in the flesh" so to speak, a quick youtube search doesn't turn up any hits, which again would probably decrease their marketing traffic.

By contrast, look at this guys jaw drop when he sees his WoW figure. While I'm already in the draw for a Figureprints WoW figure, I think I'll give Fabjectory a miss...

Wednesday, December 12, 2007

Cory Linden leaving: could this result in a viable rival to Second Life?

With official confirmation that the Chief Technical Officer of Linden Labs, Cory Ondrejka (a.k.a. Cory Linden, the Spaghetti Monster) is leaving the company at the end of the year, this has the potential to have serious repercussions to Second Life.

I can't help but wonder if Cory and Phillip have had a falling out over Age Verification. There have got to be some Lindens who think that going against the wishes of the majority of Residents is a seriously bad idea, and when Cory joined the fledgling team (he was the fourth ever employee to join Linden Labs) back in 2000, the emphasis was on a company that interacted with its userbase, something that has lessened increasingly in the past year, first of all with Lindens being able to make their online status hidden, then with contact directly with Lindens being removed via the live help vanishing, and now with them being unwilling to listen to their userbase over age verification.

Which begs the question, since Cory did a LOT of the coding for SL (he also wrote the LSL) - what will he do now, and is it likely he will join a company, or even found one himself, that produces a rival to Second Life? Certainly he's got the technical know how to do that, and maybe even develop something better starting again from scratch, because part of the reason he coined the term Spaghetti Monster was that the coding for SL was becoming so twisted and difficult to follow that a bug wasn't easy to find and eliminate purely because the code of the monster was no longer simple and neat.

I've said all along that in my opinion, Age Verification when it's made mandatory could conceivably destroy Second Life. Cory, who has always been an advocate of the Open Sourcing of Second Life, may already be planning to make his own version of it, and if he does AND leaves out Age Verification... well, a few years down the road it might be HIM that's the CEO of the successful company, him doing the hiring and firing while the memory of Linden Labs is consigned to computing history and an article on Wikipedia.

Watch out for Cory Ondrejka. He might be leaving Linden Labs, but I really doubt very strongly that this is the last Second Life residents will here of him.

GOOD LUCK WITH THE FUTURE, CORY!

Monday, December 10, 2007

Robin Linden confirms today, what Daniel Linden said a while back.

Taken from today's post, written by Robin Linden:

Voluntary Status
As currently implemented, age verification and parcel flagging to create adults-only restricted areas rely completely on voluntary participation. However, there is no assurance that either feature will always be voluntary for all Second Life Residents. It’s possible, for example, that we could be required at some point to make one of these features mandatory for the citizens of a specific country. Should that happen, we will do everything we can to provide maximum advance warning.


This echoes Daniel Linden's position from way back, that they'd make Age Verification mandatory across the board if they felt self-regulation had failed.

From Aristotle/Integrities point of view, this is an absolute goldmine. They collect a huge amount of new information, then if at some point LL goes bust they're free to do whatever they want because of the clause in the ToS that says in the event of LL's bankruptcy, there will be no liability for misuse of any data collected during SL's existence.

I may be a little paranoid, but I can actually picture Aristotle being poised to make a grab for ALL the data for a sum of money, in the event Linden Labs goes into receivership. From their point of view, it's a win-win situation.

Hat tip also to Nika Talaj, who points out:

May 2007:“[10:12] Daniel Linden: it’s vaulted to provided a government-required audit trail for two years, but neither Linden or Integrity can access that data unless an audit is initiated.”

Which is essentially my beef with them about the PATRIOT act. They HAVE to store this data. Just dumping it is against the law. You can't claim that just because it's 'sealed in a vault' it doesn't exist. Either it's being retained or it's not, and by the PATRIOT act's requirements it has got to be retained, for two years. Vaults can be cracked. A lot can happen in two years. We've been lied to a LOT by Linden Labs over this. Our details will be retained for two years, as is the law where Linden Labs is.

Sorry, but no. This won't work voluntarily, at which point they'll make it mandatory. Then push will come to shove, and those who are serious in their threat to leave - myself included - will do so. At that point, either LL will survive, or it will fold. If it folds, I'm betting Aristotle will get all the data that's ever been held by Linden Labs in whatever form, and hold a bidding party over who gets it first.

This isn't the way to treat your customers, Linden Labs.

Saturday, December 8, 2007

Here it is - confirmation that Age Verifcation WILL be mandatory

"In the event we encounter abuses of self-regulation, Second Life may have to require age-verification throughout the world."


Thus saith Daniel Linden. And it's the first clue that Age Verification WILL become mandatory. HAVE to require, not keep optional. Just like when Linden Labs first said "We are considering a method of Age Verification using a third party" they didn't mean 'we are considering', they meant 'we are going to do this'.

Age Verification argument rages on

There seems to be three camps developing among residents with reference to age verification.

The first want it, have done it (or not, depending on whether Integrity actually has their information) and are annoyed at everyone else who doesn't want it.

The second is those who are generally okay with it. These are normally non-US residents whose only reservation is whether or not they are breaking the privacy laws in their own countries. More often than not, the age verification process fails for them anyway, but they're willing to try it.

The third camp is the one that I - and the vast majority of Residents - are in. That is, we don't want it, we won't use it, we won't flag our land and we'll inform relevant authorities where we see breaches of the law. In my case, since I live in Canada, I don't break the law if I voluntarily give my Social Insurance Number (SIN) to Linden Labs or Integrity, BUT, if I choose not to, Linden Labs DO break the law in Canada the moment that they deny me access to something on the grounds I haven't given my SIN number to them.

A pattern is beginning to emerge about Integrity's database. A number of people have failed to verify with their current data, but have managed to verify with data several years out of date. This indicates that Integrity are gathering public records to add to their database, but these records are often out of date. In the UK, for example, they buy data from the credit check company Equifax (which performs credit checks on consumers) however, Equifax only have data about those who have applied for credit in one form or another, or who have home facilities. Take my 42 year old brother, a sad individual who still lives with his parents. He's never applied for a credit card, hasn't bothered to tell the Driver and Vehicle Licensing Agency the last three or four times he's moved house, doesn't bother with bank accounts (he lives off welfare, cashing his cheque every two weeks at a post office who know him and never bother to ask for ID) - He wouldn't be on Equifax's database. He holds a driving license and passport, but has never had the internet at home. He is on the electoral roll, but the list that is not available to the general public (only available to government bodies).

As a test, I asked him to try age verification. Surprise surprise, it failed, despite the fact that the data he provided was correct. However, what was most interesting was he provided state information (passport number and driving license) - which would NOT normally be available to anyone but the UK government. It wasn't in Integrity's database. Which leads me to have serious doubts that their claims their data is taken from governments worldwide is genuine.

To me, Integrity has always seemed like a data mining company, that gets its profits by acquiring tiny pieces of the huge jigsaw that is a persons life, putting those pieces together and selling the completed picture for far more than the individual pieces cost. By age verifying, what a person actually does is to alert Integrity to their existence. Nobody has been able to find a privacy policy for Integrity, but my guess is that it's something like the policy for facebook; by providing them with ANY information, you expressly authorise them to collect any and all information they can about you, including but not limited to, credit card data, bank data, address data, religion, voting preference, membership of clubs etc etc. In other words, anyone trying to age verify with Linden Labs systems, whether they pass or fail, is actually authorising Integrity to start data mining on them. Again, this IS only my guess, but until someone can find a privacy policy I'm standing by this opinion, bearing in mind the discovery that it was indeed the case for Facebook.

And this is what makes it dangerous. Particularly the section in Linden Labs own terms of service, that states in the event of bankruptcy, Linden Labs can no longer be held responsible for anything done with ANY data collected by the Second Life system. Linden Labs remains completely silent on the questions being thrown at them by residents along the lines of "What guarantee do WE have that your third party company (Integrity) won't misuse or sell our information." And the answer to that is simple. None at all.

Looking at it from a legal point of view, a resident makes a contract with Linden Labs when they sign up, for the provision of a service called "Second Life" in return for complying honestly with their terms of service (it's far more complicated than this, of course, but this is what it boils down to in its simplest form) - This means that the resident, as a consumer, and Linden Labs, as a service provider, can hold one another liable in the event that one breaks the conditions. As it's part of the terms of service that users of the adult grid are over 18, anyone who isn't and uses the service is in breach from the moment they log in for the first time. Bringing a third party into it, however, muddies the waters.

Since a resident has not agreed to anything with this third party, there is no contract, and nothing to regulate the residents behaviour toward the third party or the third parties use of any collected residents data. Effectively what this means is a resident is perfectly at liberty to be totally dishonest with the third party, because there's no agreement to stick to, but it also means the third party is equally at liberty to do whatever the hell it wants with whatever data it does get provided. No agreement, no contract, no protection.

Some Residents will sign up to age verification right away (and indeed, some already have). Some will be willing to sign up when the database is more complete and they're likely to be on it. Most will refuse point blank to give this data. When push comes to shove, and it becomes mandatory, Linden Labs will risk their existence as a corporate entity on getting enough people to use the system. Ultimately, if enough rebel and leave, the costs of running Second Life will rapidly overtake the revenue - at which point, bye bye Linden Labs.

In closing, try this for a bit of fun. I created a facebook based on my best friend from school's details, except in the facebook account she lives in Canada, has a much more glamorous job, is a member of a number of respectable organisations and is most definately over 18. I created this facebook account when Age Verification was first being discussed for Second Life, so it's a over six months old now. Using a fictitious Ontario driving license number and a fictitious passport number, both authentic in the layout of their numbers and special characters, I tried to take her through Age Verification, using the same details with Integrity as I had put on her Facebook profile - and passed, proving that one of Integrity's sources is indeed facebook. The only problem with this is - she doesn't actually exist as a Canadian citizen, and her birthdate as given in her facebook account is one day wrong from her actual birthdate. Also, her address is the middle of a cemetery, but the postcode and street number do exist.

She's now verified. The thing is, she doesn't actually exist (with the details I provided to Integrity) so she should not have passed the age verification. I'm betting somewhere there's a very puzzled computer failing miserably to put together the missing pieces on her. This just shows how much of a sham Integrity's system is, and in my mind vilifies my position: I'm not using this system, ever, and if it gets made mandatory, I'll say goodbye to Second Life.

Wednesday, December 5, 2007

Another nail in the coffin

The storm has once again broken out on the official Linden Blog with the announcement that age verification will be introduced with viewer version 1.18. Predictably, Linden Labs have released this well before it's ready (as usual) and there are a mass of problems with it, even if you don't count the fact that the actual age verification system doesn't work.

Firstly they've bought a registered digital certificate with their entire domain in it, which isn't accepted by most modern browsers. Firefox in particular refuses to take "secondlife.com" as valid when it's visiting a site where some of the features in a page are secure and some are not. The result of this is that Firefox displays a warning that the certificate may not be genuine, because some of the content comes from http: and some comes from https: - users aren't told by the browser what the difficulty is, only that the certificate is not fully valid to cover the page that is being loaded, but this is the page that they are being asked to put their personally identifiable information on - not a good sign.

Secondly, it's illegal in some countries to provide this information, and this means that even if someone does so it can't legally be verified. Aristotle/Integrity will add it to their database, but they have no means of verifying it. Although they claim to have data from all over the world, I do seriously have doubts about the legality of verifying such data.

Thirdly, 90% of Second Life users DO NOT WANT THIS. Some - myself included - won't be able to verify anyway, due to things like only just having emigrated from one country to another. When I came to Canada, I gave my UK license to the Ontario ministry of transportation, who then issued me with a driving license number in Ontario - but if you cross reference my driving license with any other database, you won't find a match, because as of yet I still don't have a Canadian passport. So you can't check my Canadian driving license against my UK passport because they don't share that information, and you can't verify my UK license against my UK passport because my UK license has been canceled due to having an Ontario license instead. So even if I wanted to do this, I'd fail the procedure, and several people have already responded to the Linden Blog posting with tales of woe about using genuine details and being declined.

This will kill Second Life off. It's going to be the final nail in the coffin. As sim owners are threatened with banning for not marking their entire sims as "adult" just because one vendor, somewhere on their sim, sells a prim-penis or cage, so the revenue from these land owners will die. As organizations like CARP can't raise their tier because half their members no longer play owing to either being against age verification altogether, or unable to verify - so those sims will also vanish because their owners can't afford to pay tier. Newcomers to Second Life will be asked to age verify immediately or threatened that they can't see some content, and either they'll refuse to verify and not sign up, or they'll fail verification and not sign up, so the new revenue stream will dry up.

Seriously, Linden Labs, you could achieve a much better method of disclaiming responsibility for underage misuse of the grid if you made everyone type a declaration manually into a textbox. Something along the lines of "I hereby certify that I am the account holder, over the legal age of consent in my country, and absolve Linden Labs and all their employees and representatives of responsibility for any actions that I may engage in when linked to this service." Granted you couldn't sign it, but if anyone accused Linden Labs of letting underage users in, what's the difference between someone typing that sentence into a box and someone providing details when you can't see that person? How does a child with their parents driving license and a child entering this paragraph differ?

Age verification cannot work over the internet. Not with the current technology. Maybe in years to come when everybodies details are on computer, and you can verify yourself by fingerprint, retina scan or facial scan, then there would be a foolproof way of making sure that an internet user was who they say they are, but that time isn't yet, and probably won't be for at least a decade. Even then it will be America, Canada, the UK and other such countries that will get it first, with other countries lagging behind by many years if not decades.

In the meantime, Linden Labs just banged another huge nail into the coffin that Second Life is destined to be buried in.

UPDATE: Take a look at this site, published by the Government of Canada - it proves that what Linden Labs is asking for is NOT something the Canadian Government agrees with:

The Personal Information Protection and Electronic Documents Act (PIPEDA) sets out ground rules for how private sector organizations may collect, use or disclose personal information in the course of commercial activities.

Since January 1, 2001, the Act applied to personal information about customers or employees that is collected, used or disclosed by the federally-regulated sector in the course of commercial activities. It also applies to information that is sold across provincial and territorial boundaries. As of January 1, 2004, the Act covers the collection, use and disclosure of personal information in the course of any commercial activity within a province, including provincially-regulated organizations, except in provinces that have enacted legislation that is deemed to be substantially similar to the federal law.

Under the new law, organizations like banks, telecommunications companies and airlines cannot require you to consent to the collection, use or disclosure of your personal information unless it is required for a specific and legitimate purpose.

This means that unless an organization can demonstrate that your SIN is required by law, or that no alternative identifier would suffice to complete the transaction, you cannot be denied a product or service on the grounds of your refusal to provide your SIN.

In other words, if Linden Labs refuse me access to a SIM on the grounds I won't provide my Social Insurance Number to them, they are committing an offense by Canadian law. And why is it so important?

Computer technology makes it possible to use the SIN to find and match your information from one database to another; without your knowledge, a detailed profile could be drawn about you. This amounts to "data surveillance" or monitoring of your daily life, which can pose a serious threat to our privacy and autonomy.


I don't see why other countries wouldn't have similar legislature.

Friday, November 23, 2007

Fancy a new viewer?

It hasn't taken long for the open source community to rip the Second Life viewer to bits and learn how to modify or even delete the bits they don't want.

Nowhere is this more evident than the BDSM community. Marine Kelley's new viewer is a variant that works with scripts available for free from her shop, designed to compliment her existing range of, erm, toys. The viewer reacts to the scripts by removing items from the menus and pie menu that appear when you right click the avatar. It's aimed at "hardcore" BDSM players (though how you can be hardcore when it's your pixellated avatar that's getting the whipping, not you) who want that little bit more realism. Drop the script into a ballgag, and you can't speak through that ballgag on the open channel. Not 'can't speak by mistake', but viewer-enforced can't speak at all. Drop the script in a set of cuffs or other restraints, and the "detach from avatar" options all vanish. If you get locked in, you're locked in, and you can't get out from this viewer.

It's an interesting new development, certainly far from anything Phillip Rosendale ever dreamed, and I can see similar developments coming in the not too distant future. Just today the furry community was polling its membership about disabling scripting and building to anyone outside their group; the next logical development from that might be a viewer that has an identification string that an in-world item can ask for, and sends home anyone that doesn't have the FurLife Viewer. I can see it coming, and it wouldn't be too hard to do.

Of course, this makes a mockery of age verification, since viewers will be able to ignore parcel flags, which makes you wonder why Linden Labs are still talking to Integrity at all. More ominously groups might be able to use it to keep themselves underground and away from the prying eyes of law enforcement, but that's technology for you.

The pandora's box of Open Source Second Life has been opened. I wait with interest to see what it lets out!

Friday, November 9, 2007

Prokovy goes off on one again

It's been interesting from time to time to see what recognized antagonizer Prokovy Neva thinks of various things going on in Second Life, but even I was surprised by her rant about the Agelock system I talked about in my last blog entry.

His [Benjamin Sycophanske, a favourite ranting target] latest gushing excess is of a new ugly and vicious system called AGELOCK. I'm not surprised that this awful new invention on the SL landscape comes from Allana Dion and Jamie David, as we know from long, long exposure to their manipulations, power-plays, and shenanigans on the old official LL forums, Second Citizen, and on this blog, that they are hugely aggressive and persistent.


When I spoke to Jamie David initially about Agelock, he seemed pretty proud of it but definately didn't come across to me as 'aggressive'

So a list of adult consumers with their avatar names and RL birthdates will be in the hands of one of the most aggressive and persistently nasty BDSM types in Second Life. Maybe the BDSM community won't care -- they like abuse, and maybe even this kind of RL abuse of their privacy. But as it spreads, and begins to be used by any club, or any rental, or anybody who just wants to be free from the plague of kids harassing and griefing you, it could become the device of choice, as it advertises being "better" than Integrity by not taking your RL name and drivers' license or Social Security number.

Hey, give me Integrity *any day of the week*. They are a real-life registered company with a business reputation and a bottom line to fulfill and a board of trustees. If I fear they've abused my trust in taking my info, I can protest -- with lawyers, by getting Congress involved, by getting the media on it. I can't do that with these anonymous avatars in Second Life!


And this seems to be the crux of the matter. What the extremely long rant boils down to are two essential points:

1. Nobody should touch this because it doesn't have the official "Prokovy Neva seal of approval" - mainly because she doesn't seem to like the authors, rather that whether the idea of the agelock system has merit or not.

2. Because Prokovy Neva trusts Integrity/Aristotle, so should everyone else.

With the latter part of her comment, I actually laughed when I read the part about complaining to congress. Integrity/Aristotle provide detailed information to congress, why the hell would they take any notice of someone's complaints?

Let's take this extreme example of how the information that Integrity collects could be harmful in the real world, and I have SPECIFICALLY steered clear of politics in this so that Prokovy has no excuse to label me a "lefty".

Let's says that I've given my detailed information to Integrity for age verification. They put it all on their database. But let's face it, Integrity is a data mining company - that's what they do, that's how they earn their money. So without telling me, what's to stop them also collecting information from second life that would be freely available, such as the groups that I'm in.

So for arguments sake let's say they do that, and find that I'm a member of a BDSM group in SL. That information then also goes down not only against my avatar name, but against my real life name.

Now in this little fictitious scenario, a BDSM hack magazine comes to Integrity hoping to drum up business, and buys a list of people who are members of BDSM groups. Shortly afterwards, editors are found to be peddling paedophilia, the place is raided by the police and FBI and gets shut down. In the raid their computers get confiscated, and subsequently datasearched. Now the legitimate law enforcement agencies find my RL details on the computers and suddenly I'm a suspect. Not only that but when I try to get a job that requires a background check, this gets flagged up and I'm turned down, and I don't even know the reason why.

Now, in this case the law enforcement agencies have got hold of my details doing their legitimate work - but those details should never have been there. I didn't give Integrity permission to resell those details, or our fictitious magazine permission to buy and use them. ALL of that happened behind my back.

And this is my main sticking point with the Integrity/Aristotle scenario. I agree with Prokovy to a point, that the government wouldn't need to buy that information off me because they already have access to it, but it's not the government I'm worried about. This is the flaw in Prokovy's main argument, because she claims this as a reason Integrity should be trusted. It's Integrity selling my details to anyone who comes up with the right amount of cash that is the major concern, not whether the government gives a crap about the details (because chances are, they don't).

Which is why alternatives need to be found. I've already said I don't think Linden Labs will go for this, but we do need some viable alternatives if we're going to stop them using Integrity. And I'd far prefer if the proverbial genie gets out of the bottle, all a company being able to harvest is "Untameable Wildcat claims she's over 18 and claims this as her birthdate" than detailed information that also contains RL details being available to the highest bidder.

Friday, November 2, 2007

Age Verification - The Residents Strike Back

Walking around SL earlier on I was given an item by an anti age-verification group I'm a member in. The item is called Agelock, and it works by combining a security orb type script with an offsite reference script.

Visitors to land with Agelock running on it will have their names scanned against a database Agelock keep, which contains just three pieces of information about an avatar. Their name, their date of birth and the magical checkbox they've agreed to check that says "Yes, I'm over 18." If they refuse to give this information, they'll be asked to leave. If they haven't left within two minutes the security orb part of the script will cut in and eject them using the teleport home option.

This again shifts responsibility to the individual avatar, rather than the land owner, and asks for nothing more than the same kind of "good faith" agreement that has been held binding for viewing adult content sites on the web.

As such, I think it's a good idea. I also think that Linden Labs won't go for it. Or at least won't abandon their own plans to use Aristotle/Integrity for age verification.

And I do still have a real issue with Aristotle/Integrity. For a start, I can see a million ways I could cheat the system. I hold a photocard license within Canada, but because of a change of address I actually have two licenses. And when they changed my address they failed to put the correct information on the new address, but since misaddressed mail gets put on the windowsill in my apartment block to be sent back in bulk by management, I still picked up the new license even though the details on it are wrong.

According to their site, the information required in Canada is first name, last name, date of birth, postcode and telephone number. Well, let's see now. I can go out to a store, buy a prepay phone and give false details to activate it, so that's no proof. I can make up a first name and last name, so that's no proof, and as long as my DOB is convincing how do they check it? As well, since I recently moved and could quite easily use my old postcode (even assuming I didn't use the net to look up a valid postcode and use that) so those details could be false too.

Which essentially leaves them with the checkbox that I effectively ticked when I agreed that yes, I was over 18 so they could go ahead and verify me. All the other details might be false. What kid do YOU know that can't worm that information out of an adult given the opportunity?

What I AM providing with the Aristotle/Integrity method is statistics for them to sell to political entities, who could use them anyway they damn well please. All I'm effectively doing for Linden Labs is allowing someone else to say "She's telling the truth" - which itself, to me, implies that Linden Labs by default will assume I'm a liar, this despite the fact that they have my credit card information and have successfully billed it in the past.

There is effectively no difference in the information Agelock is asking and the information Aristotle is asking, except Aristotle ask for much more information and advertise that they collect this specifically to sell to political entities. I would be extremely surprised if with my recent immigration and the chaos that the lost paperwork entailed, Aristotle/Integrity could get a perfect answer on me... but I'm certainly not willing to give them an opportunity to then sell that information to the highest political bidder.

To close, let me link a video that is actually published by Integrity for the purposes of drumming up business selling the information they are planning to use Linden Labs to collect. It's quite frightening just how much they are prepared to pimp out the information they get.

Agelock is a nice system, but I can't see LL using it. Integrity is not. Judge for yourself if you think your information is safe with them.

Thursday, November 1, 2007

Still alive / pet peeves

Yes, sorry about that folks, but I'm still here.

And I finally got my email working again. You can email me at my first name @ e-c-t.ca - there, spammers, try and work THAT one out! This does mean, of course, that you NEED my first name to send me email... but then those that know me, know what it is.

I was talking to someone in SL earlier on today, and they asked me my one biggest peeve about other people in SL. I had to think about it for a time, but I did find something jumped out and hit me.

As those of you who know me realise, I am a roleplayer. I consider myself a good one, too. Which made me thought of something that always makes me role my eyes. I've never understood it.

Why some roleplayers seem to NEVER use the /me command.

MSN has it. Second Life has it. Hell, even the parlour chatroom has it. Most IM'ers use it without a second thought, especially if they've used IRC at all. I use it all the time, finding that it adds more (IMHO) to a roleplaying scene to see "Untameable Wildcat looks surprised" Than "Name: I look surprised" To me, that breaks the realism of the scene. When I'm on SL I like to some extend to BE Untameable Wildcat. She's a reflection of my Geminiic personality and therefore fun to play... so why - and this seems especially true for guys who want sex - do people lack the ability to use the /me command?

In the old days of paper and pencil roleplay, admittedly one had to use the first person when they spoke to the GM about their character - but this is the internet, it's kind of more advanced... surely if you can work out how to sit on a poseball, you can work out how to use the /me command and talk in the third person. It ain't rocket science. Being able to pose realistically in text, not just with poseballs should be a fundamental part of good roleplaying. You should master it if you're going to call yourself a roleplayer. Not doing so is my pet peeve of the month.

Thursday, August 2, 2007

It's live, and its... broken

Voice Chat is now live in SL.

It recognizes the existence of my Logitech USB microphone on my XP-running desktop, but doesn't seem able to use it. I click to test and nothing. Completely dead. I've checked that it's the default input device in control panel, and I know it works because Skype is quite happy with it... but SL doesn't work with it at all.

My bang up to date laptop came with Vista (ugh) - guess what... SL's voice chat doesn't work with that either. I know for a FACT that this works, because Teamspeak - which I use for World of Warcraft - is happy with both systems.

So well done again Linden Labs. You know a feature is live when it's broken.

Monday, July 30, 2007

Scenes from something resembling real life...

So there I was, at the Tim Horton's coffee shop, sitting at the table drinking coffee and leaching off the nearby Wifi hotspot.

The staff couldn't quite believe their eyes.

Real me
Sitting in a real Tim Hortons
Drinking Real Coffee

looking at a laptop where
Virtual me
was sitting in a virtual Tim Hortons
drinking virtual coffee.

Wednesday, July 25, 2007

Vote for my bug!

Please vote for this bug in the SL Jira

The other day when SL was experiencing major problems due to the power outage problems that happened in their area, I lost something from my inventory which originally cost me in total, around L$2,500 (including the additional scripts)

The problem occurred because the item was set nocopy, a not uncommon occurrence when you buy something from a vendor, and it occurs because of the way SL deals with rezzing items.

Currently, when you drag an item from your inventory into the world, SL removes the item (if it's nocopy) or a copy of the item (if it's not nocopy) from your inventory, then it attempts to rez that item inworld. The difficulty comes when the asset server is on the fritz, because then the error "failed to rez item" is dealt with after the item has been removed from your inventory. If that item was nocopy, then it is lost. Permanently.

If LL (or an enterprising open source programmer) were to change this around so that errors rezzing the item in world are checked for before the item or copy of the item is removed from the avatar's inventory, and if an error is detected abort removing it from the inventory, then people would not suffer inventory loss in this way.

Simple perhaps... but it doesn't appear to have been thought of. Please go to the Jira using the link above (you may need to use your SL avatar name to log in) and use the voting link on the lower left of your screen to vote for this issue to be resolved.

Thank you.

Sunday, June 3, 2007

Where does the line get drawn?

On Thursday after normal office hours, Daniel Linden posted the following:


The diversity of things to see and do within Second Life is almost unimaginable, but our community has made it clear to us that certain types of content and activity are simply not acceptable in any form. Real-life images, avatar portrayals, and other depiction of sexual or lewd acts involving or appearing to involve children or minors; real-life images, avatar portrayals, and other depictions of sexual violence including rape, real-life images, avatar portrayals, and other depictions of extreme or graphic violence, and other broadly offensive content are never allowed or tolerated within Second Life.

Please help us to keep Second Life a safe and welcoming space by continuing to notify Linden Lab about locations in-world that are violating our Community Standards regarding broadly offensive and potentially illegal content. Our team monitors such notification 24-hours a day, seven-days a week. Individuals and groups promoting or providing such content and activities will be swiftly met with a variety of sanctions, including termination of accounts, closure of groups, removal of content, and loss of land. It’s up to all of us to make sure Second Life remains a safe and welcoming haven of creativity and social vision.


This makes a disturbing ambiguity which really needs to be closed up. Especially worrying is his term "other broadly offensive content" which is neither defined nor elaborated on. Who defines what is "broadly offensive" and what is not, and where do Linden Labs stand on such a matter? If the owner of a banline using plot of land or sim decides that nude pictures of his avatar in compromising situations with another avatar is fine, or a picture of a nude real life model is fine, where do Linden Labs stand if someone disables their camera constraints to look into the sim and reports the content?

I'd very much like Daniel Linden - or any other responsible Linden - to say who would be responsible and what action might be taken under the following circumstances.
  1. Open land, no group, no banlines. The land owner places a large image taken from the internet of two nude adults engaged in a sexual act. Is this unacceptable and if so, who gets punished and what would be the punishment? (I figured I'd start off with an easy one)
  2. Open land, no group, no banlines. A visiting avatar places a large image taken from the internet of two nude adults engaged in a sexual act. Is this unacceptable and if so, who gets punished and what would be the punishment?
  3. Group land, banlines for anyone not in the group. The land owner places a large image taken from the internet of two nude adults engaged in a sexual act. Is this unacceptable and if so, who gets punished and what would be the punishment?
  4. Group land, banlines for anyone not in the group. A Group Member places a large image taken from the internet of two nude adults engaged in a sexual act. Is this unacceptable and if so, who gets punished and what would be the punishment?
  5. A shopping mall, with an item vendor selling a BDSM item. The vendor has an image of a furry or human avatar trapped within the item, portrayed in an obviously uncomfortable or painful position. Does the owner of the vendor commit an offense meriting punishment? Does the owner of the mall also commit an offense for not returning the vendor? Could either be banned over it?
  6. Open sim, free to join group, privately owned island. A visiting avatar leaves a prim decorated with underage sexual images, but sets it to group ownership so that it won't be autoreturned. Would just the avatar concerned be subject to action, or would the island sim owner also be subject to action for not discovering and returning the item?
  7. This one's a doozy. Open sim, free to join group, privately owned island. A visiting avatar leaves prims containing explicit pictures of children being raped or tortured while the owner of the island/sim is away (on vacation for example). The content is reported to Linden Labs who then pass the blame to the sim owner and send an email instructing him to remove the content and/or ban the avatar that placed it. The owner, being on vacation and therefore not receiving the email, fails to comply. Would the owner return from vacation to find that their account had been closed, their land and possessions seized and their machine hash-blocked?
You can see from these few examples that there is no proper line that has been drawn by Linden Labs about what is "broadly offensive" and who exactly has to take responsibility for it. One thing is for sure, and that is that Linden Labs themselves don't want to be the sole responsible party - but where does the line get drawn? In a civilization specializing in shifting blame to other parties, would innocent accounts not responsible for the placing of "broadly offensive" content be as guilty as those actually placing the content? And are Linden Labs simply giving a free pass to anyone with a grudge against someone to pop over to that persons land, on a fake free account, and placing "broadly offensive" content so that he or she can get the person they hate banned?

Daniel, if you're going to ask the community for help, you're going to have to be far more specific about "broadly offensive" content; what it means, what it includes and excludes, and who will be to blame when it gets discovered. Yes, we all must play a part in keeping Second Life safe, but this isn't the way to inspire confidence. Don't be surprised when people don't use it for fear that they too might be warned or banned.

Friday, June 1, 2007

The discount that costs more than the original

So in preparation for voice being introduced to Second Life, they've partnered with a company to sell headsets, and are offering this "discount" deal costing a mere $80. One should note two things here, however. Number one is that this is the "featured" headset, meaning it's the most expensive, the one they'd love you to buy. If you click the "Selected Headsets" link, there are cheaper offers. Number two is that you can buy it a LOT cheaper elsewhere.

Let's look at some figures. All of the figures don't include postage and packing, but I have no reason to believe that the prices of other stores are vastly different.

The "discount" store has the Plantronics Audio 450 Portable PC Headset priced at $23.42 The cheapest I could find this for was actually from Hewlett Packard's store, where it was $17.28 - no sign of a discount here.

The next most expensive is the Plantronics Audio 370 at $36.82 - ZipZoomFly.com were cheapest for this one, at $28.50; again, no genuine discount in sight here.

Next up we have the Plantronics Audio 510 USB Headset: "Discount" price from Linden's partner: $46.87 - so what price can I get it for with a quick google search? $35.68 from TheNerds.net - three nil down.

Their next most expensive headset is the Plantronics DSP-400 PC Headset weighing in at a hefty $53.57 from the "discount" partner of Linden Labs. Best price I could find? $36.90 from Techonweb.com - can we make it a full house?

Apparently we can. As previously mentioned the "feature" - read "most expensive" - headset is the Plantronics Audio 550 Binaural USB Headset with DSP at a stonking $80.37. Quick search on that one and Mwave.com are the cheapest, at $51.91 nearly $30 cheaper than the "discount" offer from Linden Labs.

So I have to ask, Linden Labs - Where the hell is the discount you (or rather your partner) is promising? Every single headset they're selling is not discounted, it's actually more expensive than other retailers, in some cases nearly $30 more expensive.

This is false advertising. There's no discount. There's a backhander. We're being ripped off. And then they want to us to trust their choice of "honest" companies with Integrity for age verification?

No thanks!

Monday, May 28, 2007

The strangest IM Conversation to date

So here I am outside the Avalon ballroom, in my purple dress when this guy walks up. He's on a free account, 14 days old. After a few moments, which I'm assuming was when he looked at my profile, he IM's me as follows:

[16:38] ** OTHER AVATAR **: HI SWEET
[16:39] Untameable Wildcat: Hello
[16:39] ** OTHER AVATAR **: HOW ARE U HUH?
[16:40] Untameable Wildcat: good thanks. Yourself?
[16:40] ** OTHER AVATAR **: I CAN LICK YOUR PUSSY IF U WANT
[16:40] ** OTHER AVATAR **: DO U WANT?
[16:40] ** OTHER AVATAR **: please let me lick your pussy
[16:41] ** OTHER AVATAR **: ???
[16:41] ** OTHER AVATAR **: huh
[16:41] Untameable Wildcat: I will switch it on for you
[16:41] ** OTHER AVATAR **: eh?

At this point in the proceedings I changed from my elven avatar in her pretty royal purple ballroom gown and masquerade mask, to my tabby cat avatar resplendent in biker leathers.

[16:41] ** OTHER AVATAR **: wow
[16:42] Untameable Wildcat: There you go... my pussy. Lick away :)
[16:42] ** OTHER AVATAR **: ma vaffanculo.....merda

And strangely enough that's the last I heard from him.

(according to google, his last comment was "Fuck you... shit") - I assure you, the feeling is mutual. Following Linden Labs guidelines I've removed his name before posting the conversation, to assure Vesper Jacobus' anonymity.

Monday, May 21, 2007

The contract is signed

Reuters are reporting that the contract between Integrity and Linden Labs was signed last Thursday. Effectively this means that time is up for suggesting alternative methods for age verification, and that Linden Labs haven't listened to us at all.

It remains to be seen how long it remains optional to give these details. In my many years of experience, I've seen it happen time and time again that something is introduced - normally for political reasons - as "optional" but has strings attached that really mean "mandatory". UK Identity Cards are a prime example. When the scheme starts, it will indeed be optional. Citizens will be able to decline an ID card - but what they have been hushing up as much as possible is small print in the legislation that states if you don't have an ID card, you have to surrender your passport. So if you ever want to travel, the ID card isn't optional, since possession of a passport will be dependent on "opting in" to have one.

Where, one wonders, do Linden Labs intend this Age Verification thing to go? What are the strings they're going to attach to it? The first one is obvious - adult content... But the definition of "adult" is not. Linden Labs seem to have been very eager to avoid a solid definition; could the reason for this be that they want it to be expandable? Today, young looking avatars - tomorrow, furries and any group they deem "unsuitable".

Linden Labs seem to be of the opinion that the Age Verification system should serve one primary purpose - to indemnify them from prosecution. But that's yet another can of worms. How far can it go, legally, to indemnifying them from content they host? Internet Service Providers - of which Linden could be counted one, being that they host a virtual world - and this means that they are ultimately responsible for any content they host. Age Verification won't change this. The original people caught by the German media were way past the age of consent; Age Verification won't change that either. Adults peddling in any kind of material deemed unsuitable in the country they live is still going to be illegal, and the hosting company responsible for making sure it's unavailable. Age verification won't change that.

The problem with hosting a cyberworld available to the entire globe is jurisdiction in law matters. Linden Labs are in a unique position here; what they're doing has never been done before. Integrity offers them the opportunity to comply with a number of law acts in America, but doesn't - some would say can't - offer to indemnify them against actions bought in another country. The downside of that is the apparent paranoia that is being handed down to the American people by their current government, with regards to personal data is not liked or trusted by their users. Even American users I've spoken too are angry about the data Integrity are asking them to hand over. Non American users are furious.

And indeed, there are still a number of issues that should be cleared up - (which, may I say, Linden Labs have not even TRIED to touch on thus far) - The first of which is security. Enough data was stolen from them in November 1996 for them to need to implement an emergency plan for credit card holders. They have to hold the personally identifiable details for two years to comply with the PATRIOT act. So far they've said nothing to reassure residents that they've done all they can to close the security loopholes the last hacker used.

Secondly, there's the issue of contracts. As residents, we have a contract enforceable by law, with Linden Labs. If Linden Labs do something questionable, we do have the courts to settle disputes. We have no such contract with Integrity. We may not even know if Integrity misuse our data until way after it is too late, and even then we would probably not have an avenue to seek any kind of compensation. In the case of none-US residents, this data (passport/national ID card/driving license number in full) represents a hitherto unseen amount of data to give over the internet - particularly just to play a game.

So, Linden Labs are going to start rolling age verification using Integrity out as soon as they possibly can. Many businesses within SL will have to flag themselves Adult to avoid the possibility of a widening definition resulting in bans. Before too long the grid will be more "adult" than mature or PG. And then Linden Labs will say "Well, the majority of the grid is adult, therefore the majority of users must be in favour of the grid being entirely adult, therefore from now on this isn't optional, it's mandatory."

Remember Thursday May 17th 2007. It just may have been the day that marked the downfall and eventual death of Second Life.

Sunday, May 20, 2007

The storm breaks

This morning there was discussion on the group "SL'ers against age verification" about child avatar sellers having their products and vendors deleted. Two were banned when they complained in the forums.

This whole thing seems to be spiralling out of all control. Ageplay is already banned, which is one thing, but to start banning the sale of child-like avatars is quite a jump in censorship. It's ominous to consider that people actually wearing such avatars could be the next victims, and then where will it end? Certainly the furry community is worried about this escalation. If one could get banned for wearing a human child avatar, how long until someone says "Furries yiffing is virtual beastiality - get rid of it!" and overnight wearing a furry avatar becomes a banning offense?

I chaired a general informal meeting (at which a few tempers ran high) this morning on Support for Healing island. General consensus was that we're FOR protecting people but AGAINST the methodology being proposed, for a variety of reasons. Linden Labs record of vault security being the main one, since they're required by the PATRIOT act to keep records for two years.

The major difficulty with the internet is that without being able to see someone, face to face, you're always going to be able to be fooled by those determined enough. What Linden Labs are proposing, won't stop those who are out to break the law - which is the very demographic they're trying to prevent.

Instead what they are doing is going to impact a number of people, and if they at some future point decide to make it mandatory, not optional... it's going to impact everyone on Second Life. And I still see absolutely nothing which makes me believe that they aren't going to make this mandatory sometime soon.

The meeting discussed the various options; the flaws in public notary were discussed, but no major new ideas were put forward. We reached consensus that the entire exercise is purely aimed at protecting Linden Labs, rather than being concerned with protecting the privacy of residents. It does seem to be a halfway measure, though, since rational adults would not let their children onto adult second life and irrational adults will just con the system whatever Linden Labs put in place.

If this latest development - the banning of some people who sell childlike avatars - starts to develop into something more sinister, it will only perpetuate the belief that Linden Labs are only doing this to protect their own backs. As for an answer - well, we're all still looking... but surely there MUST be a better way to trust your customers than to demand they hand over personal details... musn't there?

Friday, May 11, 2007

Here's the mailing list

In a conversation between two Lindens and a group of concerned residents, Daniel and Robin Linden were backed into a corner, and forced to admit that yes - data WOULD be stored... For an entire TWO YEARS!

[10:12] Robin Linden: Tao the data is never saved to be deleted. It’s matched only
[10:12] Daniel Linden: it’s vaulted to provided a government-required audit trail for two years, but neither Linden or Integrity can access that data unless an audit is initiated.

Here's the mailing list, folks! Who wants a copy?

Seriously, you now have to ask who can initiate an audit? Can the RIAA? Can the US Department of Homeland Security? Can the DoJ? What about law organisations in other countries - will they be able to request an "audit" so that they can keep track of what their citizens are doing? And how secure IS this vault, given that Linden Labs failed to protect credit card details last year?

Unfortunately, as time passed, more questions arise than get answered. Linden Labs in fact haven't made ANY attempt to answer residents concerns. Their latest blog entry on the subject once again repeats the same things "It won't be stored, it's entirely optional, it's only for adult content" - well, we now know the FIRST of these things is a lie. It WILL be stored, as is a legal requirement. The second is only true for the moment; watch this space for that changing. And just wait until the anti-furry brigade starts making noises and it'll be extended to all sorts of things.

I've seen many complaints about upcoming features in my time here, but NOTHING - absolutely nothing - has come close to this. Whereas normally 10-15% of the population complain about something new while 85-90% like the idea, here it's the other way around. 85-90% of the residents do not want to give their personal data to someone on a non-contractual assurance that it won't be given or sold or shared with third parties.

It now looks as if the Electronic Frontier Foundation is thinking about getting involved - Linden Labs, you're playing with the big boys now. There may also be European Union concerns about privacy... believe me, this is a can of worms you don't want to be trying to open.

To be continued.

Thursday, May 10, 2007

The plot thickens

Robin Linden has made a further post on the Second Life blog about the situation, and admitted that the age verification fiasco is as a result of the German media investigation.

She writes:

On Thursday May 3, we were contacted by German television network, ARD, which had captured images of two avatars, one that resembled an adult male and another that resembled a child, engaged in depicted sexual conduct. Our investigations revealed the users behind these avatars to be a 54-year-old man and a 27-year-old woman. Both were immediately banned from Second Life.

Which backs up what most opponents of this form of age verification have said. That it wouldn't have stopped this particular case from happening, and it won't stop it from happening again.

The main staying point is Linden Labs' introduction of this data collection while at the same time trying to dodge their responsibilities in policing the grid properly. It is NOT enough to say that it's all the residents responsibility, and more to the point it is not satisfactory in law. If you are a service provider, as Linden Labs claim to be, then the ultimate responsibility for content on your site (or in your virtual world) is with you, the service provider - not your customers. You can put whatever terms of service you like saying "don't do this" but if somebody does, and you fail to find and remove it then legally you, the service provider, is responsible.

A 54 year old and a 27 year old could both, under the current proposals, have easily age verified and the same thing could have happened, and could happen again. What Linden Labs are proposing here is not a solution to the problem. It won't work on a voluntary basis, so they'll make it mandatory and then wonder why half their residents left.

And even after age verification, adults that WANT to peddle child porn will simply make a group that only those "in the know" know about, will lock their land (on PG or Mature sims) to 'entry by group membership only' and will go on peddling child porn or depicting child abuse. Unless Linden Labs are prepared to send an invisible Linden into locked group membership plots to have a look round, this kind of thing is going to continue to happen in Second Life regardless of age verification. Worst of all, perpetrators may use stolen information or identity fraud when they go through age verification in the first place, meaning those who have had their identities stolen could be facing pornography charges on top of everything else.

All the arguments I'm making here have been made by others too, and what have we heard from Linden Labs about these very valid arguments?

Silence. Dead silence. The preverbial crickets chirping. Followed eventually by a "this is the date age verification will start" that proves they haven't listened to us at all.

Finally, I'd just like to point out my OWN experience with "Integrity" and their age verification system. I went to a site that they used, and because my IP address came out in North America, the system assumed that I'd always lived there and wouldn't let me enter anything but an American zip code (itself a laugh, as my IP comes out at Toronto, Canada where my service provider is - yet Integrities system refused to take a Canadian post code) and when I was unable to give it the details it wanted (I've just moved from the UK, and most of my documentation is still UK based; it wouldn't take my Canadian driving license number, and for some reason it wouldn't take my UK passport number either) it demanded that I fax copies of these government documents off to who knows where - it certainly didn't tell me who the fax number it gave me belonged to. Could have been the FBI or it could have been somebody in the identity theft business for all I know.

You had better listen, Linden Labs. You had better listen well. Because you're not the only virtual world out there, and if you do this, residents (particularly non-US residents) are going to leave en-masse.

Wednesday, May 9, 2007

The cat is out of the bag

http://news.bbc.co.uk/2/hi/technology/6638331.stm

Second Life is being investigated by German police following allegations that some members are trading child abuse images in the online world.

The investigation follows a report by a German TV news programme which uncovered the trading group and members who pay for sex with virtual children.

The police are now trying to identify the Second Life members involved.

Linden Lab, the creator of Second Life, said it would help identify users and pass on details to prosecutors.

Unfortunately, they're obviously going about it the wrong way. Integrities name checks, by all account, don't work. One person who attempted to join bud.tv with their second life avatar name, a DOB that was over 21 and a genuine postcode that they obtained with a bit of work from multimap.com and the australian post office site was completely successful, despite the fact that the chances of someone with her second life avatar name living at the address she gave, born on the day she gave was practically nonexistant.

To all intents and purposes, Integrity appears to be a cover for Aristotle, a political database collection company in America. It is looking more and more as if they don't actually have access to all the databases that they claim to, which means that although they may make a claim they can indemnify Linden Labs according to US law - it's a big risk for LL to take. After all, if Integrity is a child-company (no pun about the current situation intended) then the parent company can let it collapse if it gets heavily sued, which means if it does collapse then LL may not have been indemnified after all, and can be sued - it may well collapse itself under such a burden.

Plus, there is a huge resident backlash building about Integrity, mainly because of the details they seek and their ties to a political database company. In a society where a prominant academic can be banned from flying for giving a speech critical to President Bush, there is a strong feeling that Big Brother is trying to get into Second Life, and residents resent this. If Linden Labs start making age verification mandatory, and the information Integrity wants is too intrusive, people will start leaving in huge numbers (assuming they don't just all use their second life avatar names, manufactured DOBs and genuine postcodes in different countries.)

We could well be seeing the last days of Second Life, which would be a real shame. They are in a tentative position legally, and could end up driving their own customer base away trying heavy handed methods of complying with the ever more intrusive and draconian laws that their virtual world touches on. Yes, of COURSE the paedophiles and child abusers were going to come to SL sooner or later, because their is no tracing and Linden Labs try to avoid interfering with residents land. Of COURSE they were going to set their land to entry-restricted by group. This is going to happen when you give people an easy avenue to do what they want. People will take it.

Then along comes your investigative reporter, who has spent a few months infiltrating these organisations, gets himself a group invite and suddenly it's front page news, and everyone is shocked and horrified about how "widespread" it is in SL - when it isn't widespread at all.

There has been no formal response from Linden Labs following the BBC's publication of the story. I will be interested to see what - if anything - they say... and where we go from here.


Monday, May 7, 2007

Storm Clouds Gather

Linden Labs have been forced to make a further blog post about their upcoming "Age Verification" plans in the light of what looks like the largest protests against anything the game has ever known.

Let's see what we know so far. To recap, Linden Labs want residents that wish to enter "adult" areas to provide substantial details which could include (for non-US residents) passport number information or identity card information as well as addresses and dates of birth. This information will be passed to a third party company that will create a kind of 'credit score' of it to decide whether or not a person will pass or fail age verification. Linden Labs have taken great pains to say that the information will not be stored... one might almost say TOO much pains, given the circumstances.

According to The Daily Telegraph newspaper in London, England the company chosen, Integrity, is at least half-owned by a consortium of investors that includes Rupert Murdoch, the famous media tycoon who owns - amongst other things - Fox News in the US and a number of tabloid newspapers in the UK. In addition, Integrity's parent company, Aristotle (who, incidentally, have a tagline of 'Power Tools for Politics') make no secret of selling mailing lists to a number of organisations, amongst them political parties. Integrity's privacy policy makes a very simple statement:

Confidentiality of Information/Correction
This site does not provide visitors' information to third parties

But that doesn't really say very much. The site might not - but what about the company? There is absolutely no guarantee that information passed to Integrity won't end up on a list which could conceivably be made available to whoever asks for it. In addition, I do feel we are being lied to from the start here. Linden Labs say no data will be stored. Integrity say nothing will be provided to third parties (though interestingly Integrity themselves do not say the information won't be stored) - but the 1996 Electronic Communications Transactional Act requires any internet company that is asked to, to store ALL records for up to 90 days and the US Attorney General is desperately trying to take that even further.

So this still doesn't set my mind at rest, in fact, alarm bells are going off all over the place. One suspect among the thousands of records, and ALL the records must be stored for 90 days? You can bet that quasi-legal organisations like the RIAA are rubbing their greedy little hands together over this, and they won't be the only ones. Not living in the US I don't particularly care if a political party marks me down as not liking them - unless of course that ends up directly impacting my life, for example the professor who criticized President Bush and ended up on the infamous "no-fly" list because of it. This is a perfect example of someone who got on a blacklist, somewhere, somehow and now is suffering for it. Extreme? Maybe - but this sort of thing DOES exist. It's not a tin hat theory, it's actually happening to people who get put on lists. How do residents of Second Life know that support for the wrong organisation in game isn't going to result on them getting on some blacklist out of game?

Over the past few days I've been doing a lot of research about this, and what I've learned makes me MORE worried than I was when first I heard about this. Yes, Second Life is a game. But the information being gathered is anything BUT a game. And if this information is stored someplace, then you can bet someone will want a copy - and if they get a copy, to whom will they give it and for what purposes will it be used?

I'm sorry Linden Labs. This is a place I don't intend to go. Not now, not ever. Not for you, not for any game company. When push comes to shove, the day you demand these details from me is the day I leave and never look back - and from the look of the various forums, I'm by no means the only one.

Saturday, May 5, 2007

Data Mining in Second Life

http://blog.secondlife.com/2007/05/04/age-and-indentity-verification-in-second-life/#more-946

There are a number of things that trouble me about this. The main thing is that a third party is going to be used. I made an agreement with Linden Labs that they could utilise my credit card details to pay for a service they were providing me, but this goes well beyond that. While I agree that some form of age verification should be done within Second Life - I don't think this is the way to do it. I think they are opening a dangerous Pandoras Box here.

It doesn't much bother me from a governmental point of view. Governments can already collect my data. But where is it going to end from a private point of view? To site one example very relevant to Second Life, let's look at our old friends the music industry.

Already the music industry is making a concerted effort to price many internet based music radio stations out of existence. For each track broadcast they want a fee, and they've set fees very high considering the fee has to be paid not for each broadcast of the track, but for each person listening to the track. And here's where it overlaps the boundary into Second Life.

There are a large number of clubs in Second Life, and an even larger number of non-club plots that stream music in. My question of the day is this: If a company is allowed to collect my name, address, date of birth and other such personal information, and the RIAA (I site them as an example because of their very active campaign to chase people for money) then comes to this data mining site and says "We believe that this person is playing music into their lot on SL, hand over their details" - will they do so? And will I be told about it? Or will the first thing I hear about it be when a bill drops through my letterbox saying "You've played 500 tracks this last month, and we believe that they've been heard by 10 people, so here's the bill."

Data Mining using a third party is the top of a very slippery slope. While I would be prepared to supply, for example, my driving license number to Linden Labs direct so that they could run a check to see if a license in that name existed and was valid, that's the extent of it. I would balk at providing even THOSE details to a third party, since that third party is going to have other interests that Linden Labs doesn't (not to mention the fact that they might not even tell Linden Labs that they were giving away residents details to avoid being sued). I am certainly not prepared to provide detailed information such as my name and address, DOB and passport number just to play a game, ESPECIALLY if those details are going to be shared with a third party. When they demand that for entry to mature areas, I shall simply not enter mature areas. When they demand it for entry to the grid, I shall leave Second Life completely.

I suspect I won't be the only one.

Tuesday, May 1, 2007

The Open Letter Project

In my experience, 1.15 has been the worst viewer release since I joined Second Life. I've had all kinds of problems with slow rezzing, slow speaking, slow responses to control phrases on channel 0, disappearing inventory, teleports failing... the list goes on and on. So you can imagine my surprise when I saw on the Official Blog a reference to an open letter that had been sent to Linden Labs about the problems.

The letter is located here and addresses a number of the issues I - and lots of other residents like me - find to be a problem. I would ask visitors to this blog to at least look at the letter, and if they agree with it please also sign it too. The more residents that sign the letter, the more seriously Linden Labs will have to take it.

Quite frankly the customer service has become a joke. Firstly online status was hidden, supposedly to give privacy to residents - but more likely to stop Lindens being IMd when the help channel was ignored. Then the help channel went entirely, live help being removed and replaced with two links to websites. Now residents have been forced to register and use a third party website to draw Linden Labs attention to what we're saying. In the meantime LL is trying to press ahead with new things, which - admittedly though the new items are nice - will put even more strain on the grid. Voice support... nice, but watch bandwidth usage rocket. Sculpted prims... lovely, but the prim building system we've got already is flakey enough; even though LL say it won't, will the introduction of sculpted prims strain the grid even more?

It seems the only thing that works consistently is the billing system, and even that got compromised last year... The open letter calls for Linden Labs to concentrate their resources on fixing what we already have rather than looking for new features. I for one agree with that approach. I've seen this approach in shops, they start up, offer a good product with good sales support and after sales support at a good price. This encourages growth, and they grow and expand... and everyone slowly changes from a customer to an account number... and before you know it the after sales support is gone - and people start looking elsewhere. Then the day comes when you drive past the shop and it's closed.

We don't want this to happen to Second Life.

Please... go read the letter, and sign it. The more support we can get, the better the chance Linden Labs will listen.

Be well.

Monday, April 16, 2007

If you're having problems with our system, check it's our fault before complaining

From the official Second Life Blog:

"We’ve received a recent rise in reports of inventory loss, including inventory resulting back to default, including your avatar. We’re actively investigating this and having already helped a number of Residents, we’re continuing to work on individual cases.

In order to help you better, as with bugs and issues in general, it’s important that if you think you’re affected, that you rule out other causes first."


The entry then goes on to blame everything else, such as if you're using a wi-fi connection or if you might have given items to someone else by mistake.

To me, the entire tone of the posting is disrespectful. The point of it seems to be an attempt to blame ANY other cause than the system. It's even technically misleading, since although wi-fi "hotspots" can indeed cause high packet loss if there's 100 users all sitting in a massive lounge (at an airport for example) surfing wirelessly at the same time, but a home user with two or three PCs linked to their wireless router is not ever going to experience the same degree of packet loss unless they have faulty equipment. I've got Sympatico High Speed Unplugged, what could be termed the ultimate in wifi (the modem doesn't even plug into a phone line) and yet I can still play SL without any issues. Also, many people who play SL play other online games as well, and if they had an important issue such as high packet loss, the other games would be unplayable. In all the cases I've heard of, or spoken to people about, this hasn't been the case.

Inventory loss means the item has gone. If you give it to someone else, you receive notification "Unfortunate Victim has accepted your inventory offer." If you get it returned, you receive a notification "Your item 'Linden Prayer T-Shirt' has been returned to your lost and found folder from plot testbed due to auto return rules" - people complain of inventory loss when they log on, open their inventory and half of it is missing.

In an attempt to aid Linden Labs in their diagnosing, here would be my checklist:

Have you just logged on? If you've just logged on, and half of your inventory isn't appearing, then you may have inventory loss. If you get it during a session keep an eye out for server messages in your chat log. A server message such as "Can't find " may indicate it's the by now infamous asset server that's creaking under the pressure yet again.

Have you cleared your cache? This is actually not a bad idea, since SL doesn't seem to know some of the time what to do with its cache, and in any case it crashes so often it frequently doesn't clean up what it was doing in a previous session, and this can lead to problems.

Is there an obvious message in your chat log to explain your loss? Such as the ones I've detailed above. Yes, it is also possible to drop entire folders into objects, but it's uncommon since a lot of inventory loss doesn't occur at home, and involves packaged items rather than folders. I would also say here that to drop ONE folder into an item by mistake is unusual. To drop SEVERAL folders into items is so unusual as to be not worth considering. People complain of inventory loss when they have no idea what happened to folders, they don't generally complain of it when they were using that folder a moment ago.

In your inventory's 'Recent Items' tab, do the items appear there? This means you were using them, and can clear up if you've dropped them into items. If it doesn't appear here, you haven't been using these items recently.

As for "search the knowledge base" - well, that's a laughable attempt to sidestep responsibility. If someone's got a problem and they HAVE caused it themselves and not realised it... trust me, they are NOT going to know enough about the situation to be able to find answers in the knowledge base, and those that know how the system works will already know whether or not the knowledge base can help.

I've often wondered why, if items are "ours", they're all kept serverside. If we've created an item surely the details of that item should be stored locally, on our own system, and uploaded to Linden Labs only as required? Looking at my inventory I've already got over 3000 items; people whose accounts are older may have tens of thousands of items. Is it not putting LL's asset server under too much pressure to have to store ALL of these serverside? Especially if a lot of them are attachments. Why must these things all be serverside, and prone to vanishing if a server hiccups?

Linden Labs, surely it should signify a problem if SUDDENLY there's been a rise in inventory loss complaints. Yes, there'll always be a level of complaints, from people who haven't actually lost anything... but if for several days you have 100 complaints and the next day you have 1000, then there's obviously something gone wrong or those 900 other people would be complaining on the other days too. It would be helpful - and respectful - if you made sure your own house was in order before trying to blame everyone and everything else!

Saturday, April 7, 2007

Reflections on the time I've spent in SL

Once upon a time, there was a tavern
Where we used to raise a glass or two
Remember how we laughed away the hours,
Think of all the great things we would do


When I first came to SL I was gobsmacked. The system held so much promise, made boundaries so much smaller. It wasn't long before I found Support for Healing, and not long after that I founded Listening Ear, for helping those who felt uncomfortable talking in a group environment. This was my home away from home, and when I lost people RL I could come here, where there was no death, and still be helpful.

There was even a darker side to SL, where I could indulge my fantasies, in the hope I might find respite from numerous ghosts that had haunted me over the years...

Then, the busy years went rushing by us
We lost our starry notions on the way
If, by chance, I'd see you in the tavern,
We'd smile at one another and we'd say


Time passed. Rules changed. Arguments broke out about paid accounts vs free accounts. I moved countries, and somewhere along the way my first ever account was deleted, my land in Disl recycled, my possessions deleted. When I came back to SL after settling in another country, Support for Healing was a ghost island, regular meetings cancelled, hosts drawn from helping to dealing with RL matters. A very few people I managed to re-establish contact with. A few names I still try to look up every so often. I exchanged many a happy word with one person in particular, but I have no idea if she comes on any more... I've never actually seen her online, and now the system has changed so that you can't see the online/offline state of someone unless they allow it - which I still think is a deliberate cop-out to stop Lindens being IMd when they take no notice of the help request channel...

Just tonight, I stood before the tavern
Nothing seemed the way it used to be
In the glass, I saw a strange reflection
Was that lonely woman really me?


When I first came to SL I was an escort for a while, to make enough Linden Dollars to survive. During my prowling today I was asked for sex in the usual pidgeon english that is a dead giveaway the person I'm talking to either doesn't speak good english, or is well under the age the mature grid requires, or both. With things like first land disposed of, and RL politics in the form of various countries politicians invading SL to canvass for any votes they could get... I just felt the loneliness very strongly. I looked at the glass of the monitor, and I did indeed see a strange reflection of myself, and wonder - IS this really me, is this what I've become, and all I can ever be?

Through the door, there came familiar laughter
I saw your face and heard you call my name
Oh, my friend, we're older but no wiser
For in our hearts, the dreams are still the same


I watch the happenings these days at places like CaRP and Support for Healing from the sidelines. I see familiar faces, hear people occasionally greet me... all the dreams are gone now, gone to dust, as time passes and Second Life gets more restrictive, more unstable and more filled with people who just want to fulfill sexual fantasies with this unmoderated medium...

Those were the days, my friend
We thought they'd never end
We'd sing and dance forever and a day
We'd live the life we'd choose
We'd fight and never lose
Those were the days, oh yes, those were the days


Very little holds me to SL now... the few people I mention in my web profile, the occasional genuine cry for help that I can in some small way help... but very little else. Some days I just long to fade.

One day, I shall fade from SL. I will close my account, and click the magic button in control panel that officially kills me from the system. Few will notice, few will care.

It's just another lost dream, after all.

Stay safe.

(lyrics: Mary Hopkins - Those were the days, my friend)

Friday, March 30, 2007

Upstream Girl

Plenty has been said, and plenty continues to be said, about the upcoming voice feature to Second Life. Now that the beta has gone live, there's a lot of comments about it on the blog, but I shall not be using it for a wholly different reason than any of the ones given there.

When I was with Telewest in the UK I got a speed of 3Mb/512k and the latter is the important number - it's the upstream value, the amount of data per second that your computer can send back to your ISP.

When I first came to Canada, that changed to 5Mb/384k which was faster at receiving but slower at sending. This was still okay for what I wanted; SL worked fine, and so did WoW.

Now I've moved ISPs again to Sympatico, and quite frankly they're not very good, but at the present time they're all I can get onto. Their speed is 3Mb/256k which again is fine for receiving, but now on the threshold for transmitting. World of Warcraft now has severe latency problems, and Second Life - without voice - is also somewhat laggy. Add the strain of having to deal with voice streams coming in and going out, and the whole thing will collapse into lag hell. I already can't use Skype or Ventrillo with either Second Life or World of Warcraft without getting such severe breaking that people can't understand what I'm saying.

I reserve judgement on whether it's a good or a bad idea to add voice to Second Life. I do agree that many "girls" out there will end up being proved to be men, and I do think a lot of escorts may lose their jobs when the clientèle discover they've actually been engaging in gay cybersex. But all this doesn't matter to me... Second Life is, after all, a game, and if guys want to play girls, or girls want to play guys, that's fine with me. But those who are on slow upstreams like I currently am won't have a choice about voice, because they simply won't have the bandwidth for the extra functions. Perhaps Linden Labs' time would be better spent fixing bugs and improving compression (and particularly trying to do something about packet loss, which is one of Second Life's particular bugbears) than introducing new slowdowns to the grid.

Monday, March 26, 2007

I called you... but you weren't there...

I've had some pretty appalling waits for customer service departments in the past, but Linden Labs - you just outdid them all:

My Skype log for today, at the time of writing, has 6 entries for the Linden Labs number. The first four I tried to get through to the general enquiries department. I was told "The average wait today is five to six minutes." After 14 minutes on hold EACH time I was asked to create voice ticket, the automated version of "You can rant here but we just erase the tapes every day so don't hold your breath for a call back."

I decided to put my priority up, by instead selecting billing services (indicating that I was a paying customer) - Strangely enough, the average wait time there was "five to six minutes", although the music on hold was better and interspersed with "Thank you for holding, your call is important to us, we'll be with you shortly." messages.

20 minutes later, with still no answer, the system transferred me back to the queue for the general enquiries (with it's absolutely AWFUL music - if you can call it that - on hold, interspersed with random Linden wisdom all about how to spend money and view forums and stuff like that.) As if a 20 minute wait on hold wasn't bad enough, it then left me on hold a further 14 minutes for the general department - and then, guess what?

I was asked to create voice ticket, the automated version of "You can rant here but we just erase the tapes every day so don't hold your breath for a call back."

So let me see, that's ONE AND A HALF HOURS waiting on hold and still I never got to speak to anyone. Remember, this is also at a toll free number, so once the call was answered, Linden Labs were being billed (thank goodness) for each minute I was on hold. If I'd had to pay for the one and a half hours on hold as well, I'd NOT have been a happy customer. How much, I wonder, did my unanswered calls cost Linden Labs, and how many other people cost them that much, given that I obviously didn't speak to anyone because the lines were to busy?

While I appreciate that some technical support lines might feel a bit like the three dead trolls in a baggie internet helpdesk sketch there can be no excuse for making paying customers wait 90 minutes on hold and STILL not have anyone answer the phone.

Come on, Linden Labs, lets have some service around here!