Monday, May 28, 2007
The strangest IM Conversation to date
[16:38] ** OTHER AVATAR **: HI SWEET
[16:39] Untameable Wildcat: Hello
[16:39] ** OTHER AVATAR **: HOW ARE U HUH?
[16:40] Untameable Wildcat: good thanks. Yourself?
[16:40] ** OTHER AVATAR **: I CAN LICK YOUR PUSSY IF U WANT
[16:40] ** OTHER AVATAR **: DO U WANT?
[16:40] ** OTHER AVATAR **: please let me lick your pussy
[16:41] ** OTHER AVATAR **: ???
[16:41] ** OTHER AVATAR **: huh
[16:41] Untameable Wildcat: I will switch it on for you
[16:41] ** OTHER AVATAR **: eh?
At this point in the proceedings I changed from my elven avatar in her pretty royal purple ballroom gown and masquerade mask, to my tabby cat avatar resplendent in biker leathers.
[16:41] ** OTHER AVATAR **: wow
[16:42] Untameable Wildcat: There you go... my pussy. Lick away :)
[16:42] ** OTHER AVATAR **: ma vaffanculo.....merda
And strangely enough that's the last I heard from him.
(according to google, his last comment was "Fuck you... shit") - I assure you, the feeling is mutual. Following Linden Labs guidelines I've removed his name before posting the conversation, to assure Vesper Jacobus' anonymity.
Monday, May 21, 2007
The contract is signed
It remains to be seen how long it remains optional to give these details. In my many years of experience, I've seen it happen time and time again that something is introduced - normally for political reasons - as "optional" but has strings attached that really mean "mandatory". UK Identity Cards are a prime example. When the scheme starts, it will indeed be optional. Citizens will be able to decline an ID card - but what they have been hushing up as much as possible is small print in the legislation that states if you don't have an ID card, you have to surrender your passport. So if you ever want to travel, the ID card isn't optional, since possession of a passport will be dependent on "opting in" to have one.
Where, one wonders, do Linden Labs intend this Age Verification thing to go? What are the strings they're going to attach to it? The first one is obvious - adult content... But the definition of "adult" is not. Linden Labs seem to have been very eager to avoid a solid definition; could the reason for this be that they want it to be expandable? Today, young looking avatars - tomorrow, furries and any group they deem "unsuitable".
Linden Labs seem to be of the opinion that the Age Verification system should serve one primary purpose - to indemnify them from prosecution. But that's yet another can of worms. How far can it go, legally, to indemnifying them from content they host? Internet Service Providers - of which Linden could be counted one, being that they host a virtual world - and this means that they are ultimately responsible for any content they host. Age Verification won't change this. The original people caught by the German media were way past the age of consent; Age Verification won't change that either. Adults peddling in any kind of material deemed unsuitable in the country they live is still going to be illegal, and the hosting company responsible for making sure it's unavailable. Age verification won't change that.
The problem with hosting a cyberworld available to the entire globe is jurisdiction in law matters. Linden Labs are in a unique position here; what they're doing has never been done before. Integrity offers them the opportunity to comply with a number of law acts in America, but doesn't - some would say can't - offer to indemnify them against actions bought in another country. The downside of that is the apparent paranoia that is being handed down to the American people by their current government, with regards to personal data is not liked or trusted by their users. Even American users I've spoken too are angry about the data Integrity are asking them to hand over. Non American users are furious.
And indeed, there are still a number of issues that should be cleared up - (which, may I say, Linden Labs have not even TRIED to touch on thus far) - The first of which is security. Enough data was stolen from them in November 1996 for them to need to implement an emergency plan for credit card holders. They have to hold the personally identifiable details for two years to comply with the PATRIOT act. So far they've said nothing to reassure residents that they've done all they can to close the security loopholes the last hacker used.
Secondly, there's the issue of contracts. As residents, we have a contract enforceable by law, with Linden Labs. If Linden Labs do something questionable, we do have the courts to settle disputes. We have no such contract with Integrity. We may not even know if Integrity misuse our data until way after it is too late, and even then we would probably not have an avenue to seek any kind of compensation. In the case of none-US residents, this data (passport/national ID card/driving license number in full) represents a hitherto unseen amount of data to give over the internet - particularly just to play a game.
So, Linden Labs are going to start rolling age verification using Integrity out as soon as they possibly can. Many businesses within SL will have to flag themselves Adult to avoid the possibility of a widening definition resulting in bans. Before too long the grid will be more "adult" than mature or PG. And then Linden Labs will say "Well, the majority of the grid is adult, therefore the majority of users must be in favour of the grid being entirely adult, therefore from now on this isn't optional, it's mandatory."
Remember Thursday May 17th 2007. It just may have been the day that marked the downfall and eventual death of Second Life.
Sunday, May 20, 2007
The storm breaks
This whole thing seems to be spiralling out of all control. Ageplay is already banned, which is one thing, but to start banning the sale of child-like avatars is quite a jump in censorship. It's ominous to consider that people actually wearing such avatars could be the next victims, and then where will it end? Certainly the furry community is worried about this escalation. If one could get banned for wearing a human child avatar, how long until someone says "Furries yiffing is virtual beastiality - get rid of it!" and overnight wearing a furry avatar becomes a banning offense?
I chaired a general informal meeting (at which a few tempers ran high) this morning on Support for Healing island. General consensus was that we're FOR protecting people but AGAINST the methodology being proposed, for a variety of reasons. Linden Labs record of vault security being the main one, since they're required by the PATRIOT act to keep records for two years.
The major difficulty with the internet is that without being able to see someone, face to face, you're always going to be able to be fooled by those determined enough. What Linden Labs are proposing, won't stop those who are out to break the law - which is the very demographic they're trying to prevent.
Instead what they are doing is going to impact a number of people, and if they at some future point decide to make it mandatory, not optional... it's going to impact everyone on Second Life. And I still see absolutely nothing which makes me believe that they aren't going to make this mandatory sometime soon.
The meeting discussed the various options; the flaws in public notary were discussed, but no major new ideas were put forward. We reached consensus that the entire exercise is purely aimed at protecting Linden Labs, rather than being concerned with protecting the privacy of residents. It does seem to be a halfway measure, though, since rational adults would not let their children onto adult second life and irrational adults will just con the system whatever Linden Labs put in place.
If this latest development - the banning of some people who sell childlike avatars - starts to develop into something more sinister, it will only perpetuate the belief that Linden Labs are only doing this to protect their own backs. As for an answer - well, we're all still looking... but surely there MUST be a better way to trust your customers than to demand they hand over personal details... musn't there?
Friday, May 11, 2007
Here's the mailing list
[10:12] Robin Linden: Tao the data is never saved to be deleted. It’s matched onlyHere's the mailing list, folks! Who wants a copy?
[10:12] Daniel Linden: it’s vaulted to provided a government-required audit trail for two years, but neither Linden or Integrity can access that data unless an audit is initiated.
Seriously, you now have to ask who can initiate an audit? Can the RIAA? Can the US Department of Homeland Security? Can the DoJ? What about law organisations in other countries - will they be able to request an "audit" so that they can keep track of what their citizens are doing? And how secure IS this vault, given that Linden Labs failed to protect credit card details last year?
Unfortunately, as time passed, more questions arise than get answered. Linden Labs in fact haven't made ANY attempt to answer residents concerns. Their latest blog entry on the subject once again repeats the same things "It won't be stored, it's entirely optional, it's only for adult content" - well, we now know the FIRST of these things is a lie. It WILL be stored, as is a legal requirement. The second is only true for the moment; watch this space for that changing. And just wait until the anti-furry brigade starts making noises and it'll be extended to all sorts of things.
I've seen many complaints about upcoming features in my time here, but NOTHING - absolutely nothing - has come close to this. Whereas normally 10-15% of the population complain about something new while 85-90% like the idea, here it's the other way around. 85-90% of the residents do not want to give their personal data to someone on a non-contractual assurance that it won't be given or sold or shared with third parties.
It now looks as if the Electronic Frontier Foundation is thinking about getting involved - Linden Labs, you're playing with the big boys now. There may also be European Union concerns about privacy... believe me, this is a can of worms you don't want to be trying to open.
To be continued.
Thursday, May 10, 2007
The plot thickens
She writes:
On Thursday May 3, we were contacted by German television network, ARD, which had captured images of two avatars, one that resembled an adult male and another that resembled a child, engaged in depicted sexual conduct. Our investigations revealed the users behind these avatars to be a 54-year-old man and a 27-year-old woman. Both were immediately banned from Second Life.
Which backs up what most opponents of this form of age verification have said. That it wouldn't have stopped this particular case from happening, and it won't stop it from happening again.
The main staying point is Linden Labs' introduction of this data collection while at the same time trying to dodge their responsibilities in policing the grid properly. It is NOT enough to say that it's all the residents responsibility, and more to the point it is not satisfactory in law. If you are a service provider, as Linden Labs claim to be, then the ultimate responsibility for content on your site (or in your virtual world) is with you, the service provider - not your customers. You can put whatever terms of service you like saying "don't do this" but if somebody does, and you fail to find and remove it then legally you, the service provider, is responsible.
A 54 year old and a 27 year old could both, under the current proposals, have easily age verified and the same thing could have happened, and could happen again. What Linden Labs are proposing here is not a solution to the problem. It won't work on a voluntary basis, so they'll make it mandatory and then wonder why half their residents left.
And even after age verification, adults that WANT to peddle child porn will simply make a group that only those "in the know" know about, will lock their land (on PG or Mature sims) to 'entry by group membership only' and will go on peddling child porn or depicting child abuse. Unless Linden Labs are prepared to send an invisible Linden into locked group membership plots to have a look round, this kind of thing is going to continue to happen in Second Life regardless of age verification. Worst of all, perpetrators may use stolen information or identity fraud when they go through age verification in the first place, meaning those who have had their identities stolen could be facing pornography charges on top of everything else.
All the arguments I'm making here have been made by others too, and what have we heard from Linden Labs about these very valid arguments?
Silence. Dead silence. The preverbial crickets chirping. Followed eventually by a "this is the date age verification will start" that proves they haven't listened to us at all.
Finally, I'd just like to point out my OWN experience with "Integrity" and their age verification system. I went to a site that they used, and because my IP address came out in North America, the system assumed that I'd always lived there and wouldn't let me enter anything but an American zip code (itself a laugh, as my IP comes out at Toronto, Canada where my service provider is - yet Integrities system refused to take a Canadian post code) and when I was unable to give it the details it wanted (I've just moved from the UK, and most of my documentation is still UK based; it wouldn't take my Canadian driving license number, and for some reason it wouldn't take my UK passport number either) it demanded that I fax copies of these government documents off to who knows where - it certainly didn't tell me who the fax number it gave me belonged to. Could have been the FBI or it could have been somebody in the identity theft business for all I know.
You had better listen, Linden Labs. You had better listen well. Because you're not the only virtual world out there, and if you do this, residents (particularly non-US residents) are going to leave en-masse.
Wednesday, May 9, 2007
The cat is out of the bag
Second Life is being investigated by German police following allegations that some members are trading child abuse images in the online world.The investigation follows a report by a German TV news programme which uncovered the trading group and members who pay for sex with virtual children.
The police are now trying to identify the Second Life members involved.
Linden Lab, the creator of Second Life, said it would help identify users and pass on details to prosecutors.
Unfortunately, they're obviously going about it the wrong way. Integrities name checks, by all account, don't work. One person who attempted to join bud.tv with their second life avatar name, a DOB that was over 21 and a genuine postcode that they obtained with a bit of work from multimap.com and the australian post office site was completely successful, despite the fact that the chances of someone with her second life avatar name living at the address she gave, born on the day she gave was practically nonexistant.
To all intents and purposes, Integrity appears to be a cover for Aristotle, a political database collection company in America. It is looking more and more as if they don't actually have access to all the databases that they claim to, which means that although they may make a claim they can indemnify Linden Labs according to US law - it's a big risk for LL to take. After all, if Integrity is a child-company (no pun about the current situation intended) then the parent company can let it collapse if it gets heavily sued, which means if it does collapse then LL may not have been indemnified after all, and can be sued - it may well collapse itself under such a burden.
Plus, there is a huge resident backlash building about Integrity, mainly because of the details they seek and their ties to a political database company. In a society where a prominant academic can be banned from flying for giving a speech critical to President Bush, there is a strong feeling that Big Brother is trying to get into Second Life, and residents resent this. If Linden Labs start making age verification mandatory, and the information Integrity wants is too intrusive, people will start leaving in huge numbers (assuming they don't just all use their second life avatar names, manufactured DOBs and genuine postcodes in different countries.)
We could well be seeing the last days of Second Life, which would be a real shame. They are in a tentative position legally, and could end up driving their own customer base away trying heavy handed methods of complying with the ever more intrusive and draconian laws that their virtual world touches on. Yes, of COURSE the paedophiles and child abusers were going to come to SL sooner or later, because their is no tracing and Linden Labs try to avoid interfering with residents land. Of COURSE they were going to set their land to entry-restricted by group. This is going to happen when you give people an easy avenue to do what they want. People will take it.
Then along comes your investigative reporter, who has spent a few months infiltrating these organisations, gets himself a group invite and suddenly it's front page news, and everyone is shocked and horrified about how "widespread" it is in SL - when it isn't widespread at all.
There has been no formal response from Linden Labs following the BBC's publication of the story. I will be interested to see what - if anything - they say... and where we go from here.
Monday, May 7, 2007
Storm Clouds Gather
Let's see what we know so far. To recap, Linden Labs want residents that wish to enter "adult" areas to provide substantial details which could include (for non-US residents) passport number information or identity card information as well as addresses and dates of birth. This information will be passed to a third party company that will create a kind of 'credit score' of it to decide whether or not a person will pass or fail age verification. Linden Labs have taken great pains to say that the information will not be stored... one might almost say TOO much pains, given the circumstances.
According to The Daily Telegraph newspaper in London, England the company chosen, Integrity, is at least half-owned by a consortium of investors that includes Rupert Murdoch, the famous media tycoon who owns - amongst other things - Fox News in the US and a number of tabloid newspapers in the UK. In addition, Integrity's parent company, Aristotle (who, incidentally, have a tagline of 'Power Tools for Politics') make no secret of selling mailing lists to a number of organisations, amongst them political parties. Integrity's privacy policy makes a very simple statement:
Confidentiality of Information/Correction
This site does not provide visitors' information to third parties
But that doesn't really say very much. The site might not - but what about the company? There is absolutely no guarantee that information passed to Integrity won't end up on a list which could conceivably be made available to whoever asks for it. In addition, I do feel we are being lied to from the start here. Linden Labs say no data will be stored. Integrity say nothing will be provided to third parties (though interestingly Integrity themselves do not say the information won't be stored) - but the 1996 Electronic Communications Transactional Act requires any internet company that is asked to, to store ALL records for up to 90 days and the US Attorney General is desperately trying to take that even further.
So this still doesn't set my mind at rest, in fact, alarm bells are going off all over the place. One suspect among the thousands of records, and ALL the records must be stored for 90 days? You can bet that quasi-legal organisations like the RIAA are rubbing their greedy little hands together over this, and they won't be the only ones. Not living in the US I don't particularly care if a political party marks me down as not liking them - unless of course that ends up directly impacting my life, for example the professor who criticized President Bush and ended up on the infamous "no-fly" list because of it. This is a perfect example of someone who got on a blacklist, somewhere, somehow and now is suffering for it. Extreme? Maybe - but this sort of thing DOES exist. It's not a tin hat theory, it's actually happening to people who get put on lists. How do residents of Second Life know that support for the wrong organisation in game isn't going to result on them getting on some blacklist out of game?
Over the past few days I've been doing a lot of research about this, and what I've learned makes me MORE worried than I was when first I heard about this. Yes, Second Life is a game. But the information being gathered is anything BUT a game. And if this information is stored someplace, then you can bet someone will want a copy - and if they get a copy, to whom will they give it and for what purposes will it be used?
I'm sorry Linden Labs. This is a place I don't intend to go. Not now, not ever. Not for you, not for any game company. When push comes to shove, the day you demand these details from me is the day I leave and never look back - and from the look of the various forums, I'm by no means the only one.
Saturday, May 5, 2007
Data Mining in Second Life
There are a number of things that trouble me about this. The main thing is that a third party is going to be used. I made an agreement with Linden Labs that they could utilise my credit card details to pay for a service they were providing me, but this goes well beyond that. While I agree that some form of age verification should be done within Second Life - I don't think this is the way to do it. I think they are opening a dangerous Pandoras Box here.
It doesn't much bother me from a governmental point of view. Governments can already collect my data. But where is it going to end from a private point of view? To site one example very relevant to Second Life, let's look at our old friends the music industry.
Already the music industry is making a concerted effort to price many internet based music radio stations out of existence. For each track broadcast they want a fee, and they've set fees very high considering the fee has to be paid not for each broadcast of the track, but for each person listening to the track. And here's where it overlaps the boundary into Second Life.
There are a large number of clubs in Second Life, and an even larger number of non-club plots that stream music in. My question of the day is this: If a company is allowed to collect my name, address, date of birth and other such personal information, and the RIAA (I site them as an example because of their very active campaign to chase people for money) then comes to this data mining site and says "We believe that this person is playing music into their lot on SL, hand over their details" - will they do so? And will I be told about it? Or will the first thing I hear about it be when a bill drops through my letterbox saying "You've played 500 tracks this last month, and we believe that they've been heard by 10 people, so here's the bill."
Data Mining using a third party is the top of a very slippery slope. While I would be prepared to supply, for example, my driving license number to Linden Labs direct so that they could run a check to see if a license in that name existed and was valid, that's the extent of it. I would balk at providing even THOSE details to a third party, since that third party is going to have other interests that Linden Labs doesn't (not to mention the fact that they might not even tell Linden Labs that they were giving away residents details to avoid being sued). I am certainly not prepared to provide detailed information such as my name and address, DOB and passport number just to play a game, ESPECIALLY if those details are going to be shared with a third party. When they demand that for entry to mature areas, I shall simply not enter mature areas. When they demand it for entry to the grid, I shall leave Second Life completely.
I suspect I won't be the only one.
Tuesday, May 1, 2007
The Open Letter Project
The letter is located here and addresses a number of the issues I - and lots of other residents like me - find to be a problem. I would ask visitors to this blog to at least look at the letter, and if they agree with it please also sign it too. The more residents that sign the letter, the more seriously Linden Labs will have to take it.
Quite frankly the customer service has become a joke. Firstly online status was hidden, supposedly to give privacy to residents - but more likely to stop Lindens being IMd when the help channel was ignored. Then the help channel went entirely, live help being removed and replaced with two links to websites. Now residents have been forced to register and use a third party website to draw Linden Labs attention to what we're saying. In the meantime LL is trying to press ahead with new things, which - admittedly though the new items are nice - will put even more strain on the grid. Voice support... nice, but watch bandwidth usage rocket. Sculpted prims... lovely, but the prim building system we've got already is flakey enough; even though LL say it won't, will the introduction of sculpted prims strain the grid even more?
It seems the only thing that works consistently is the billing system, and even that got compromised last year... The open letter calls for Linden Labs to concentrate their resources on fixing what we already have rather than looking for new features. I for one agree with that approach. I've seen this approach in shops, they start up, offer a good product with good sales support and after sales support at a good price. This encourages growth, and they grow and expand... and everyone slowly changes from a customer to an account number... and before you know it the after sales support is gone - and people start looking elsewhere. Then the day comes when you drive past the shop and it's closed.
We don't want this to happen to Second Life.
Please... go read the letter, and sign it. The more support we can get, the better the chance Linden Labs will listen.
Be well.