Protecting Your ID (and IP) in Second Life

People come to Second Life for various reasons.

For most of us, it may have been out of curiosity in the beginning, and we soon became addicted. For others, the motivation to join the game may stem from experience with other online gaming platforms, giving way to activities that center on an in-world role play environment. Whatever the case, the majority of users who use the service sign on with a certain degree of anonymity, and while some may choose to mimic their real life personae, most residents seem to create an avatar that is far-removed from who they are in the real world. It goes without saying that everyone in Second Life is entitled to personal privacy; in fact, Linden Labs has made special provisions to protect that privacy. Those provisions are what we all know as the Terms of Service, or TOS, for short.

Of course, no one here can see who you really are...
or can they? Well, that depends on several things.

Our avatars are as private as we care to make them. Some people leave everything blank. While this can lead to suspicion by others, especially in an older avatar, it does present the least amount of information about the person's real life. At the other end of the spectrum is the person who displays a real-life photograph in their profile, and who mentions publicly where they live, and what they do. Personally, I don't think sharing RL information is a good idea here, as it truly has nothing to do with Second Life. The one possible exception to this might be the person who comes to SL with the hopes of 'hooking up' with someone that they can meet in the real world. Again, this isn't a good idea. I have personally known one SL fashion model who was murdered by her SL lover in RL. Yeah, it happens.

It's not only about stalkers though. Personal security in Second Life also means that residents have the right to protection from data mining, and unauthorized use of their personal IP, or Internet Protocol, a term which I am sure we are all familiar with. While our individual IPs may not always lead directly to our RL home locations, they can be used to narrow down the user's location to a specific city, or even a locale. For the purposes of this discussion, however, unauthorized IP tracking can be used for other reasons within Second Life, and those reasons are very specific direct violations of the LL TOS.





'How can I protect my IP from these unscrupulous users?,'
you ask. The first thing you need to know is exactly how these users can collect your data. Here are a few of the methods often used:

1) Private voice chat

2) Visitor trackers that give out an URL to an online survey. Avoid clicking on these.

3) Streaming media. DJs in SL often use an API-based program that, as Admin on that outside web page, they have the ability to view all the IPs that are plugged in to that media. If you're the only one there in the sim besides the DJ, that kinda narrows down which IP is yours.

4) Illegal packet-sniffing programs such as Red Zone and Phantom Zone are designed specifically to harvest user IPs, supposedly to 'control griefers.' Regardless of any rationalization, these programs are illegal, yet are still widely used by certain paranoid RP groups who fear infiltration.

5) Any database-enabled object or any web-enabled object

6) Any activity that uses an external API (aka 'application programming interface'; read Meg's excellent summation of APIs in the previous post here). Basically, these APIs are much like your common web forum in that they require you to create a log-in identity. This automatically registers the users IP at that site. As any of you who was ever a forum administrator/owner or moderator knows, you are most definitely able to view every user's IP and create a database. Incidentally, these IPs are usually associated with an E-mail address, which is also considered to be private personal information. Collection of this information is known as data mining.





Now, while having an API is not in itself a direct violation of LL TOS; using it for data mining most definitely is. It might work this way: Say for example that you have purchased an object that uses an API to access the web. The owner and any chosen administrator will have access to your IP. That is a given. Do they really know who you are from this information? Probably not, unless you provided a really obvious E-mail address to register with. OK, now let's say those same people are administrators at an in-world sim that coincidentally uses that same API to access said object, and those people also secretly run Red Zone or something like it. Now they are collecting a parallel database of IPs within Second Life, which happens to be illegal. It doesn't take a rocket scientist to figure out that all they have to do is compare those lists, and they can see which avatar is associated with which IP and/or E-mail address. WAY against TOS, shame on you. Actually, shame on ME for falling for it, when I knew the possibilities to begin with.

What can they actually do with the information? Well, they can ban you, for any reason. They can ban your alts, should you decide to return under another identity. If it's an API-controlled object of some sort, they can even ban you from using it. This means that even though you PAID for it, it may no longer work if you happen to fall out of favor with them for, let's say, having the 'wrong' friends. In fact, these systems will only work as long as the owners maintain their APIs on the web and have them available for use. Once they grow tired of SL or disgruntled (or even leave SL for health reasons), the API may disappear altogether, and there you are with an expensive object that just doesn't do what you paid to have it do. And there won't be much you can do about it.





Now, I am not at all suggesting that you stop all activities in Second Life, but there are several common-sense approaches you can use to protect yourself. I don't use Voice, I don't log on to the DJ streams, and I don't visit locations in-world where the use of Red Zone and similar programs are known to be in use, even if sporadically. And I DON'T buy anything that relies on the use of an external API that gives the seller unreasonable control over the use of that product.

Don't listen to the shills. They have EVERYTHING to lose, and they will lie and try to tell you that NO, that's not what an API is. I know; I have seen it already. I suggest you do your own research. All the information is out there. Don't be stupid and just accept the lies. If you go ahead and do that anyway, I don't want you to come crying to me later that "Jamie, you were right all along; I should have listened to you in the first place." We are all adults here, for the most part, and are all capable of making sound, educated decisions. Don't be led to the slaughter by a wolf in sheep's clothing. Instead, take the time to educate yourself, and pass it along.

YMMV


~Jamie~

*API-FYI*
There are a lot of misconceptions, misdirections, and outright untruths running around in SL about API's.  One of the best tools in misdirection (implied lies) is in the definition of words, or more precisely, redefinition of words.  API, innocuously enough, stands for Application Program Interface, which in SL world is a program application that is outside the confines of SL and LSL language.  An API is invoked if you interact with an object that talks to an off-world server, or click on a link to a web site.

All voice and media work through API's, but also many things that, because of relative seamless continuity, you wouldn't think of as using an API. Even though LL has a strict policy for the API,  an API is outside the control of, and not subject to  LL and the TOS  unless the managers of it choose to be.  LL has an API service that requires a strict adherence to TOS to be able to use (http://wiki.secondlife.com/wiki/APIs_and_Web_Services_Portal), but this is not required to make an API work and the resident has no real way of knowing which is which without voluntary disclosure.

If you click a link from inside SL, your information is carried outside SL into the "wild west" of the internet .  Common programs used for off SL servers are PHP and SQL, and anyone versed in those languages knows all about how to extract information from your "ping" to identify and classify you.  The process is called "packet sniffing", and is very VERY commonly used by normal internet sites to drop your information into an SQL database for analysis and marketing later on. In fact that is precisely how you get spam from web sites that you visit.

When information like your IP address (even mac address of your modem if the sniffer is talented enough) is linked to your AV name in SL, and then stored in a data base, then when you get sniffed again and another AV name with the same IP (or even mac address) it can be linked together to tell the operator that the two accounts are alts. This was the basic concept behind the Redzone "security" program that was banned by SL as being an invasion of privacy and a violation of TOS.  The IP and MAC associations can be traced in common programs you can get online that will locate where the person sniffed is in the Real World.

In the DJ world in SL, sniffing the information passed through your browser with media enabled, gives the DJ a lot of information about you. They MAY not track and compare alt information on you, but they certainly can.  This is NOT a violation of TOS primarily because of the disclaimer information in SL on the use of media and voice, and because you select to use them. The ox on which the TOS was gored with Redzone was that there was no disclosure to residents that their information was being traced and compared to an alt database.

The guy who made Redzone ended up IP banned and in jail, but the loopholes in the browser and in SL regarding your privacy are still there.  At the time Redzone was working in SL, any sim owner who used it had automatic access to the alt database, but that same database was also suspected of being SOLD to others in separate deals with the Redzone maker.

As far as I know there is no way of knowing who may have bought the database and is continuing to identify everyone's personal information and alts in SL. Certainly they used the example of what happened to the maker of Redzone to keep quiet about tracking you, so you may never know who figured out that FurryWolf Avatar is also XXXNakedCandyDD Resident, especially those inside a community where esteem and reputation may be important to them.

In addition to being an undisclosed invasion-of-privacy spyware, Redzone was also error prone. Anyone who used a military or university network node out to the internet was likely to have their IP associated with others who also went out on that node. In their database my information could be linked to any other's who also used that node.  Most people used Redzone to simply spy on the people who came into their sim, while claiming it helped prevent "griefing" attacks and copybotting by people who would alt in after just being banned for griefing.  It was used to ban access or services to certain people, based on their IP address, without any notification or explanation.

I share a lot of RL information (I've been told, WAY too much) with people in SL, and I always have. I don't, and never did, use alts to grief or annoy people in SL, but I know in certain groups alting is practically a religion practiced to spy on and manipulate others in SL.  Because of voiceprint ID and other security problems associated with SL Voice and Skype, I'm not even allowed to use those security holes, and was specifically told not to. 

My objection to Redzone has always been on principle, and I view the undisclosed stealing of personal information as utterly unethical, and depending on how it's used, criminal. If they're going to take and use personal information from people using their products or services, you have the right to know and make the choice to use it or not. Of course if they do that, they will lose customers, so they don't want to, or might lie about it.

There are many people in SL who don't care about their information, and between facebook and twitter they indiscirimantly toss it all over the internet.  But they MAY object to it if that information is used to discover their alts, or used to ban them from using components of products that they paid real money for with the reasonable expectation that their function would not be diminished at some point in the future, and for reasons they aren't aware of.  Products in SL that are linked in function to an API are very susceptible to being rendered inoperative in the future, and if buyers are not provided with the disclosed risk of buying them at the time of purchase, in my opinion it borders on fraud. 

Even if you don't mind your data being used, and trust the people who are controlling the API, what happens if they simply get bored with SL in the future? What happens if there is a drama dispute between the people paying for and controlling the off-world API, or they can't or wont pay for the servers any longer?  Your products that depend on that API for some or all of their functionality (and you may not know exactly how much of it) will be diminished in use and value.  If you decide you have a civil case and want to sue them to recover your loss, you don't even know for sure if you CAN in the country they live in. Certainly it becomes more expensive to do so.

Be careful about what you buy, be careful of objects in SL that use off-world APIs, and be VERY careful buying them from people who are dishonest or negligent enough not to disclose your risk to you before you purchase. Remember that this is "just a game" to many people who control the use and value of what you paid real money for in Sl, and they may very well believe they are justified in devaluing your property because of some SL drama that has nothing to do with you, just to preserve their "game".

MeganAnn Mills

More on the New Viewer

Moron?? WHO'S a moron?? Oh, MORE on, yeah, that's it. LOL... I spoke a bit about LL's latest viewer for SL the other day, and I just wanted to add a few things. First of all, I wanted to be clear: I have NOT switched over to a Mesh viewer. I wanted to try it out, simply because some people had said that it can be tweaked to look more or less like the standard SL viewer (not V2, the older one). While I was able to get things to where I felt I could deal with using this viewer if I absolutely had to, my opinion is that 3.5.0 is still not what I am looking for, and it still needs a lot of work.


Too Crashy

The viewer crashes, and freezes, for no apparent reason. It often just gets hung up and sits there loading, NOT a good thing when you're trying to fly or sail. Yeah, it's Mesh's fault, I'm sure of that.

*Ducks bricks thrown by the Mesh peddlers and their shills*

Actually, it IS Mesh's fault, in an indirect way. While perhaps Mesh DOES cause excess lag in sims that have an abundance of it, and it is known that the planes themselves have lag and border-crossing issues, the viewer crashes are most likely caused by the constant changes that Linden Labs create as they ineptly stumble along in a vain attempt to appease those who think Mesh is 'better.' Second Life was never designed to work with Mesh, and now that LL went ahead and implemented the needed changes, there is no turning back. The fact remains that the current servers are not able to handle it, yet we keep trying change after change to see if any improvements can be made. This is something akin to having an amateur mechanic attempt to repair your car when they really don't know what they are doing, and they keep trying out new parts (at YOUR expense) to see if maybe THAT will finally fix the problem instead of actually getting a hard diagnosis, and addressing it directly. Linden Labs really doesn't know what to do, but in their minds, at least they are doing something, even though said efforts are ineffective.




Yet Another Viewer: Singularity

It was brought to my attention yesterday that I was mistaken (Thank you!) when I mentioned in my 'The New Viewer' post that I thought that Phoenix 1185 was the last of the V1-type viewers. It seems that Singularity is now the way to go if you're looking for a V1-type interface. I was right that Phoenix 1185 is no longer available for download, but the good news is that Singularity still has all their older viewers listed for download. The last non-Mesh viewer available on Singularity's download site is version 1.5.10. It will be the only V1 interface remaining that will work in SL when the next changes come about. Singularity officials are quite steadfast about preserving the V1-type interface, and thankfully theirs will remain. Their newer Mesh viewers are also configured with the V1 interface, if I'm not mistaken. HERE is the URL for the Singularity web page; look in the sidebar for their downloads page.


I noticed a couple other things with the Linden Labs viewer, and possibly with any other new generation viewer. One, I noticed that the standard invisiprims (such as those used with shoes) no longer work. Instead, Alpha masks replace these in service. Fortunately, these Alphas also work with the older viewers. Also, it seems that the graphics settings are different enough that the use of a face light washes out one's appearance with a bit too much light, but NOT using a light leaves the face in shadow. I fiddled with the settings a bit, but I decided that things simply do not look as good with these new generation viewers. Those who were weaned on V2 will never know the difference, which is what LL was counting on. Another thing, which is important to me, is that Phoenix still has TONS of extra features that the LL viewers never did. If you go to the 'About' page on the above-linked Singularity web page, you'll see many of these features listed. Those who never strayed from the LL-specified viewers will be surprised to see what they have been missing. Going back to a Linden Labs viewer is like driving a stripped mini-van with no air conditioning. It'll get you where you have to go, true enough, but it's just not as nice as driving the Escalade you were already accustomed to. I am still using Phoenix, and I'll continue to use it until LL finally 'fixes' things to the point where it will no longer load. Then I'll move on to Singularity.


~Jamie~

Public Service Announcement

I'll keep this short. I know I mentioned Cubey Terra twice before, and I gave an URL to his online store, explaining that many of his things were free. I hope you took advantage of that, because he has pruned his pages and much of it is gone. HOWEVER... he has made all the rest of it for sale at only L$11!

That's right, everything is now selling for just $11 Linden Dollars, including both versions (civilian and military) of his classic Stearman biplane, his helicopters, and his wonderful hot air balloon! These previously sold for a lot more, and I know I paid full price for them. Now's your chance to get them all CHEAP, before they disappear forever. These are all classics, and they won't be around forever. The advent of Mesh has all but killed the Golden Age of Second Life Aviation as we knew it. Gone are that days when residents actually built aircraft, instead of simply uploading a texture that they bought and saying they built it.

Once again, HERE is the URL for his store on Marketplace.




Above, the civilian version of Cubey Terra's PT-17 Stearman, on sale for L$11 on Marketplace. Get one before it's too late!


~Jamie~

The NEW Viewer

OK, I went ahead and got the new LL Viewer, 3.5.0. I won't bother to post a link, as most n00bs probably already have it, and many others have variations of V2, which is the Mesh one. Now before the content creators and their shills laugh and say they were right, I'll laugh right back in their faces and tell you that Phoenix 1185 is alive and well. I did not change over because I was finally forced to, in fact, quite the contrary. I tried it because of recent talk that it was supposedly close to what some call a 'third-party viewer,' whatever that means. I assumed that they meant it wasn't like their V2-based interfaces, which, to the newer members of Second Life, is the 'normal' viewer. Remember, when the awful V2 viewer was released, people were appalled, and LL fired the person responsible for creating it. Oddly though, instead of apologizing for the mistake and recalling V2, LL chose to trudge awkwardly and blindly ahead with it.

This release was met with mixed emotions; some people sheepishly accepted it, some chose to go with one of the so-called third-party viewers, and some clung to the normal (non-mesh) viewers. Subsequent updates implemented by Linden Labs rendered many of them unusable, most notably the popular Emerald viewer. This left those of us with the more independent minds in a quandary. Some made the switch to Mesh, despite a rather poor selection of available viewers. I am one of the hold-outs who ended up with Phoenix, and it's still my viewer of choice.


Shills and Control Freaks

The shills and control freaks will whine that I should have just gone to a Mesh viewer. Maybe I should have, but I still have my reasons why I didn't want to. I'm not like those people who just follow along quietly. I know what I like, and if I am going to change, it's going to have to be for a good reason. I could see no good reason.



First of all, I did not want to learn how to use SL all over again. Everything in Viewer 2 is different, and reversed. It's change for the sake of change, making things all 'new' again for no good reason other than perhaps job justification. I suppose they do have to be able to justify their existence at LL, but at what cost? In this case, that person lost his job. That says a lot to support my opinion of this terrible interface.

Yes, I said 'interface.' It's not so much the Mesh-enabled viewer itself that was a bad thing. It's normal for something new to have bugs, especially when it is something built by Linden Labs. The big problem here was that the entire interface was changed from what we all knew as being something very intuitive to a clunky, awkward abomination that left the user searching for features that were either hidden, rearranged, or were no longer even there. Phoenix 1185, I believe, is the last of the old-style viewers, and I don't think it's even available for download any more.

Second, Mesh was still pretty new, and not without its faults (and it still isn't). Not being a sheepish follower, I refused to buy any Mesh products at all. Since I was still using the older viewer, I could see what Mesh really looked like. I am the type of person who cares what they look like, and I certainly did not want to look like those Mesh people. The planes looked terrible, and the Mesh clothes and hair looked even worse. As long as I knew that people in SL still could see Mesh that way, there was NO WAY that I was going to end up looking like a blob.




It's 'BETTER'

Here is a little secret, perhaps I never told anyone before: I have installed and tried some of the Mesh viewers, and I have looked at and flown some of the Mesh aircraft. Shhhh... Traitor, you say? Hardly. I wanted to see for myself rather than just harbor opinions gathered from talking to others and from reading online reports. I never saw ANY report saying why Mesh is 'better,' and after looking at some of the Mesh items with the newer viewers, I was left wondering WHY Mesh is supposedly better. They fly exactly the same, although maybe laggier at crossings. The flight characteristics are still the same; they are no better than their prim and sculpted predecessors. The textures aren't any better either. The same person who drew them for the sculpts is drawing them for Mesh, and the line quality is the same. So, why is it BETTER?

I'll tell you why it's better. It's better for the builder. There is NO advantage for the buyer or for the user whatsoever. It's all about marketing. It's easy to upload a Mesh product and it's even easier to texture one. Anyone who is skilled with Photoshop, Paintshop Pro, or even Gimp can easily create wonderful new textures for Mesh. In fact, some are even charging people for that very service. It's so easy a caveman could do it.

I mentioned earlier that I had just installed 3.5.0. It's really not too bad, after a bit of tweaking. Feature-wise, it's pretty bland. After using Phoenix and Emerald for so long, it's hard to go back to something so basic, but it works. I must admit though, it's nice to not have to look at those Mesh boxes and blobs. NO, I am NOT going to start buying Mesh. I have already explained why I don't care for Mesh in an earlier post. Do I have to repeat myself? Maybe I will anyway, later. But regardless, that's not what I was getting at. I was discussing how easy texturing these things is now.

I was given a freebie Mesh helicopter. I never looked at it before, but since I had just set up the new viewer, I thought, "Why not?" I opened the box and rezzed the heli, and I must say, it looked really good. The proportions were right on, and there was a lot of detail (well, texture detail, anyway, but it looked good). It came with a set of perm textures, and when I had a look at them I realized that YES, it would be a simple matter to take these textures into Photoshop and alter them. I might even start a business doing this now. In fact, I had another idea.




One thing I noticed in my initial tour using this new viewer is that there are all sorts of new and interesting items in SL now, and they are all Mesh. I never noticed before, because to me, they all looked like blobs and boxes. The one thing that really got to me though was this: People who previously had mediocre or NO building skills whatsoever are now cranking out perfectly-proportioned and textured models at an almost alarming rate, and these models show those same unskilled 'builders' as the Creators. Wow. Granted, some of them were already builders, so I can't take credit from them, but SOME of the names I have seen are among the most inept and unskilled builders I have seen, yet here are all these seemingly perfect builds. What is happening here, for those of you who are too naive to realize it, is that many of these so-called 'builders' are merely downloading their products from one of the many online 3D model warehouses such as Turbosquid and the rest. Yeah, NOW you know what I'm talking about. THAT is why there are so many new Mesh builders. They really didn't 'build' anything. But that's OK; the n00bs won't even know that in SL people actually used to really build things, and they did it right here, in-world, piece-by-piece.




Mesh has taken the creativity out of building, but no one cares. Quality no longer matters. It's now just an illusion, and people are scrambling to cash in on it before it all comes crashing in on itself. Maybe I'll start doing that too. LMAO... This doesn't mean I'm going to start flying them though, I'll just download them and sell them, like everyone else. Sure, some of these Mesh objects look good with the right viewer, but I wouldn't want to be seen flying any of them. Not that there's anything WRONG with that...




~Jamie~