*API-FYI*
There are a lot of misconceptions, misdirections, and outright untruths running around in SL about API's.  One of the best tools in misdirection (implied lies) is in the definition of words, or more precisely, redefinition of words.  API, innocuously enough, stands for Application Program Interface, which in SL world is a program application that is outside the confines of SL and LSL language.  An API is invoked if you interact with an object that talks to an off-world server, or click on a link to a web site.

All voice and media work through API's, but also many things that, because of relative seamless continuity, you wouldn't think of as using an API. Even though LL has a strict policy for the API,  an API is outside the control of, and not subject to  LL and the TOS  unless the managers of it choose to be.  LL has an API service that requires a strict adherence to TOS to be able to use (http://wiki.secondlife.com/wiki/APIs_and_Web_Services_Portal), but this is not required to make an API work and the resident has no real way of knowing which is which without voluntary disclosure.

If you click a link from inside SL, your information is carried outside SL into the "wild west" of the internet .  Common programs used for off SL servers are PHP and SQL, and anyone versed in those languages knows all about how to extract information from your "ping" to identify and classify you.  The process is called "packet sniffing", and is very VERY commonly used by normal internet sites to drop your information into an SQL database for analysis and marketing later on. In fact that is precisely how you get spam from web sites that you visit.

When information like your IP address (even mac address of your modem if the sniffer is talented enough) is linked to your AV name in SL, and then stored in a data base, then when you get sniffed again and another AV name with the same IP (or even mac address) it can be linked together to tell the operator that the two accounts are alts. This was the basic concept behind the Redzone "security" program that was banned by SL as being an invasion of privacy and a violation of TOS.  The IP and MAC associations can be traced in common programs you can get online that will locate where the person sniffed is in the Real World.

In the DJ world in SL, sniffing the information passed through your browser with media enabled, gives the DJ a lot of information about you. They MAY not track and compare alt information on you, but they certainly can.  This is NOT a violation of TOS primarily because of the disclaimer information in SL on the use of media and voice, and because you select to use them. The ox on which the TOS was gored with Redzone was that there was no disclosure to residents that their information was being traced and compared to an alt database.

The guy who made Redzone ended up IP banned and in jail, but the loopholes in the browser and in SL regarding your privacy are still there.  At the time Redzone was working in SL, any sim owner who used it had automatic access to the alt database, but that same database was also suspected of being SOLD to others in separate deals with the Redzone maker.

As far as I know there is no way of knowing who may have bought the database and is continuing to identify everyone's personal information and alts in SL. Certainly they used the example of what happened to the maker of Redzone to keep quiet about tracking you, so you may never know who figured out that FurryWolf Avatar is also XXXNakedCandyDD Resident, especially those inside a community where esteem and reputation may be important to them.

In addition to being an undisclosed invasion-of-privacy spyware, Redzone was also error prone. Anyone who used a military or university network node out to the internet was likely to have their IP associated with others who also went out on that node. In their database my information could be linked to any other's who also used that node.  Most people used Redzone to simply spy on the people who came into their sim, while claiming it helped prevent "griefing" attacks and copybotting by people who would alt in after just being banned for griefing.  It was used to ban access or services to certain people, based on their IP address, without any notification or explanation.

I share a lot of RL information (I've been told, WAY too much) with people in SL, and I always have. I don't, and never did, use alts to grief or annoy people in SL, but I know in certain groups alting is practically a religion practiced to spy on and manipulate others in SL.  Because of voiceprint ID and other security problems associated with SL Voice and Skype, I'm not even allowed to use those security holes, and was specifically told not to. 

My objection to Redzone has always been on principle, and I view the undisclosed stealing of personal information as utterly unethical, and depending on how it's used, criminal. If they're going to take and use personal information from people using their products or services, you have the right to know and make the choice to use it or not. Of course if they do that, they will lose customers, so they don't want to, or might lie about it.

There are many people in SL who don't care about their information, and between facebook and twitter they indiscirimantly toss it all over the internet.  But they MAY object to it if that information is used to discover their alts, or used to ban them from using components of products that they paid real money for with the reasonable expectation that their function would not be diminished at some point in the future, and for reasons they aren't aware of.  Products in SL that are linked in function to an API are very susceptible to being rendered inoperative in the future, and if buyers are not provided with the disclosed risk of buying them at the time of purchase, in my opinion it borders on fraud. 

Even if you don't mind your data being used, and trust the people who are controlling the API, what happens if they simply get bored with SL in the future? What happens if there is a drama dispute between the people paying for and controlling the off-world API, or they can't or wont pay for the servers any longer?  Your products that depend on that API for some or all of their functionality (and you may not know exactly how much of it) will be diminished in use and value.  If you decide you have a civil case and want to sue them to recover your loss, you don't even know for sure if you CAN in the country they live in. Certainly it becomes more expensive to do so.

Be careful about what you buy, be careful of objects in SL that use off-world APIs, and be VERY careful buying them from people who are dishonest or negligent enough not to disclose your risk to you before you purchase. Remember that this is "just a game" to many people who control the use and value of what you paid real money for in Sl, and they may very well believe they are justified in devaluing your property because of some SL drama that has nothing to do with you, just to preserve their "game".

MeganAnn Mills