The Bitter Harvest: The Redzone Saga Continues (Linden Lab Has a Problem on Its Hands)

Last week, when I signed off on this column, the world was a little different. The JIRA regarding RedZone, the privacy invading device masquerading poorly as a security system had languished, unassigned to a Linden Lab employee for nearly two weeks, despite the obvious support it had from the community. RedZone had been removed from the SL Marketplace (various rumors swirled as to who pulled it down and why, but the reality is it just doesn’t make any difference).

Finally, I had no idea when I wrote it how far it would travel or how many people would read it. To say I was surprised would be a huge understatement, so for all those who did, and posted it all over creation, thank you very much.

But it’s a new week, and news seems to generally break on Thursdays. This week is no exception. There’s a lot to cover here, and many dots to connect to get a complete picture of the situation as it now stands.

The JIRA Follies

On Tuesday at approximately 4:15 PM ET, the JIRA regarding RedZone was finally assigned to WorkingOnIt Linden (which is the generic account name used for problems under investigation) by Dessie Linden, the person in charge of Second Life Viewer releases. At that time, speculation went wild as to what a potential solution might be.

During this time, zFire Xue, the creator of RedZone tried to soothe potential panic on his own forums, pooh-poohing the entire thing, and claiming that the solution would do nothing to stop RedZone.

On Thursday a change in Second Life’s Community Standards was announced. This was followed shortly after by the closing of the JIRA by Zidonuke Ghost (for those who just went o.0, just start here, and read the next 5 pages or so. It’s enlightening — some language is NSFW), who is not a Linden at all — merely someone who has signed a Contributor Agreement with the Lab, and has abused the privilege of editing JIRAs before. At that time, he claimed, “Now we can close this. Issue is resolved and redzone is conforming to this policy now.”

This is untrue for several reasons (not to mention that he’s in no position to close JIRAs anyway, despite having the ability to do so), but we’ll get to that in a minute. In the meantime, the JIRA was quickly reopened, is as of this writing still live, and still assigned to WorkingOnIt Linden. Here’s the screencap for posterity:

Working on it JIRA

But why did Zidonuke think that this issue was resolved?

Changes in Community Standards

On Thursday afternoon, word came down that the Second Life Community Standards had changed. The relevant changes were as follows:


“Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about a fellow Resident –including gender, religion, age, marital status, race, sexual preference, and real-world location beyond what is provided by the Resident in the First Life page of their Resident profile is a violation of that Resident’s privacy. Remotely monitoring conversations, posting conversation logs, or sharing conversation logs without consent are all prohibited in Second Life and on the Second Life Forums. “

New (changes bolded by me for emphasis):

“Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about your fellow Residents without their consent — including gender, religion, age, marital status, race, sexual preference, alternate account names, and real-world location beyond what is provided by them in their Resident profile — is not allowed. Remotely monitoring conversations in Second Life, posting conversation logs, or sharing conversation logs without the participants’ consent are all prohibited.

Don’t Celebrate Yet

At first glance, this may seem like it solves the problem. It doesn’t — at least not right away, and without additional measures. But first, let’s see what zFire said about the change:

“Hello RedZone owners. After talking with Linden Labs over the past month we have reached an agreement. Effective now and retroactively the RedZone system will request Consent to display alt name information. LL policy will reflect this change by tomorrow the 25th. The zRZ HUD will now request consent much like a bloodlines bite. The zRZ Website now offers a system to send an IM to request consent for a zF RedZone Alt Background check. The system is already in place, new functions and consent methods will be offered as we discover how best to implement this feature. Linden Labs has been good enough to suggest many ideas that settled on this one. Alt names can still be viewed to settle disputes, run security background checks etc.” -zFire Xue

Aside from the fact that he clearly doesn’t know the meaning of the word “retroactively” (which is important for reasons he obviously hasn’t figured out yet), what he’s saying here is this:

The scanning without knowledge or consent will still continue. However, there is no way for a RZ user to look at the database of alt names without first obtaining consent from the person they’re attempting to look up. This consent comes in the form of a popup, much like it has with HUD based games such as Bloodlines in the past.

New HUD Dialog

Later, he went on to say a few more things he’s likely to regret later. Let’s show a few of those for posterity:

by zFire Xue âï¿Â½ï¿Â½ Thu Feb 24, 2011 1:10 pm GZ did not win per say. This could be temporary. If 20000+ Tier paying residents united against 700 GZers, I would expect yet another change. The RedZone system will still ban alts of people on your ban list, as well as alts of Copybots. Also provide a way for you to view alts if someone insists they are not someone else, ask them to prove it via a background check.


“you can and will still be able to detect alts. Just wait and see what we have in the way of methods of accepting consent as the days go.”

And my personal favorite (I love this one, it’s still making me laugh):

“I will make more stand alone objects, free for zRZ owners, that include auto-consent functions if they remain in the sim 60 seconds or longer after being given a notice that they must leave within 60 seconds or will be considered as accepting consent. 60 seconds is more then enough time.”

All of these statements are problematic.

A Lack of Understanding About What’s Really Going on Here

First, there’s the whole issue of “retroactively“. You can’t retroactively ask consent of anyone. In this particular case, no one gave consent, retroactively or otherwise.

If the Lab really did tell him he’d need to get “retroactive” consent from everyone in that database, he’s got a big problem on his hands, because he has no way to do that without a time machine. If the Lab did indeed use that word to him, then what they were really telling him was that every single alt lookup that happened before the new consent popup was in place was against TOS, which would poof his product right out of existence. He had better hope that “retroactively” was his word, and not one the Lab used.

He’s also mistaken in his notion that this is about Green Zone users vs. the rest of the grid, and critically so. It’s actually more like Red Zone users vs. every single person they’ve ever scanned and logged without their consent or knowledge, whether they have ever heard of Green Zone (a device which can detect a Red Zone scanner) or not. (Also, he doesn’t know how to spell per se.)

It seems clear that he’s already trying to find loopholes and ways around the new change, by fudging what consent really means, and how to obtain it. He has no intention of actually doing the right thing here — his goal is to keep his cash cow alive for as long as he can.

Finally, he doesn’t know that there is a legal meaning (and difference) between implied consent, and express consent, which any contract lawyer would tell him in about 10 seconds, if he would bother to consult one.

The reality is that he can’t do what he’s claiming. He can’t decide that silence=consent, when the Lab has not given any indication that implied consent is on the table.

In fact, the fact that explicit consent is required was confirmed by Soft Linden on the Jira on Friday:

“@deety, Treminari – The ARs that got some products taken down were based on disclosing alts without consent. If you can demonstrate that anyone but the single database owner has access to alt lists without appropriate, explicit consent, please file an AR for that.” – Soft Linden

What, for example would happen if the person seeing the popup didn’t speak English? Does this mean that in the 3 minutes it takes to get a translation they’ve consented to having their alts outed? Of course not.

The word consent has specific legal meaning. What he thinks it means is implied consent, which is absolutely not what is written in the Community Standards.

But zFire has more issues than this to contend with in the area of consent. Hold that thought. Before we get into that, let’s talk about why the Lab didn’t (and can’t) simply ban RedZone outright.

The TOS Problem

Last week, we talked about the Second Life TOS part 8.3. However as Ciaran Laval and Prokofy Neva correctly point out, this is not the only part of the TOS that’s relevant here. The other part is 4.3, specifically the last paragraph:

“The Service may contain links to or otherwise allow connections to third-party websites, servers, and online services or environments that are not owned or controlled by Linden Lab. You agree that Linden Lab is not responsible or liable for the Content, policies, or practices of any third-party websites, servers, or online services or environments. Please consult any applicable terms of use and privacy policies provided by the third party for such websites, servers, or online services or environments.”

This paragraph does two things. One, it protects the Lab against being sued for the actions of third parties (so, for example you can’t sue the Lab because of zFire’s database). But it also allows data harvesting, period.

This is not to indicate that by allowing such a thing to take place, it is intended as an endorsement of the activity. The word “may” is not a word of permission here — replace it with the word “might,” instead to understand what it’s saying. In other words “this stuff might happen, and if it does, you can’t sue us for the results.”

This is a hole the Lab can’t close. Why? Well first of all not all data harvesting is necessarily bad — some of it is really harmless. Things like sim statistics, for example. But more importantly, it has to do with the Lab’s long-range financial plans.

The Forums and Harvesting

In a spectacular case of bad timing, this entire issue has come down while the official Second Life forums are in read-only mode for a software switch to a new system called Lithium. Cutting a long story short, the primary reason the forums are being switched to this system is because it incorporates Facebook and Twitter widgets, that you can’t opt out of.

Understand that Facebook and Twitter both harvest data on a massive scale. As I predicted months ago, the Lab is moving ever closer to integrating with these larger social networks. They can’t close the hole in the TOS or it will kill this partnership.

Consent Implies Infallibility

After this change in Community standards was announced, zFire (under his business alt, theBoris Gothly) put RedZone back up on Marketplace. But as I mentioned last week, the system is critically flawed due to how it matches people via IP. He believes that these issues are at worst, irrelevant (in the case say of an entire internet cafe, or a dorm being banned) and a feature at best (as in the case where multiple members of the same household share an IP address.)

However he also seems to be under the persistent delusion that if people share an IP, they automatically can consent for one another when choosing to allow RedZone to show the names of alternate accounts:

Originally Posted by zFire Xue
Originally Posted by Chrissy
Let ma ask the following .. what if one of the accounts is a false link ? Lets say i have a friend using the same computer . His accounts will be considdered my alts . so now if he gives consent all my alts will be revealed as well . in that case i would write an abuse report to LL because my alts would have n been revealed without my consent

Did you Consent for your friend to use your computer, and Consent for him to grant Consent on your behalf also? If not, perhaps you should double check with who you allow to use your computer. I question people who say “It wasn’t me! It was ‘my friend’ who I let use my account, computer, password, etc”.

It will never be enough for GZ, what is the point of a background check if they are going to be selective about the information in the background check? Accept or do not accept, that is my final answer.

That’s cute, except consent doesn’t work that way.

Due to the way the system matches people with IPs, there’s a good chance that the others your account has been matched with are people you’ve never heard of in your life. There is no way that you giving consent, gives consent for all those other people.

But it also assumes that even people living in the same household automatically have the right to consent to things for other people. This is patently untrue, and gets much more complicated when one of the people in the household is under the age of 18.

Or did we forget about the whole Teen Grid merger so soon? You see, teenagers get special protections that adults don’t get, and since the Lab has gone so far as to attempt to control Marketplace listings using nanny via keyword, do you think they will take kindly to the potential of the accounts of teenage residents being outed because zFire doesn’t understand how consent works?

In order to get consent, you’d have to get consent for every single potential alt account — because the alt matching is not infallible (by any means), and zFire (as evidenced above) has no intention of doing that. He makes the broad assumption that everyone on an IP address has the right to consent for everyone else using the same IP. The repercussions of that ought to be fun to watch.

So What Now?

This is only the beginning. As I said last week, there is something that will kill this thing dead — and that is to close the hole in the media protocols in the SL viewer that make RedZone’s scanning possible.

That code patch, written by Sione, has already been offered and inserted into the Cool Viewer as well as the Phoenix codebase, and will eventually be ported out to Phoenix and Firestorm as well as any other viewer that is willing to take it on. Jessica Lyon, the head of the Phoenix/Firestorm project announced that on the RedZone forums, citing the Phoenix team’s official stand of neutrality on the issue, and predictably, the response has not been favorable. For example:

“I mean Phoenix really rubs me the wrong way. It also turns RZ into nothing more then a very expensive and laggy security orb that at best gives false comfort.”

News flash: That’s all it ever was anyway.

More to come, gang. This one isn’t over yet by a long shot.

Related reading

bing ads trending queries and broad match