Being Bad For Great Justice: A New Privacy Scandal Rocks Second Life


“It’s all fun and games until someone loses an eye.”

In keeping with the tradition of “skip a week and all hell breaks loose”, here we go again. I started the week thinking I’d wind up writing about the release of Mesh to the full Second Life grid (which happened on Tuesday) and what that could potentially mean for the future of of the platform. It did seem like an obvious choice a week ago. Cool new technology, some upsides, some downsides, some things that need clarification. Seems reasonable enough. But the universe had other plans.

Three weeks ago, I wrote about the fact that though Linden Lab is pushing many new features to the platform at an impressive rate, and seem to be listening to their user base far more than they have in recent years, that there are still serious issues that are not being dealt with, particularly in the area of security. I had no idea at the time how quickly we were going to be revisiting that topic, but boy oh boy are we revisiting it now.

In the past week, I have written thousands and thousands of words, and I am still not entirely sure how to summarize all of this so it makes sense. But I’m going to give it a shot. Bear with me a little – this is assuredly going to be a multi-part series, because here we go again

Conflict On The Grid

From its earliest days, Second Life being the type of platform it is, attracted its fair share of technically minded people. Creative minds obsessed with what could be done with pixels and scripts.

Because of the open ended nature of SL, that creativity manifested itself in infinite ways. Just like the people who created them, their creations ran themselves along multiple spectrums.

But some people just liked to have fun at the expense of others. They fancied themselves jokesters, that didn’t know when to stop. This is particularly true when getting caught or any serious consequences were unlikely. Even though they thought their actions were funny, their victims would not agree (that was rather the point), and some people and places were definitely a more attractive target for these folks than others. Of course, the reactions are what they were after, and these griefers tended to gather anywhere they thought they would get the “best” reaction.

This is not an issue unique to SL, of course. Trolls and griefers have been with us since the days of BBS boards and usenet. Practical jokers are still alive and well in the real world and some jokes are meaner than others.

Some people take a joke better than others, too. Nothing new there. But the possibilities certainly became more interesting in a virtual world, especially as griefers could find one another and join forces.

Though Linden Lab gives a variety of tools to residents to control their SL experience, many of them devoted to security, if we learned nothing else from the Red Zone scandal months ago, is that for some people those tools are inadequate. Because they are not getting the support they need from Linden Lab, they turn to other sources to get the security they need.

Much like the guy who electrifies his fence around his house because the local kids won’t stop trashing his flowerbed, you wind up with people turning to solutions out of desperation that are not particularly well thought out, and potentially dangerous to innocent bystanders. That’s not to say the griefers are harmless. They’re not- really and truly. The damage they have is cumulative, and it’s not only psychological and emotional, it’s financial and it’s real.

But out of desperation and frustration, people turn to solutions that are not only poorly thought ought, but potentially dangerous.

A Failed Model

The ethos that started Second Life was created by its founder, Philip Rosedale. I’ve talked here before about how he is a very idealistic person, and believes in the most hands off system possible in terms of Lab involvement with the user experience, in order to allow people to express themselves as freely as possible. There’s a more cynical side to that, though.

When you have a hands off policy, you don’t have to pay many people to deal with problems. It’s a significant savings, in terms of how many employees you need to carry and how much you have to pay them. Considering the fact that it has been reported that Linden Lab is making a $100 million a year profit, I think as a money making strategy, it’s been effective. However, that’s come at a great cost that’s now coming home to roost over and over again.

Because of the hands-off strategy the Lab has employed these many years, a situation has developed where griefers to one extent or another have bounced along their merry way, particularly on the mainland. The reason this problem is more common on mainland than on private estates, is because mainland sim owners have less control over security on their land than private estate owners.

Linden Lab is supposed to be ultimately managing mainland property. In addition, because mainland sims tend to be adjacent, attacks can easily carry over from one sim to another. Private estates not only have better controls but are generally a little more geographically isolated so they are less likely to be hit by the residual effects of an attack elsewhere.

But mainland is significantly less expensive than a private estate, and cost is often a factor in people’s choices inworld just as it is in real life. As much as I hate to make this comparison, for years the Lab has rather used slumlord management techniques, not stepping up to the plate to deal with ongoing security problems in an effective manner.

People on private estates have a much easier time dealing with problems themselves. People on the mainland often found themselves frustrated and bewildered by a lack of support and response from the Lab, and were in essence told by the Lab’s actions that if they wanted security, to go to a private estate.

They don’t do that. What they do is reach out in desperation for other solutions. Sometimes, those solutions only add to the problem.

The Rise of the Mall Cop

Nature abhors a vacuum. A void sufficient to be noticed will be filled.

Such is the case here, and various “policing” organizations sprung up on the grid to fill it. Their stated goals generally run along the lines of “community outreach”, “volunteer security”, and “making the grid safer for everyone.” A number of organizations do this, but they all have one thing in common: they aren’t Lab employees and have no official sanction from the Lab itself. But since the Lab can’t be bothered do to this job themselves, and these groups are willing to ostensibly do it for free, they allow it to occur.

However, the Lab also isn’t vetting these groups, either. In something fashioned after Lord of the Flies, they’ve more of less let the grid fight it out for themselves in a huge power struggle.

Just like some folks are attracted to being griefers, some are attracted to being a different kind of bully. Like the stereotypical painting of a mall cop, these people are attracted to “policing” people in all kinds of ways and for all kinds of reasons. They have no real power at all, but envision themselves as the head of the NSA. Because they aren’t reined in, things have the potential of going much, much too far.

They’ve gone much, much too far now.

It would appear that at least one such organization (The JLU – this wiki link is, shall we say, in need of updating) has stepped well over the line in their crusade for an orderly grid, and is not only correlating and amassing things like alt data, but is in fact amassing full on dossier information on people’s real lives, including jobs, medical conditions, and family information, including information about their children.

Further, it would appear that they are working in concert with other (unvetted and unsanctioned) organizations to carefully circumvent the spirit (and in some cases the letter) of the Second Life Terms of Service, quite a number of data protection laws (international and domestic), and might be running afoul of regulations like COPPA and HIPAA privacy statutes. They are almost certainly breaking quite a number of cyberstalking statutes, all in the name of their “crusade for great justice”.

Oh, and by the way? They’re putting all this personal information down on an insecure wiki site that has been cracked more than once, and refusing to take down people’s data when asked.

Oh. One more thing: they’re not just doing this on people they suspect or know to be griefers. They’re doing it on anyone who catches their interest, even if they have nothing to do with griefers at all.

Oh yeah. They’re also fashioning their personas after DC superheroes, whilst violating DC’s IP rights, and they are well, well through the looking glass in terms of how seriously they take their roleplay.

They don’t think they’ve done a thing wrong by the way, and insist the only problem is the leaking of the data – not the data itself, or how it’s kept.

Members have openly scoffed at the notion that keeping this data is dangerous to people’s real lives, insisting that since they don’t have any problem with it, no one else should either. And there is evidence (quite a bit of it, frankly) that they are willing to not only tap dance around the Second Life terms of service, but real life laws (and breaking several areas of both), and people have been threatened for speaking out against them.

This is a huge story, full of zany characters and amazing plot twists to be sure. But I don’t want to lose focus on what really is the issue here. Given the nature of the story, the claims and the evidence to date that’s really easy to do. The issue overall is not this specific group, or their enemies per se. It’s this:

Until Linden Lab starts actually managing their own (virtual) land and dealing with security issues in an effective manner this problem and others like them will continue.

Hang on tight gang, things are going to get a little crazy.

Image credit: Economic Engineer

Related reading

webinar marketing