« Tuesday Machinima: Lyric Lundquist Explores Insilico in Wireframe (And Celebrates Her Birthday This Week!) | Main | Losing Night: The Woman Who Abandoned Her Avatar to Save Herself, Only to Have Her Avatar Save Her (Guest Post) »

Wednesday, August 25, 2010

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Jovin

Interesting point, doesn't it also beg the question about the forthcoming 'Display Names' changes too? Do we really need another layer of identity obfuscation in Second Life or should there now be some limits - like preventing anyone using a display name that's (virtually) the same as someone else's' account name?

Psion

Anyone who treats a display name as anything other than a temporary tag is a fool.

Nalates Urriah

In RL real names and problems have a law enforcement agency to control problems. There are well known and often enforced penalties for violating laws.

In SL the enforcement of rules/laws is nearly non-existent. It isn't like SL can't log things and track players down. But most of their power stops at the boundary of the virtual world.

Until something changes, (better enforcement) use of RL names in a general sense will create more problems than solutions. The JLU showed that LL enforcement could be gamed. Without virtual courts and appeals processes, some kind of justice system, virtual worlds will be open to similar problems.

Even in RL it is possible to create fake ID's and steal ID's. With SL as long as funds are delivered how much checking of a RL ID would LL do?

Names are a contributing factor but I see them as more the symptom than the problem.

nexus burbclave

Your counterpoints about Madoff got me rethinking things a bit. I still believe there is a lot of value in anonymnity, so I'm not ready to throw out the baby with the bath water. However, perhaps there would be value in trusted (voluntary) independent third party certification, something similar to the way domain certification works. It could potentially work as a sort of identity escrow in the case of legal issues, and may even pave the way for creating legally binding contracts via an avatar identity.

Ann Otoole InSL

So what makes you think a clever black hat can't have a job at LL and install code in the system that uses the GPU when it is idle to crack all your passwords and transmit them elsewhere? Or at Microsoft for that matter? Do you think there is a way to stop it? Do tell because you will be a frikkin billionaire overnight.

This event is hardly different from the sort of kid crap that goes on in the FPS competition ladder clan world. Nobody calls the cops. None of them want to be investigated. Everyone has something to hide.

LL made the choice to open source and allow third party code to connect. Nobody forced them. LL made the decision to have a TPV directory that makes people think LL approves TPVs when in reality you use them at your own risk. LL made the decision to not have resources tasked to keep an eye on this crap even though many many people were warning them about the players involved. And then there is this rumor that LL knows who these players are, has already permanently banned them, and knowingly allows them back in. A favor they will not do for people that, for instance, used fake credentials to sign up because they heard of a data breach.

LL is as much to blame as anyone else. Which is why they have to tighten up the policies.

As for the event itself the victim did not file charges as far as I know. So if the victim is OK with being victimized like that well whatever. I guess it makes LL look bad. LL isn't banning the viewer. LL isn't banning the purportedly previously banned players.

I don't see this as an excuse to wipe 90% of the player base out with the stupid idea of forcing out identities. Only a total retard would consider that path. Blizzard learned the hard way not to listen to effing retards that suggested that horseshit. Countries are banning use of facebook for certain purposes. and on and on. Only total retards and morons even consider ending anonymity.

If you are worried about what some hacker might install then stay away from open source software unless you can read the code and compile it yourself. And stay off of the internet. You have better odds of malware and hacking by surfing the web anyway. Those hackers do it for real money and they are real programmers.

Hamlet Au

"I still believe there is a lot of value in anonymnity, so I'm not ready to throw out the baby with the bath water."

I agree, Nexus. I do think anonymity works relatively well in Second Life most of the time, and has many advantages. It's just situations where the stakes get higher as here where they don't. Adding a Facebook Connect/option to link avatar-to-FB profile would be a quick solution.

DMC Jurassic

"Business in whatever form is accountable and must ultimately set its foot down somewhere."

Galatea Gynoid

Indeed. If I know someone's real world name, I can tell immediately if they're trustworthy.

...wait, what?

99% of the time, people online are not one iota less anonymous if they use their real name. I know not much more about someone whether they're tagged as "Bob Smith" or "Galactica Cylon".

What's in a name? Not a heck of a lot...

Maria Korolov

Wagner --

Great post. I agree that there are time when you need to know that an organization exists in the real world.

If you're a company, for example, or a school, you're potentially liable if your staff or students are using malicious software.

Obviously, there's no guarantee that there won't be anything fishy coming out of, say, Microsoft. But at least with an established company -- with a real address, phone number, customer support staff, etc... -- your lawyers will know who to call in case of problems.

Yes, companies who make bad problems do get a lot of complaints from their customers. And maybe their employees have problems going out in public after a disaster -- BP employees saw that recently.

But the solution isn't to have all your employees and management be completely anonymous. The only organizations that work that way are criminal enterprises, hackers' organizations, and death squads of totalitarian regimes. Okay, that's a little unfair. There are also opposition groups in totalitarian countries that work anonymously -- to avoid those same death squads.

But a technology vendor doesn't quite fall into the same category as a human rights defense organization.

-- Maria

L. Knoller

Well, this whole "Emeraldgate" thing is just a tangled mess. But credit where it's due, Prokofy Neva, was right, or half right, or a little bit right, Proks (as well as the alphaville herald I believe) "anonymous" warnings about the history of the "anonymous" people behind Emerald were enough to get me to never use the thing.... (but maybe I'm just paranoid)

And discredit where its due too. The Lab, pushing out the widely loathed and hated V2, and basically saying to customers "Don't like it? Thats tough, go try a TPV."...while the Self Certification to get on the TPV list was and still is an absolute joke and I would suggest that the Lab itself knows its a joke with its "at your own risk" disclaimer...(at this stage I dont think you have to be paranoid for the alarm bells to be going off.)

In the article Jessica Lyon is quoted as saying "Linden Lab has my real life name, address, credit card info and all other information relevant." And thats true enough, it is in fact the central point of the whole sorry mess, the Lab is the entity that can cut through the anonymity and protect its customers... and what does it do ? it tries to minimise its responsibility.

The whole moral of the story is "trust no one"

Now to me the most interesting thing about this is: will people stop using emerald? and if they do will they move to a v1.23 or a v2 viewer.

.... wanders off to watch an episode of the X-files

Little Lost Linden

"I still believe there is a lot of value in anonymnity, so I'm not ready to throw out the baby with the bath water."

"I agree, Nexus. I do think anonymity works relatively well in Second Life most of the time, and has many advantages."

Agreed. SL is afterall, to many, just a game, a passtime and in order to play that game, you should not be required to give your rl creds out.

If you are using SL not as a game, but as a business, or playing it serious enough to cash out and hitting a tax bracket, well, many businesses and governments will require the rl info, and it makes sense in those cases, but it's one thing to give your info out to the government for taxes versus having to give it out to everyone inworld.

One doesn't have to look far at all to find cases of online gaming turned RL deadly.

http://rt.com/Top_News/2008-01-17/Online_game_rivalry_ends_with_real_life_murder.html

http://www.pcworld.com/article/121299/online_gamer_sentenced_to_death_for_murder.html

Lately everyone seems to be drinking Zuckerberg's kool-aid about how there is no privacy. The trend needs to be reversed. Maybe one of these days Facebook will pull a stunt that really pisses people off and wakes them up. Who knows. Too many sheep.

http://detnews.com/article/20100723/METRO02/7230405/Murder-charge-in-Facebook-feud


Renmiri

The curious thing about Emeraldgate is that everyone seems to be focusing on the denial of service problem, but the much more serious problem of saving user information on textures is not even getting mentioned. And serious it is. The data is saved on textures without the consent of Emerald users, and on Linux and Macintosh systems it can reveal the user's real name.

Ironic that the Emerald developers want to remain anonymous when their own viewer made possible for the "outing" of real life names of their users.

In essence what they did is no more than what youtube, Google, photobucket and others do: collect user data and save it. What was stupid is that while web browsers collect that information on an encrypted web cookie than can be accepted or denied by each user, their SL client collected it without any warning and saved it UNENCRYPTED to objects in SL, making it possible for anyone on range to view the information it collected.

But this kind of problem won't end with naming developers. After the latest wikileaks document dump I don't think anyone can make that case. Even the Pentagon is not safe against bad actors.

I think the ultimate responsibility lies on Linden Labs. They should test better the viewers they allow on their world. And they should require encrypted data on textures. This way at least we users only get snooped on by the original spyware developers, not by anyone in range :p

Unti Kamala

I think a couple of the points you make here are a little too bold.

First, while I'm sure there is a large number of people who like the bouncing breasts, it's less clear how much of Emerald's late success can be attributed to that. There are lots of features in the viewer that are far more useful for me than whether my breasts jiggle or not.

Second, you seem to be overplaying the effects of anonymity. While it may be true that anonymously voiced concerns are not seen as trustworthy as those signed by one's RL name, it is not clear how significant this effect is -- or how much this is balanced by the anonymity of the developers that have been accused of shady acts. Also, there are aspects of Second Life that are built on anonymity, and discarding it altogether would destroy a lot of what SL is.

Third, there are other reasons besides anonymity that have been enabling the Emerald issue to grow unchecked. I'd be surprised if most of the users were aware of the accusations before this month; sure, there have been rumours, but a lot of active SL users do not really follow the relevant section of the blogosphere. One of the lessons we should learn of this is that the current TPV self-accreditation process is not sufficient; there needs to be a way to voice concerns so that either someone with authority will check them or the user base will be made aware of them (and so able to make their own judgements).

LokiLoki

YAWN, so fed up with this emerald crap, can some one just PLEASE fix the shared media Landmark bug so i can build awesome shit in second life!

Masami Kuramoto

I find Jessica Lyon's concerns quite ironic, given the fact that members of her own team stalked other residents in RL, calling them or their relatives by phone, threatening them, or just collecting IP addresses of several thousand random people. She obviously knows what she is talking about.

http://www.youtube.com/watch?v=tNB1uDc6CBw

Winter Seale

I find that you really fail to make the case that anything would have gone differently if we'd had real life names involved. They still would have been nobodies that we've never heard of.

"This is not to say avatar names are inherently untrustworthy"
But isn't that your exact thesis?

I don't think you've actually manged to explain how real life names would actually help. Just whinged that people won't tie their avatars to their real life identities.

Adeon Writer

As long as I never have to create a Facebook account to use SL, I'm fine. I've never made a Facebook account (on principle), and I never intend to.

Ajax Manatiso

The Emerald team successfully branded a name that became a "household" word in SL and it is a shame it was totally destroyed by a single untrustworthy person. This goes to show you why there are background checks and such in RL when trying to obtain a position. One bad apple can spoil bunches and bunches.

Melissa Yeuxdoux

Speaking of absolute path names, they show up all over SL client debugging output.Does that bother anyone?

Adeon Writer

@Melissa, that's entirely fine, the whole problem was this string was being communicated over SL by being encrypted into textures. Surely the full path is all over the viewer any time a file needs to be written.

Viorel Daviau

Anonymity isn't a bad thing I don't think, but yeah, the team they (Emerald) mustered was partially populated with well-known tools. There are even rumors that the recently ousted Fractured Crystal will simply remain as an Emerald Team member as a clandestine unknown. Maybe it's just that--rumor. I would like to HOPE that it is, but based on their (repeated) shady past, would it really be that shocking if it were in fact, truth?

0hum.

Thing is, with online personas you can just do a change of the guard, come back & say "well, Fracture Crystal did that, but John Hancock didn't". As ignorant as it sounds, that's the mentality...

"Every account I did bad sh.. on got banned, but no, -I- am not banned"

Fail.

Renmiri

@Melissa:
What Adeon said. The problem is not you seeing your own absolute path names. The problem is someone else seeing YOUR absolute path on a texture on your avatar. And you having no control over it, nor Emerald having any responsibility for displaying it to strangers

Galatea Gynoid

@Winter: Not only would it not help, it would probably have hurt to a degree. Too many people would believe things would be different in that case, and thus, the use of real names would present a false illusion of trustworthiness, when in fact it would be the same people doing the same things under names that are for the most part equally meaningless to anyone but their next door neighbors.

Hamlet Au

"I find that you really fail to make the case that anything would have gone differently if we'd had real life names involved. They still would have been nobodies that we've never heard of."

With their real names involved, it's very unlikely they would have casually launched a DDoS attack or committed other potentially illegal/actionable activities.

Mako Mabellon

Hamlet: if anyone actually cared enough to do anything about the DDoS attack and the other potentially illegal activities, the fact that it wasn't done under real names would be no obstacle. There's a real name and real personal and financial details behind Fractured Crystal's payments for the Emerald server, as well as numerous other easy ways of tracing the people involved. In addition, the harassing phone call an Emerald developer apparently made to a critic of Emerald seems to be entirely traceable - not even a withheld number - and that still go ahead.

No, where mandatory real names would be helpful is for taking actions against things that are entirely legal. Don't like kinky sex? Contact the employees and families of those involved and it'll be over in no time. Hate furries? I wonder what their bosses would think if they knew their employees were a bunch of weirdos who went around pretending to be animals. Just taken a dislike to someone? Send a few threatening phone calls and mails and spread some rumours about them. All entirely untracably.

There's a reason people are cautious about giving out their real names and personal details online - it puts them at quite a lot of risk.

Hamlet Au

"if anyone actually cared enough to do anything about the DDoS attack and the other potentially illegal activities, the fact that it wasn't done under real names would be no obstacle"

Not sure I follow this. Far as I know, *no* DDoS attack has ever been intentionally committed by someone whose real life name was widely known. And yes, it is possible to identify someone through various means, but the barriers are extremely high, and by the time that process is completed, it's often too late.

And again, I'm not at all suggesting RL-SL linkage should be mandatory, it should be an opt-in registration, and I doubt 99% of the population will feel a need to use it. If you're just selling fashion or (to use your example) kinky sex accessories for a dollar or two each, your customers really don't need to know your RL details. But if you're distributing a TPV like Emerald? Yeah, I think it'd be a good idea to put your RL name or company's RL name on the product.

Viorel Daviau

That's not what he's saying though.

With having the (actual) name known/used, it's reasonable to infer that it, by itself, would be a deterrent to less-than-noble activity.

Fogwoman Gray

Really? REALLY?
"Bouncing Breasts" accounted for all the Emerald users? Really?
It could not possibly be the fact that the LL viewer was utter crap and horrific for building, managing land or doing anything besides standing around cursing trying to find where they had hidden all your frequently used tools. That would not explain it at all. Must be the breasts, then.
But hey, it sure makes a snappy headline!
As for the content, I have seen no evidence that immature idiots act in a law abiding and mature manner just because their real names are being used. Just pick up your local paper and look under the police blotter if you doubt that. The problem is not "real names", the problem is that nobody is held accountable under ANY name by LL. If you are going to give someone access to your customers and your code, it seems pretty frelling obvious that you MIGHT want to vet them first.

Talwyn Mills

Emeraldgate Illustrates Limitations of Trust Based Only on Second Life Avatar Names ONLY when the owner of that avatar is placed in a position of trust.

On a day to day basis, any old Joe Bloggs that I bump into doesn't need to know my real life name, age, address, telephone number, shoe size, hair color or anything else. I don't see the need to require any real life information to be disclosed to others within Second Life.

Linden Lab tried to get around this with its TPV Directory, they have real life info for each of the viewers on the list. Where they failed is allowing Emerald to be listed when there were certain untrustworthy people involved.

Ciaran Laval

"With their real names involved, it's very unlikely they would have casually launched a DDoS attack or committed other potentially illegal/actionable activities."

What makes you think this? People on the emerald team know how to contact each other, Linden Lab have some of their names from payment info used, the information is around, they have responsibility and links back to whom they really are, a real name in a big world does not make someone more responsible, this is one of the great Facebook myths.

Hamlet Au

I meant if they're names were known *publicly* outside the Emerald team or Linden Lab. And often, not even Linden has real life info on many/most of its users, only their IP addresses.

shockwave yareach

well, I cannot and will not accept that we all need to reveal ourselves to do X, Y or Z. SL is my playworld and I keep it seperate from my real life. While I am aware that big businesses cannot hire people with names like Jojo Elastikitty, the fact is that until real money in the real world and real contracts are involved, the real names can stay out of it.

What I would suggest LL do in cases like Emerald is just give the FBI all the data and let them go out and arrest the twits for federal computer crimes. LL banning and permabanning or even revealing a name has not done one thing to dissuade these evil punks. So perhaps telling everyone that all their info and names and activities to the feds would finally get the cracker community's attention.

Arcadia Codesmith

Lack of anonymity has a chilling effect on the free exchange of ideas. While I'm sure we can all think of exchanges that could use a good chill, I have to err on the side of protecting expression. Not all of the costs of freedom are accounted in blood.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name is required. Email address will not be displayed with the comment.)

Wagner James Au
Wagner James "Hamlet" Au
Dutchie Summer Special
Nylon Pinkney Outfitters in SL
SL Hair Fair Wigs for Kids benefit
my site ... ... ...