"Second Life Rocked by Denial-of-Service Attack Involving Anonymous Avatars, Open Source, Bouncing Breasts" is my summary of the Emeraldgate scandal for Social Times, and while the title may seem somewhat salacious, it is very true that Emerald's addition of realistic breast physics drove massive adoption of the open source viewer.
In any case, I want to highlight and reiterate a point from that post: Emeraldgate "illustrates the limits of trust in a world where users are mostly known only by their avatars." Second Life avatar names were originally intended to be concrete identities who earned their in-world trust from the community by the users' behavior. This intention was degraded back in 2006 by removing a payment/credit card registration requirement to avatars, which made it easier for bad actors to create multiple avatars. However, because most or many Second Life users consider the world a game or low-risk play space, the desire to maintain a good reputation is not as compelling as it is in the real world. And in my opinion, this tension came to a head with Emerald.
The viewer became popular despite repeated accusations that Emerald's anonymous development team was rife with bad actors, because the Residents making those claims were also anonymous avatars with dubious or unknown intentions. And because of that, Emerald's growth went unchecked. You can see this in Scott Jenning's complex timeline of the Emerald viewer, which ultimately resembles a trip through the looking glass, or one of those curlicue conspiracy theory chalkboard diagrams that Glenn Beck makes, were Glenn Beck in Second Life. (Then again, reading that post's comment thread, one has to wonder if Glenn Beck is.)
This is not to say avatar names are inherently untrustworthy, but it is far more challenging for them to build and maintain a stellar reputation, especially when large amounts of Linden Dollars or influence are involved, or that reputation has been in any substantial way tainted. It will therefore be difficult for the new Emerald team to regain the trust of the community, as the leaders decline to reveal their real world names:
"Anyone one of us who publicly states our real life info," Emerald's Jessica Lyon tells me, "will be forever greifed to no end by the hordes of people who hate us. It's enough that we have to deal with it all in world, but to put our real lives at risk would be silly. Linden Lab has my real life name, address, credit card info and all other information relevant." That may well be true. Then again, Linden Lab also had the real life information of Emerald's original leader, when the denial-of-service attack hit.
Interesting point, doesn't it also beg the question about the forthcoming 'Display Names' changes too? Do we really need another layer of identity obfuscation in Second Life or should there now be some limits - like preventing anyone using a display name that's (virtually) the same as someone else's' account name?
Posted by: Jovin | Wednesday, August 25, 2010 at 02:35 PM
Anyone who treats a display name as anything other than a temporary tag is a fool.
Posted by: Psion | Wednesday, August 25, 2010 at 02:46 PM
In RL real names and problems have a law enforcement agency to control problems. There are well known and often enforced penalties for violating laws.
In SL the enforcement of rules/laws is nearly non-existent. It isn't like SL can't log things and track players down. But most of their power stops at the boundary of the virtual world.
Until something changes, (better enforcement) use of RL names in a general sense will create more problems than solutions. The JLU showed that LL enforcement could be gamed. Without virtual courts and appeals processes, some kind of justice system, virtual worlds will be open to similar problems.
Even in RL it is possible to create fake ID's and steal ID's. With SL as long as funds are delivered how much checking of a RL ID would LL do?
Names are a contributing factor but I see them as more the symptom than the problem.
Posted by: Nalates Urriah | Wednesday, August 25, 2010 at 02:52 PM
Your counterpoints about Madoff got me rethinking things a bit. I still believe there is a lot of value in anonymnity, so I'm not ready to throw out the baby with the bath water. However, perhaps there would be value in trusted (voluntary) independent third party certification, something similar to the way domain certification works. It could potentially work as a sort of identity escrow in the case of legal issues, and may even pave the way for creating legally binding contracts via an avatar identity.
Posted by: nexus burbclave | Wednesday, August 25, 2010 at 02:57 PM
So what makes you think a clever black hat can't have a job at LL and install code in the system that uses the GPU when it is idle to crack all your passwords and transmit them elsewhere? Or at Microsoft for that matter? Do you think there is a way to stop it? Do tell because you will be a frikkin billionaire overnight.
This event is hardly different from the sort of kid crap that goes on in the FPS competition ladder clan world. Nobody calls the cops. None of them want to be investigated. Everyone has something to hide.
LL made the choice to open source and allow third party code to connect. Nobody forced them. LL made the decision to have a TPV directory that makes people think LL approves TPVs when in reality you use them at your own risk. LL made the decision to not have resources tasked to keep an eye on this crap even though many many people were warning them about the players involved. And then there is this rumor that LL knows who these players are, has already permanently banned them, and knowingly allows them back in. A favor they will not do for people that, for instance, used fake credentials to sign up because they heard of a data breach.
LL is as much to blame as anyone else. Which is why they have to tighten up the policies.
As for the event itself the victim did not file charges as far as I know. So if the victim is OK with being victimized like that well whatever. I guess it makes LL look bad. LL isn't banning the viewer. LL isn't banning the purportedly previously banned players.
I don't see this as an excuse to wipe 90% of the player base out with the stupid idea of forcing out identities. Only a total retard would consider that path. Blizzard learned the hard way not to listen to effing retards that suggested that horseshit. Countries are banning use of facebook for certain purposes. and on and on. Only total retards and morons even consider ending anonymity.
If you are worried about what some hacker might install then stay away from open source software unless you can read the code and compile it yourself. And stay off of the internet. You have better odds of malware and hacking by surfing the web anyway. Those hackers do it for real money and they are real programmers.
Posted by: Ann Otoole InSL | Wednesday, August 25, 2010 at 03:24 PM
"I still believe there is a lot of value in anonymnity, so I'm not ready to throw out the baby with the bath water."
I agree, Nexus. I do think anonymity works relatively well in Second Life most of the time, and has many advantages. It's just situations where the stakes get higher as here where they don't. Adding a Facebook Connect/option to link avatar-to-FB profile would be a quick solution.
Posted by: Hamlet Au | Wednesday, August 25, 2010 at 04:56 PM
"Business in whatever form is accountable and must ultimately set its foot down somewhere."
Posted by: DMC Jurassic | Wednesday, August 25, 2010 at 05:15 PM
Indeed. If I know someone's real world name, I can tell immediately if they're trustworthy.
...wait, what?
99% of the time, people online are not one iota less anonymous if they use their real name. I know not much more about someone whether they're tagged as "Bob Smith" or "Galactica Cylon".
What's in a name? Not a heck of a lot...
Posted by: Galatea Gynoid | Wednesday, August 25, 2010 at 05:37 PM
Wagner --
Great post. I agree that there are time when you need to know that an organization exists in the real world.
If you're a company, for example, or a school, you're potentially liable if your staff or students are using malicious software.
Obviously, there's no guarantee that there won't be anything fishy coming out of, say, Microsoft. But at least with an established company -- with a real address, phone number, customer support staff, etc... -- your lawyers will know who to call in case of problems.
Yes, companies who make bad problems do get a lot of complaints from their customers. And maybe their employees have problems going out in public after a disaster -- BP employees saw that recently.
But the solution isn't to have all your employees and management be completely anonymous. The only organizations that work that way are criminal enterprises, hackers' organizations, and death squads of totalitarian regimes. Okay, that's a little unfair. There are also opposition groups in totalitarian countries that work anonymously -- to avoid those same death squads.
But a technology vendor doesn't quite fall into the same category as a human rights defense organization.
-- Maria
Posted by: Maria Korolov | Wednesday, August 25, 2010 at 05:54 PM
Well, this whole "Emeraldgate" thing is just a tangled mess. But credit where it's due, Prokofy Neva, was right, or half right, or a little bit right, Proks (as well as the alphaville herald I believe) "anonymous" warnings about the history of the "anonymous" people behind Emerald were enough to get me to never use the thing.... (but maybe I'm just paranoid)
And discredit where its due too. The Lab, pushing out the widely loathed and hated V2, and basically saying to customers "Don't like it? Thats tough, go try a TPV."...while the Self Certification to get on the TPV list was and still is an absolute joke and I would suggest that the Lab itself knows its a joke with its "at your own risk" disclaimer...(at this stage I dont think you have to be paranoid for the alarm bells to be going off.)
In the article Jessica Lyon is quoted as saying "Linden Lab has my real life name, address, credit card info and all other information relevant." And thats true enough, it is in fact the central point of the whole sorry mess, the Lab is the entity that can cut through the anonymity and protect its customers... and what does it do ? it tries to minimise its responsibility.
The whole moral of the story is "trust no one"
Now to me the most interesting thing about this is: will people stop using emerald? and if they do will they move to a v1.23 or a v2 viewer.
.... wanders off to watch an episode of the X-files
Posted by: L. Knoller | Wednesday, August 25, 2010 at 06:49 PM
"I still believe there is a lot of value in anonymnity, so I'm not ready to throw out the baby with the bath water."
"I agree, Nexus. I do think anonymity works relatively well in Second Life most of the time, and has many advantages."
Agreed. SL is afterall, to many, just a game, a passtime and in order to play that game, you should not be required to give your rl creds out.
If you are using SL not as a game, but as a business, or playing it serious enough to cash out and hitting a tax bracket, well, many businesses and governments will require the rl info, and it makes sense in those cases, but it's one thing to give your info out to the government for taxes versus having to give it out to everyone inworld.
One doesn't have to look far at all to find cases of online gaming turned RL deadly.
http://rt.com/Top_News/2008-01-17/Online_game_rivalry_ends_with_real_life_murder.html
http://www.pcworld.com/article/121299/online_gamer_sentenced_to_death_for_murder.html
Lately everyone seems to be drinking Zuckerberg's kool-aid about how there is no privacy. The trend needs to be reversed. Maybe one of these days Facebook will pull a stunt that really pisses people off and wakes them up. Who knows. Too many sheep.
http://detnews.com/article/20100723/METRO02/7230405/Murder-charge-in-Facebook-feud
Posted by: Little Lost Linden | Wednesday, August 25, 2010 at 07:15 PM
The curious thing about Emeraldgate is that everyone seems to be focusing on the denial of service problem, but the much more serious problem of saving user information on textures is not even getting mentioned. And serious it is. The data is saved on textures without the consent of Emerald users, and on Linux and Macintosh systems it can reveal the user's real name.
Ironic that the Emerald developers want to remain anonymous when their own viewer made possible for the "outing" of real life names of their users.
In essence what they did is no more than what youtube, Google, photobucket and others do: collect user data and save it. What was stupid is that while web browsers collect that information on an encrypted web cookie than can be accepted or denied by each user, their SL client collected it without any warning and saved it UNENCRYPTED to objects in SL, making it possible for anyone on range to view the information it collected.
But this kind of problem won't end with naming developers. After the latest wikileaks document dump I don't think anyone can make that case. Even the Pentagon is not safe against bad actors.
I think the ultimate responsibility lies on Linden Labs. They should test better the viewers they allow on their world. And they should require encrypted data on textures. This way at least we users only get snooped on by the original spyware developers, not by anyone in range :p
Posted by: Renmiri | Wednesday, August 25, 2010 at 10:35 PM
I think a couple of the points you make here are a little too bold.
First, while I'm sure there is a large number of people who like the bouncing breasts, it's less clear how much of Emerald's late success can be attributed to that. There are lots of features in the viewer that are far more useful for me than whether my breasts jiggle or not.
Second, you seem to be overplaying the effects of anonymity. While it may be true that anonymously voiced concerns are not seen as trustworthy as those signed by one's RL name, it is not clear how significant this effect is -- or how much this is balanced by the anonymity of the developers that have been accused of shady acts. Also, there are aspects of Second Life that are built on anonymity, and discarding it altogether would destroy a lot of what SL is.
Third, there are other reasons besides anonymity that have been enabling the Emerald issue to grow unchecked. I'd be surprised if most of the users were aware of the accusations before this month; sure, there have been rumours, but a lot of active SL users do not really follow the relevant section of the blogosphere. One of the lessons we should learn of this is that the current TPV self-accreditation process is not sufficient; there needs to be a way to voice concerns so that either someone with authority will check them or the user base will be made aware of them (and so able to make their own judgements).
Posted by: Unti Kamala | Thursday, August 26, 2010 at 01:09 AM
YAWN, so fed up with this emerald crap, can some one just PLEASE fix the shared media Landmark bug so i can build awesome shit in second life!
Posted by: LokiLoki | Thursday, August 26, 2010 at 02:04 AM
I find Jessica Lyon's concerns quite ironic, given the fact that members of her own team stalked other residents in RL, calling them or their relatives by phone, threatening them, or just collecting IP addresses of several thousand random people. She obviously knows what she is talking about.
http://www.youtube.com/watch?v=tNB1uDc6CBw
Posted by: Masami Kuramoto | Thursday, August 26, 2010 at 03:28 AM
I find that you really fail to make the case that anything would have gone differently if we'd had real life names involved. They still would have been nobodies that we've never heard of.
"This is not to say avatar names are inherently untrustworthy"
But isn't that your exact thesis?
I don't think you've actually manged to explain how real life names would actually help. Just whinged that people won't tie their avatars to their real life identities.
Posted by: Winter Seale | Thursday, August 26, 2010 at 03:49 AM
As long as I never have to create a Facebook account to use SL, I'm fine. I've never made a Facebook account (on principle), and I never intend to.
Posted by: Adeon Writer | Thursday, August 26, 2010 at 06:40 AM
The Emerald team successfully branded a name that became a "household" word in SL and it is a shame it was totally destroyed by a single untrustworthy person. This goes to show you why there are background checks and such in RL when trying to obtain a position. One bad apple can spoil bunches and bunches.
Posted by: Ajax Manatiso | Thursday, August 26, 2010 at 06:45 AM
Speaking of absolute path names, they show up all over SL client debugging output.Does that bother anyone?
Posted by: Melissa Yeuxdoux | Thursday, August 26, 2010 at 06:47 AM
@Melissa, that's entirely fine, the whole problem was this string was being communicated over SL by being encrypted into textures. Surely the full path is all over the viewer any time a file needs to be written.
Posted by: Adeon Writer | Thursday, August 26, 2010 at 08:33 AM
Anonymity isn't a bad thing I don't think, but yeah, the team they (Emerald) mustered was partially populated with well-known tools. There are even rumors that the recently ousted Fractured Crystal will simply remain as an Emerald Team member as a clandestine unknown. Maybe it's just that--rumor. I would like to HOPE that it is, but based on their (repeated) shady past, would it really be that shocking if it were in fact, truth?
0hum.
Thing is, with online personas you can just do a change of the guard, come back & say "well, Fracture Crystal did that, but John Hancock didn't". As ignorant as it sounds, that's the mentality...
"Every account I did bad sh.. on got banned, but no, -I- am not banned"
Fail.
Posted by: Viorel Daviau | Thursday, August 26, 2010 at 09:37 AM
@Melissa:
What Adeon said. The problem is not you seeing your own absolute path names. The problem is someone else seeing YOUR absolute path on a texture on your avatar. And you having no control over it, nor Emerald having any responsibility for displaying it to strangers
Posted by: Renmiri | Thursday, August 26, 2010 at 11:13 AM
@Winter: Not only would it not help, it would probably have hurt to a degree. Too many people would believe things would be different in that case, and thus, the use of real names would present a false illusion of trustworthiness, when in fact it would be the same people doing the same things under names that are for the most part equally meaningless to anyone but their next door neighbors.
Posted by: Galatea Gynoid | Thursday, August 26, 2010 at 12:35 PM
"I find that you really fail to make the case that anything would have gone differently if we'd had real life names involved. They still would have been nobodies that we've never heard of."
With their real names involved, it's very unlikely they would have casually launched a DDoS attack or committed other potentially illegal/actionable activities.
Posted by: Hamlet Au | Thursday, August 26, 2010 at 01:03 PM
Hamlet: if anyone actually cared enough to do anything about the DDoS attack and the other potentially illegal activities, the fact that it wasn't done under real names would be no obstacle. There's a real name and real personal and financial details behind Fractured Crystal's payments for the Emerald server, as well as numerous other easy ways of tracing the people involved. In addition, the harassing phone call an Emerald developer apparently made to a critic of Emerald seems to be entirely traceable - not even a withheld number - and that still go ahead.
No, where mandatory real names would be helpful is for taking actions against things that are entirely legal. Don't like kinky sex? Contact the employees and families of those involved and it'll be over in no time. Hate furries? I wonder what their bosses would think if they knew their employees were a bunch of weirdos who went around pretending to be animals. Just taken a dislike to someone? Send a few threatening phone calls and mails and spread some rumours about them. All entirely untracably.
There's a reason people are cautious about giving out their real names and personal details online - it puts them at quite a lot of risk.
Posted by: Mako Mabellon | Thursday, August 26, 2010 at 01:47 PM
"if anyone actually cared enough to do anything about the DDoS attack and the other potentially illegal activities, the fact that it wasn't done under real names would be no obstacle"
Not sure I follow this. Far as I know, *no* DDoS attack has ever been intentionally committed by someone whose real life name was widely known. And yes, it is possible to identify someone through various means, but the barriers are extremely high, and by the time that process is completed, it's often too late.
And again, I'm not at all suggesting RL-SL linkage should be mandatory, it should be an opt-in registration, and I doubt 99% of the population will feel a need to use it. If you're just selling fashion or (to use your example) kinky sex accessories for a dollar or two each, your customers really don't need to know your RL details. But if you're distributing a TPV like Emerald? Yeah, I think it'd be a good idea to put your RL name or company's RL name on the product.
Posted by: Hamlet Au | Thursday, August 26, 2010 at 02:09 PM
That's not what he's saying though.
With having the (actual) name known/used, it's reasonable to infer that it, by itself, would be a deterrent to less-than-noble activity.
Posted by: Viorel Daviau | Thursday, August 26, 2010 at 10:48 PM
Really? REALLY?
"Bouncing Breasts" accounted for all the Emerald users? Really?
It could not possibly be the fact that the LL viewer was utter crap and horrific for building, managing land or doing anything besides standing around cursing trying to find where they had hidden all your frequently used tools. That would not explain it at all. Must be the breasts, then.
But hey, it sure makes a snappy headline!
As for the content, I have seen no evidence that immature idiots act in a law abiding and mature manner just because their real names are being used. Just pick up your local paper and look under the police blotter if you doubt that. The problem is not "real names", the problem is that nobody is held accountable under ANY name by LL. If you are going to give someone access to your customers and your code, it seems pretty frelling obvious that you MIGHT want to vet them first.
Posted by: Fogwoman Gray | Thursday, August 26, 2010 at 10:56 PM
Emeraldgate Illustrates Limitations of Trust Based Only on Second Life Avatar Names ONLY when the owner of that avatar is placed in a position of trust.
On a day to day basis, any old Joe Bloggs that I bump into doesn't need to know my real life name, age, address, telephone number, shoe size, hair color or anything else. I don't see the need to require any real life information to be disclosed to others within Second Life.
Linden Lab tried to get around this with its TPV Directory, they have real life info for each of the viewers on the list. Where they failed is allowing Emerald to be listed when there were certain untrustworthy people involved.
Posted by: Talwyn Mills | Friday, August 27, 2010 at 08:48 AM
"With their real names involved, it's very unlikely they would have casually launched a DDoS attack or committed other potentially illegal/actionable activities."
What makes you think this? People on the emerald team know how to contact each other, Linden Lab have some of their names from payment info used, the information is around, they have responsibility and links back to whom they really are, a real name in a big world does not make someone more responsible, this is one of the great Facebook myths.
Posted by: Ciaran Laval | Saturday, August 28, 2010 at 05:50 AM
I meant if they're names were known *publicly* outside the Emerald team or Linden Lab. And often, not even Linden has real life info on many/most of its users, only their IP addresses.
Posted by: Hamlet Au | Saturday, August 28, 2010 at 12:28 PM
well, I cannot and will not accept that we all need to reveal ourselves to do X, Y or Z. SL is my playworld and I keep it seperate from my real life. While I am aware that big businesses cannot hire people with names like Jojo Elastikitty, the fact is that until real money in the real world and real contracts are involved, the real names can stay out of it.
What I would suggest LL do in cases like Emerald is just give the FBI all the data and let them go out and arrest the twits for federal computer crimes. LL banning and permabanning or even revealing a name has not done one thing to dissuade these evil punks. So perhaps telling everyone that all their info and names and activities to the feds would finally get the cracker community's attention.
Posted by: shockwave yareach | Sunday, August 29, 2010 at 08:57 PM
Lack of anonymity has a chilling effect on the free exchange of ideas. While I'm sure we can all think of exchanges that could use a good chill, I have to err on the side of protecting expression. Not all of the costs of freedom are accounted in blood.
Posted by: Arcadia Codesmith | Monday, August 30, 2010 at 09:56 AM