Privacy

Acceptable Violations?

By most accounts, people are very concerned about their privacy these days. Specifically, they don’t want people violating it. I can’t say that I blame them. While I don’t lead any kind of ‘secret internet double life’ (I’m known by Trilo in RL), I do like to keep my personal account details to myself. I don’t want to have others automatically creating accounts in my name on other web sites, putting me on mailing lists without my permission, sending me promotional offers, or getting at personal data that could help them steal my identity.

There have been two major breaches of privacy within the metaverse in the last few weeks, and I’m a little surprised that more people aren’t up in arms about it. Almost hilariously, more people are expressing militant outrage about changes to the LL viewer’s UI than they are about very serious and real violations of thousands of users’ privacy by organizations that really should know better.

The first one was with the SL Bloggers Ning site (no link, it’s not a public group and you don’t want to risk signing up). The backstory is that Ning.com recently announced the failure of their ad-supported business model. Ad clicks weren’t paying the bills, and they’ve been losing money on the free Ning sites hand over fist. To change course and save their company, they recently announced that they’ll be shutting down the myriad of free Ning sites (inciting civil unrest amongst those who feel entitled to something for nothing). They of course do offer a few reasonably priced premium Ning site upgrade options, enabling those who believe in the communities they’ve built to stay the course (or even improve service & remove unwanted ads). The leader/founder of the SL Bloggers Ning chose the option of moving to another free social networking site and starting over. The problem, apparently, is that she didn’t want to start over. And Group.ly, the new service provider, was so eager to build up its user base that they went to the length of providing tools to help violate members’ privacy. What they did was create and use a tool to scoop all the SL Blogger ning account info (at the very least user names and email addresses, though more data could have been mined) to populate a new SL Bloggers social network on Group.ly’s site. That’s right, without having given permission of any kind, SL Bloggers Ning site members now suddenly found themselves with accounts on some completely different social networking site. Even worse, it all went horribly wrong, and literally overnight the members found themselves being sent between dozens and hundreds of unsolicited emails. I’ll link you to a blog post about the aftermath, but not to either Ning’s or Group.ly’s sites, seeing as right now one of the last things you want is to have an account on either one of those sites. Ning’s user account info needs to be more secure, and Group.ly shouldn’t even be attempting such an underhanded way to grow its user base. And shame on the SL Bloggers’ founder who made the decision to use those tools. While she may have had honorable intentions (keeping her community together during a transition), she completely failed to think about the privacy implications or consider the best interests of the members of that community. The strangest part of it all (at least to me) is that more people aren’t outraged about it. Some folks have expressed anger and frustration about Group.ly’s handling of it all, but hardly anybody seems to care that they made such a tool in the first place, or that Ning’s user account info is so easily scooped by third parties, or that the person they trusted to lead their community would act so thoughtlessly.

The second one, which seems far more sinister, concerns Modular Systems, the makers of the Emerald Viewer. It has recently come out that Modular Systems has been involved in data mining. In a nutshell, they’ve been compiling a list of avatar names, IP addresses, and other information about users without their permission, for whatever reason. This information only became known because their site was hacked and someone got that list. It has now been posted on file sharing sites, there is no way to get that data off the internet now. Regardless of how evil or wrong the hacker(s) were who broke into their site and accessed/copied that private info... Modular Systems should never have been compiling it!!! It is important to point out that:
  • The data that’s been leaked & published appears to have not been a list of users of the Emerald Viewer.
  • You have no way of knowing that Modular Systems is not similarly tracking & logging data for all Emerald Users without their permission, for whatever purposes they choose. Modular Systems has already clearly demonstrated both a lack of respect for user privacy and a lack of website security.
I’m completely baffled as to why people (particularly Emerald users) would not be paranoid and outraged over this. There’s a good chance Modular Systems is compiling that data (even if under the guise of helping to craft a better performing viewer, it’s still wrong), and it’s also entirely possible that they could fall victim to another hack in the future. My advice to anyone who’s ever used that Viewer: Go change your account password on the official Second Life site now (for all your accounts if you have/use alts), and never use the Emerald Viewer (or any viewer from Modular Systems) again. No amount of extra attachment points, temporary uploads, sim-lagging radar functions, or boob jiggling is worth the risk of having personal details of your accounts published online. In my opinion, Linden Lab should not only seriously reconsider allowing Modular Systems to sign up new Second Life accounts on its site, they should think long and hard about allowing them to be on the Third Party Viewer directory.

Ultimately, of course, people are free to make whatever personal decisions they like about privacy and security. It just seems surprising that at a time when sites like Google and Facebook are being taken to task for what they do with user/customer data that these fixtures of the metaverse are getting away with the things they do.