Jump to content

Blogs

Our community blogs

  1. 32423908381724efd96582e9a04069c5.png

    Today's Second Life pic of the day is "Peace? ..." by Alice Buttigieg

    To submit your image for Second Life Pic of the Day consideration, login to Second Life, snap some pics and add them to the Official Second Life Flickr Group.

    Be sure to check us out on social:
    Instagram
    Facebook
    Twitter
    Tumblr
    Pinterest
    Plurk

  2. Some of you know me as Soft Linden. I’m the information security manager at Linden Lab.

    A large number of you attended the Tilia Town Hall  last week. Aside from the many questions you had about how Tilia affects Second Life L$ and monetary activity, privacy was a common concern. Grumpity asked if I would answer a few of the questions about Tilia privacy and security which surfaced in the town hall and in our forums. This has been a busy time for everybody who has worked on Tilia, but I’m glad I can take a few moments to share some information.
     

    Where did the Tilia team come from? And why should I trust Tilia with my personal information?
     

    The Tilia team is made up of people you previously knew as Linden Lab employees. We’re part of this team because we are passionate about privacy and security. Tilia includes employees who use Second Life alts in our free time. We know many of you as friends and creators in Second Life. So not only are our practices aimed at complying with an ever expanding list of U.S. regulations and laws, but we strive to go above and beyond. We want to protect the best interests of ourselves, our friends, and the countless Residents who support the world we love. We fully believe that Second Life wouldn’t be possible without working to earn your trust.

    For example, we don’t like the way many other companies resell customer information. Because we disagree with those practices, the information you store with Tilia is never provided to third parties for purposes such as marketing. We want you to feel confident that you can play, experiment, and explore in Second Life without outside strangers learning anything about you which you have not shared under your own initiative.

    We won’t even provide that information to the US government unless we are compelled to do so through a legal process such as a subpoena or a search warrant. 

    But the privacy and security story goes much, much further.


    Does Tilia change how my information is secured?
     

    Yes! This project began years ago. Quite a bit of the work we do to improve Second Life is "behind the scenes" - things that users cannot directly interact with. Often it's not even possible for users to detect that something has changed. This is one such case.

    A few years ago, we looked at Second Life, and how information security has evolved in the time since Second Life was created. We asked ourselves how we could better protect our most sensitive customer information.

    Our engineers created a new “personal information vault” project. This vault uses modern algorithms to encrypt sensitive information in a way that would require both enormous computing power and an enormous amount of memory for an attacker to crack… if they could even get a copy of the encrypted data. These algorithms are specifically tuned to defeat expensive decryption acceleration hardware. And all of this new encryption is wrapped around the encryption we already used - encryption which was the industry standard at the time. These are entire new layers using encryption technologies which didn’t exist when Second Life was new.

    Even after all of these changes, the old protection remains in place at the bottom of that stack. Figuratively speaking, we locked the old vault inside a bigger, stronger vault. We chose an approach where we didn’t need to decrypt information in order to enhance your protection.

    There is another key part of this project: Our storage mechanisms for sensitive customer information are now isolated from Second Life. The information isn’t stored at the same physical location anymore, and hasn’t been for a while. But the difference is more than physical.

    Second Life’s servers do not have direct access to Tilia information that isn’t required for daily Second Life usage. Even developers who have worked at the company for a dozen years - developers who have full access to every last Second Life server - do not have access to the servers that store and protect the most sensitive information. A policy of least privilege means fewer opportunities for mistakes.

    Even within Tilia, key information is further segmented. This means that compromising one database inside of Tilia is insufficient to decrypt and correlate sensitive data without compromising a different service. We have deployed numerous commercial products which help monitor for access, abuse, or data copying attempts for data that is made available to Tillia employees. This means that even an attacker with all employee access credentials, access to employee multifactor authentication tokens, and all Tilia access permissions would still face some challenges in avoiding early detection.

    That was a lot to explain. But it is all important, because this is the technical foundation of Tilia. It’s a core piece of the Tilia story, and it is something we have worked on for years. Tilia was created in large part because we saw an opportunity to share these technologies with other businesses.

    These technologies are in place today for all of the information you entrust Tilia to handle. 

    I am proud of what our engineers have accomplished. These same technologies are only in the planning stages at other companies and institutions. Many of the bigger businesses who already handle sensitive data like credit reports and medical records are working to complete similar projects. But we have it today.
     

    It sounds like a lot has changed at once. Aren’t large changes risky?
     

    Tilia was designed with security and privacy as its primary considerations. These considerations apply not only to what we create, but how we create it, and how we validate ongoing changes to what we create.                                

    For Tillia, we chose a newer security-focused programming language over Python and C++, the older languages which make up much of Second Life. It’s more difficult to make security errors in modern security-focused languages, but it’s not impossible. This is why we have created thousands of automated tests which exercise nearly every aspect of Tilia. Every change to Tilia triggers the execution of these tests, and the change is rejected if it causes nonconformant behavior.

    The Tillia team also pays a security testing company to attempt to hack Tilila and perform routine vulnerability assessments. Any Tilia service that is exposed to Second Life users is also exposed to outside security testers. These testers evaluate changes in a staging environment before they are ever presented to Second Life users.

    We enlisted outside specialists to review some of our key privacy and security practices and procedures. We then invited a team from Amazon Web Services to sit in our offices with us and review every aspect of our service deployment and hosting infrastructure.

    Every step we have taken has been cautious. When it comes to privacy and security, the Tilia engineering team believes that the tortoise wins the race.
     

    What does Tilia mean for Second Life privacy and security in the future?
     

    We have many plans for Tilia. Additional work is already under way.

    While we have already moved regulated information out of Second Life and into Tilia, we are actively migrating additional forms of information. Now that we have a new privacy and security foundation, we can extend the amount of information that enjoys this level of protection. If it pertains to your real life identity, we believe in leveraging Tilia protection wherever possible.

    Tilia will enable future Second Life projects as well. We designed Tilia to support additional business customers, so we are able to justify larger privacy and security projects to benefit new business customers and existing Second Life Residents alike.

    Aside from ensuring compliance with upcoming privacy and security regulations, our early goals are largely driven by Second Life. These goals include the option for users to select stronger authentication mechanisms, better mechanisms for our team to identify callers who request account help, and additional tools which support our fraud protection team.

    As to Second Life itself, by relieving the team of many of the heaviest privacy and security burdens, we believe we can help them be even more effective in developing the virtual world we all love.

    Stay tuned to see what we can do.

    Soft Linden

  3. Second Life is home to several impressive 3D replicas of places and landmarks in the physical world, so it is no surprise that many in the community have been praising the presence and detail found in Rieri. This contemporary Japanese location is inspired by Tokyo’s Arakawa Lock Gate region and was modeled from Google Maps and real photos of Tokyo neighborhoods.

    Learn more about Rieri in this week’s Destinations video, which is narrated by Resident pokute Burt (who cites Rieri as one of his favorite spots in Second Life). (Note: If you don’t see the English language captions automatically, be sure to turn them on for the full translation).

    To get even more insight to the making and magic of Rieri, we recommend that you also check out the official video tour from Rieri project architect/director Eripom Moonwall and her team.

    Better yet, see Rieri for yourself in Second Life - no plane tickets required!

  4. As we promised in our town hall meeting about Tilia and its relationship to Second Life last week, we have been working on a way for Residents to voluntarily submit additional information that may be required to process credit prior to the August 1 Tilia launch date. That option is now available on your Second Life account billing information page!

    billing info.png

    For many of you, we may already have all information required to process credit from your USD balance, and you will be able to see that you are good to go from the green check mark.

    good to go.png

    For some of you, we may need to collect some additional information before you can process credit from your USD wallet after August 1.  You’ll be able to see that from the red X in the same location.

    additional info.png

    And from there, you can click on ‘additional information’ link to proceed to the information request form if you would like. You are under no obligation to do so at this time. 

    As registered money services businesses, Linden Lab and Tilia are required to comply with applicable U.S. laws and regulations. As part of our ongoing risk management process, we must obtain, verify, and record information about our customers for whom we offer financial-related services. We take your privacy and security seriously, so your personal information will continue to remain protected and will only be used for purposes that are outlined in Linden Lab’s and Tilia’s Privacy Policies.

    You may learn more about Tilia and its relationship with Second Life and Linden Lab from our FAQ.

     

  5. We’re happy to announce some great changes for Estate Managers which rolled out in Tuesday’s Viewer Release.

    This shiny new viewer is a brave foray into improving the state of Estate Access Management! We can’t wait to see what you think about it. Here’s what you’ll find:

    •  New “Access” tab in the Region/Estate floater with subtabs for “Estate Managers”, “Allowed”, “Allowed Groups”, and “Banned”
      • Recording banned date, banned by, and last login for each banned account †
      • Search & Sort within each of the sub-tabs
      • Copy Banlist & Allowed-list
      • Added a confirmation for adding or removing from a list
      • More Estate Managers!
      • We’re upping the number to 15. Remember, with great power comes great responsibility.

    † these features only available going forward.

    Known Issues

    • There is currently an issue where newly added Estate Managers will need to relog in order to view access lists. A fix for this will be arriving in an upcoming server release.

    As always, please file a Jira to tell us about any problems you discover or request additions or feature changes to this functionality.

     

  6.  

    Hello Residents of Second Life!  

    Over the last few days, Residents using certain email providers may have noticed that they are not receiving all email notifications for events such as Marketplace purchases and Offline Messages.  

    Email has come a long way since it was first introduced to the world in the 1960s. There are many factors that affect the deliver-ability of a message, and algorithms which affect it are constantly being updated.  Sometimes things go awry despite best intentions - such as certain phrases being flagged as indicative of spam, or the volume of messages sent in a certain time frame.

    Second Life is a complex beast and not all our email sending practices are as good as they could be. We are re-examining these practices and we’re going to do better to make sure our Residents are able to get the information they need.

    There are some things you, as the recipient, can also do to better ensure deliver-ability, such as having email filters, white-listing certain contacts, checking your spam folder and marking legitimate messages “Not Spam,” and even contacting your email providers about certain emails.

    If you are experiencing issues receiving emails from us, you may also want to consider updating your email temporarily to a different provider (for example if @yahoo emails are failing, try a @gmail account), verifying your email address with us (offline IMs, friendship offers, auctions, etc all require a verified address), and white-listing (add sender to contacts) Second Life messages to ensure you receive them in the future. It’s always best to use an email account that is only accessible by you.  

    We sincerely apologize for the inconvenience caused and will provide updates once available.

×
×
  • Create New...