Jump to content

Blogs

Our community blogs

  1. Happy Monday!

    Today, we would like to direct your attention to our new DMCA web form. Previously, in order to file a DMCA claim, a Resident would need to send their complaint to our legal team via snail mail.  As of this week, we are proud to save our Residents some postage and provide a new, easy to use web form to complete these requests!

    DMCA - Hero image.PNG

     

    We know no one wants to be in a position to make a copyright or trademark complaint, but we also recognize that these are important tools for our Merchant and content creation partners, and we’re committed to making this process as efficient, painless, and useful as possible. We are confident that providing an online submission form for this delicate process will help us achieve those goals.

    If you believe you need to take advantage of our online submission form, please navigate your browser to https://dmca.lindenlab.com and fill out the session request form.

    DMCA - Initial Form Fill.PNG

    We will then email you a session link where you can fill out your complaint in full with the usual information. The session will remain active for 4 hours after your session request, so don’t delay!

    DMCA - Email Confirmation.PNG

    As always, all requests are subject to Linden Lab's IP Infringement Policy.  Thank you for your patience while we enter the 21st century.

     

  2. Second Life is home to several impressive 3D replicas of places and landmarks in the physical world, so it is no surprise that many in the community have been praising the presence and detail found in Rieri. This contemporary Japanese location is inspired by Tokyo’s Arakawa Lock Gate region and was modeled from Google Maps and real photos of Tokyo neighborhoods.

    Learn more about Rieri in this week’s Destinations video, which is narrated by Resident pokute Burt (who cites Rieri as one of his favorite spots in Second Life). (Note: If you don’t see the English language captions automatically, be sure to turn them on for the full translation).

    To get even more insight to the making and magic of Rieri, we recommend that you also check out the official video tour from Rieri project architect/director Eripom Moonwall and her team.

    Better yet, see Rieri for yourself in Second Life - no plane tickets required!

  3. Xiola Linden
    Latest Entry

    By Xiola Linden,

    48203097347_cc4a6427f3_k.jpg

    Today's Second Life pic of the day is "Peace? ..." by Susann DeCuir. Picture taken at CORNHUB .

    To submit your image for Second Life Pic of the Day consideration, login to Second Life, snap some pics and add them to the Official Second Life Flickr Group.

    Be sure to check us out on social:
    Instagram
    Facebook
    Twitter
    Tumblr
    Pinterest
    Plurk

  4. Some of you know me as Soft Linden. I’m the information security manager at Linden Lab.

    A large number of you attended the Tilia Town Hall  last week. Aside from the many questions you had about how Tilia affects Second Life L$ and monetary activity, privacy was a common concern. Grumpity asked if I would answer a few of the questions about Tilia privacy and security which surfaced in the town hall and in our forums. This has been a busy time for everybody who has worked on Tilia, but I’m glad I can take a few moments to share some information.
     

    Where did the Tilia team come from? And why should I trust Tilia with my personal information?
     

    The Tilia team is made up of people you previously knew as Linden Lab employees. We’re part of this team because we are passionate about privacy and security. Tilia includes employees who use Second Life alts in our free time. We know many of you as friends and creators in Second Life. So not only are our practices aimed at complying with an ever expanding list of U.S. regulations and laws, but we strive to go above and beyond. We want to protect the best interests of ourselves, our friends, and the countless Residents who support the world we love. We fully believe that Second Life wouldn’t be possible without working to earn your trust.

    For example, we don’t like the way many other companies resell customer information. Because we disagree with those practices, the information you store with Tilia is never provided to third parties for purposes such as marketing. We want you to feel confident that you can play, experiment, and explore in Second Life without outside strangers learning anything about you which you have not shared under your own initiative.

    We won’t even provide that information to the US government unless we are compelled to do so through a legal process such as a subpoena or a search warrant. 

    But the privacy and security story goes much, much further.


    Does Tilia change how my information is secured?
     

    Yes! This project began years ago. Quite a bit of the work we do to improve Second Life is "behind the scenes" - things that users cannot directly interact with. Often it's not even possible for users to detect that something has changed. This is one such case.

    A few years ago, we looked at Second Life, and how information security has evolved in the time since Second Life was created. We asked ourselves how we could better protect our most sensitive customer information.

    Our engineers created a new “personal information vault” project. This vault uses modern algorithms to encrypt sensitive information in a way that would require both enormous computing power and an enormous amount of memory for an attacker to crack… if they could even get a copy of the encrypted data. These algorithms are specifically tuned to defeat expensive decryption acceleration hardware. And all of this new encryption is wrapped around the encryption we already used - encryption which was the industry standard at the time. These are entire new layers using encryption technologies which didn’t exist when Second Life was new.

    Even after all of these changes, the old protection remains in place at the bottom of that stack. Figuratively speaking, we locked the old vault inside a bigger, stronger vault. We chose an approach where we didn’t need to decrypt information in order to enhance your protection.

    There is another key part of this project: Our storage mechanisms for sensitive customer information are now isolated from Second Life. The information isn’t stored at the same physical location anymore, and hasn’t been for a while. But the difference is more than physical.

    Second Life’s servers do not have direct access to Tilia information that isn’t required for daily Second Life usage. Even developers who have worked at the company for a dozen years - developers who have full access to every last Second Life server - do not have access to the servers that store and protect the most sensitive information. A policy of least privilege means fewer opportunities for mistakes.

    Even within Tilia, key information is further segmented. This means that compromising one database inside of Tilia is insufficient to decrypt and correlate sensitive data without compromising a different service. We have deployed numerous commercial products which help monitor for access, abuse, or data copying attempts for data that is made available to Tillia employees. This means that even an attacker with all employee access credentials, access to employee multifactor authentication tokens, and all Tilia access permissions would still face some challenges in avoiding early detection.

    That was a lot to explain. But it is all important, because this is the technical foundation of Tilia. It’s a core piece of the Tilia story, and it is something we have worked on for years. Tilia was created in large part because we saw an opportunity to share these technologies with other businesses.

    These technologies are in place today for all of the information you entrust Tilia to handle. 

    I am proud of what our engineers have accomplished. These same technologies are only in the planning stages at other companies and institutions. Many of the bigger businesses who already handle sensitive data like credit reports and medical records are working to complete similar projects. But we have it today.
     

    It sounds like a lot has changed at once. Aren’t large changes risky?
     

    Tilia was designed with security and privacy as its primary considerations. These considerations apply not only to what we create, but how we create it, and how we validate ongoing changes to what we create.                                

    For Tillia, we chose a newer security-focused programming language over Python and C++, the older languages which make up much of Second Life. It’s more difficult to make security errors in modern security-focused languages, but it’s not impossible. This is why we have created thousands of automated tests which exercise nearly every aspect of Tilia. Every change to Tilia triggers the execution of these tests, and the change is rejected if it causes nonconformant behavior.

    The Tillia team also pays a security testing company to attempt to hack Tilila and perform routine vulnerability assessments. Any Tilia service that is exposed to Second Life users is also exposed to outside security testers. These testers evaluate changes in a staging environment before they are ever presented to Second Life users.

    We enlisted outside specialists to review some of our key privacy and security practices and procedures. We then invited a team from Amazon Web Services to sit in our offices with us and review every aspect of our service deployment and hosting infrastructure.

    Every step we have taken has been cautious. When it comes to privacy and security, the Tilia engineering team believes that the tortoise wins the race.
     

    What does Tilia mean for Second Life privacy and security in the future?
     

    We have many plans for Tilia. Additional work is already under way.

    While we have already moved regulated information out of Second Life and into Tilia, we are actively migrating additional forms of information. Now that we have a new privacy and security foundation, we can extend the amount of information that enjoys this level of protection. If it pertains to your real life identity, we believe in leveraging Tilia protection wherever possible.

    Tilia will enable future Second Life projects as well. We designed Tilia to support additional business customers, so we are able to justify larger privacy and security projects to benefit new business customers and existing Second Life Residents alike.

    Aside from ensuring compliance with upcoming privacy and security regulations, our early goals are largely driven by Second Life. These goals include the option for users to select stronger authentication mechanisms, better mechanisms for our team to identify callers who request account help, and additional tools which support our fraud protection team.

    As to Second Life itself, by relieving the team of many of the heaviest privacy and security burdens, we believe we can help them be even more effective in developing the virtual world we all love.

    Stay tuned to see what we can do.

    Soft Linden

  5.  

    Hello Residents of Second Life!  

    Over the last few days, Residents using certain email providers may have noticed that they are not receiving all email notifications for events such as Marketplace purchases and Offline Messages.  

    Email has come a long way since it was first introduced to the world in the 1960s. There are many factors that affect the deliver-ability of a message, and algorithms which affect it are constantly being updated.  Sometimes things go awry despite best intentions - such as certain phrases being flagged as indicative of spam, or the volume of messages sent in a certain time frame.

    Second Life is a complex beast and not all our email sending practices are as good as they could be. We are re-examining these practices and we’re going to do better to make sure our Residents are able to get the information they need.

    There are some things you, as the recipient, can also do to better ensure deliver-ability, such as having email filters, white-listing certain contacts, checking your spam folder and marking legitimate messages “Not Spam,” and even contacting your email providers about certain emails.

    If you are experiencing issues receiving emails from us, you may also want to consider updating your email temporarily to a different provider (for example if @yahoo emails are failing, try a @gmail account), verifying your email address with us (offline IMs, friendship offers, auctions, etc all require a verified address), and white-listing (add sender to contacts) Second Life messages to ensure you receive them in the future. It’s always best to use an email account that is only accessible by you.  

    We sincerely apologize for the inconvenience caused and will provide updates once available.

  6. We’re happy to announce some great changes for Estate Managers which rolled out in Tuesday’s Viewer Release.

    This shiny new viewer is a brave foray into improving the state of Estate Access Management! We can’t wait to see what you think about it. Here’s what you’ll find:

    •  New “Access” tab in the Region/Estate floater with subtabs for “Estate Managers”, “Allowed”, “Allowed Groups”, and “Banned”
      • Recording banned date, banned by, and last login for each banned account †
      • Search & Sort within each of the sub-tabs
      • Copy Banlist & Allowed-list
      • Added a confirmation for adding or removing from a list
      • More Estate Managers!
      • We’re upping the number to 15. Remember, with great power comes great responsibility.

    † these features only available going forward.

    Known Issues

    • There is currently an issue where newly added Estate Managers will need to relog in order to view access lists. A fix for this will be arriving in an upcoming server release.

    As always, please file a Jira to tell us about any problems you discover or request additions or feature changes to this functionality.

     

×
×
  • Create New...