Nicolette Lefevre Posted October 30, 2013 Author Share Posted October 30, 2013 Solar Legion wrote: Sorry Nicolette - you're wrong and I won't be discussing this with you at all. You gave Linden Lab your e-mail address and it is up to them to secure it on THEIR server systems. Their responsibility ENDS there. From there, it is the responsibility of whoever owns the systems that address passes through to secure THEIR systems. Sorry, that's the way it is. No Solar, I'm right. It is definitely LL's responsibility. If you do something yourself you have 100% control and 100% of the responsibility. The thing that a lot of people (including you) don't get, is that if you outsource something, you will always lose at least part of the control, but you still keep 100% of the responsibility. You can NOT outsource responsibility. If you outsource something to someone who then makes an error, then it was your fault for outsourcing to the wrong company. Link to comment Share on other sites More sharing options...
Griffin Ceawlin Posted October 30, 2013 Share Posted October 30, 2013 *unsubscribes from this waste of server space* Link to comment Share on other sites More sharing options...
Solar Legion Posted October 30, 2013 Share Posted October 30, 2013 There's no discussion to be had here kiddo. Unless Linden Lab owns the entire Amazon SES system, their only responsibility is in choosing Amazon to handle their E-mails. It becomes Amazon's responsibility to secure their systems. Don't like it? Tough. Complain to Amazon about their systems and tell Linden Lab they goofed. I do thank you for one thing however - you've been an amusing waste of time. Link to comment Share on other sites More sharing options...
Dillon Levenque Posted October 30, 2013 Share Posted October 30, 2013 Solar Legion wrote: Sorry, no one has any control whatsoever over systems they do not directly own or maintain. That is reality, expecting otherwise will lead you to be disappointed again and again. Feel free to believe otherwise. Now here is a fun one for you: Linden Lab uses Amazon's SES system for their E-mails now. Who do you blame? Linden Lab or Amazon? I am doing nothing other than being ralistic with thisL I could not really care any less how things are done by those with unrealistic expecatations. Aren't you the one who supposedly insists every word and phrase must match literally what you believe it to mean? Here's what I said: " If you are dealing with LL and only LL, then LL has full responsibility to you, regardless of where or how they subcontracted anything." Exactly where in that or anything else in my comment did I mention 'control'? Of course LL does not have control of their subcontractor's facilities, but hey are still responsible to their users. If the subcontractor fouls up, LL must make it good to the user. They may seek compensation from the subcontractor, but that's another story altogether. Link to comment Share on other sites More sharing options...
Madelaine McMasters Posted October 31, 2013 Share Posted October 31, 2013 Solar's argument reminds me of a medical intstrumentation company that got cited by the FDA for failure to comply with good manufacturing practice requirements. The company argued that, as they'd subcontracted out the design of the instrument, the subcontractor was responsible. The FDA was so impressed by this explanation that they immediately forbid the sale of any of its products in the US. I had a friend who'd just gone to work for that company and who was shocked at the naiveté of the management team. It took 18 months for the company to rework all its internal processes to the satisfaction of the FDA, during which time they nearly went out of business. You'd think people would learn after an experience like this, but no. Fifteen years later, they got shut down in the US again, for more or less the same reasons. Solar's argument doesn't hold water, but there are plenty of people who won't believe that. It's okay though, people can't scream in protest over being held responsible when their lungs are filled with the water their argument didn't hold. Link to comment Share on other sites More sharing options...
Solar Legion Posted October 31, 2013 Share Posted October 31, 2013 It is simple: Linden Lab's responsibility is to the data they store and pass through the systems they control. Once it leaves their systems, it becomes the responsibility of the owner of those systems. I would think that would be obvious enough. In this case, Linden Lab uses Amazon's SES system for the e-mails that are sent out. Amazon has the responsibility to secure their own server systems when handling data passed through them. Linden Lab's responsibility in choosing Amazon is just that: Their choice of system to route through. Sorry - I wholeheartedly disagree with the notion that Linden Lab (or ANY service) must take the blame for systems beyond their personal control. Link to comment Share on other sites More sharing options...
Solar Legion Posted October 31, 2013 Share Posted October 31, 2013 Nice comparison of apples to oranges. Computer data is computer data - it is not a medical instrument. Sorry - Amazon is to blame for any leaks that occur through the use of their SES service. That people do not accept this simple fact simply goes to show that everyone is quite ready and willing to take the easy way out. Link to comment Share on other sites More sharing options...
Madelaine McMasters Posted October 31, 2013 Share Posted October 31, 2013 Solar Legion wrote: Nice comparison of apples to oranges. Computer data is computer data - it is not a medical instrument. Sorry - Amazon is to blame for any leaks that occur through the use of their SES service. That people do not accept this simple fact simply goes to show that everyone is quite ready and willing to take the easy way out. Wrong, Solar. If a hospital's use of Amazon SES resulted in a HIPAA violation because of a breach within Amazon, the violation would be registered against the hospital, not Amazon. The hospital might well go after Amazon to recover any damages that resulted, but the record would show the hospital as the violator. You seem to be confusing blame with responsibility. I hope you never find yourself in a courtroom, you may find that reality is very unpleasant. Link to comment Share on other sites More sharing options...
Solar Legion Posted October 31, 2013 Share Posted October 31, 2013 We're not talking about a Hospital e-mailing records through Amazon's SES service (which they do not). we're talking about Linden Lab sending their e-mails through Amazon's SES services. Nor are we talking about a courtroom or court cases (which frankly, I do not give a crap about). No, I am not confusing blame and responsibility. Here is reality: Linden Lab cannot secure any system outside of their own. They no longer have the server space nor structure in place to continue to send out their e-mails through their own systems. They chose to use Amazon's SES e-mail system to save a bit of money. Bad choice? Possibly. However, they cannot take responsibility for securing a system they do not own. That is impossible to do. That is, quite frankly, how it is. Now, how others handle it, courts included, are another matter. Human beings just love to force others to take responsibility for things out of their personal control. That has been the way people have been just about since the dawn of the race. Yes, there are times when this is prudent: Securing a bloody e-mail server is not one of them. One can (and I HAVE) go after the owner of the faulty server system. What THEY do from there is up to them. I don't expect my ISP to take responsibility for an e-mail, basic traffic or other communication once it leaves their nodes and systems. I expect them to take note of the issue and either shift to a different method or find a way around it until it is fixed. In the mean time, I'll gladly go after the owner of the offending servers. I've already been over the notion of responsibility in this forum: A thread wherein users were complaining about the sudden, massive data usage from Second Life due to a change that had been made and their subsequent complaints and expectations (for some) for Linden Lab to reimburse them for their data overage charges. I told THEM that they could suck it up, pay the charges and take responsibility for their own data usage and monitor it more closely in the future. That sort of thing can happen from time to time when using some services. To be a bit shorter here: I am well aware how the "legal" system and most people expect the notion of responsibility to operate. There is a blanket approach to it that is mindbogglingly asinine. Yep, a manufacturer is certainly responsible for faults resulting from outsourced component manufacture, as is a handler of truly sensitive data. An e-mail address is not "truly sensitive data" contrary to popular opinion. If it were, services to create and utilize throw away accounts would not exist. I'm not interested in how people think about and accept that blanket approach to responsibility nor am I interested in the same from the courts. Responsibility is not black and white, it is a case by case basis. I note that the question I asked went unanswered: Linden Lab uses Amazon SES systems for their e-mails now. A breach occurs in Amazon's systems wherein someone can now intercept the e-mails running through it - and not just those sent by Linden Lab. Who is responsible for the security of those systems and the subsequent damage done by such a breach: Linden Lab (and the other Amazon business customers) or Amazon? Link to comment Share on other sites More sharing options...
Dillon Levenque Posted October 31, 2013 Share Posted October 31, 2013 Okay, at least you've made it clear. I don't know where you are but in most countries I know of and certainly in mine (that is, the United States of America), your approach does not work. I am going to make something up now. Pretend I"m in the Gadget business. I show you some brochures and run my mouth and convince you to buy a Gadget. My sales blather and the brochure clearly state that the Gadget shampoos the carpets, washes the windows, cleans the drapes, and then folds itself and puts itself away . You buy a Gadget and find that while it folds itself and puts itself away without a problem, it does NOT shampoo nor clean anything at all. Naturally you bark at me about that. After investigating your complaint I discover that WeBeCodeys, the company I contracted with to write the code for shampooing etc, spent all the money on a beer bust and faked the code I requested. So I say to you, check with WeBeCodeys. They did that part. You okay with that? If so, you'd be unusual. ETA Never mind . I just read your replies above and it is obvious you either don't get it or you're just arguing for the sake of strife. About this: :" I note that the question I asked went unanswered: Linden Lab uses Amazon SES systems for their e-mails now. A breach occurs in Amazon's systems wherein someone can now intercept the e-mails running through it - and not just those sent by Linden Lab. Who is responsible for the security of those systems and the subsequent damage done by such a breach: Linden Lab (and the other Amazon business customers) or Amazon?" Easy answer, and so obvious that probably nobody even bothered looking at the quesion. Linden Lab is responsible to their users for the security of email traffic they support. Link to comment Share on other sites More sharing options...
Solar Legion Posted October 31, 2013 Share Posted October 31, 2013 "Easy answer, and so obvious that probably nobody even bothered looking at the quesion. Linden Lab is responsible to their users for the security of email traffic they support." Wrong. Linden Lab is not responsible for a security breach outside of their systems. The law and most nits believe otherwise and no one has ever bothered to point out that this is just asinine. Linden Lab's responsibility to their users extends as far as their personally owned systems reach and that's it. Amazon's systems were breached, Amazon bears the responsibility for the breach. The ONLY responsibility Linden Lab bears is their choice of e-mail handler. Your example is one that relies on a material item, code involved or not. You would be better off to present a scenario wherein you are dealing exclusively with programming, code and the like. But to humor you ..... While I'd berate your choice of coding service and seek a refund, I'd not pin the responsibility for the failure of your gadget on you. Would I go after the outsourced coders? So long as I have a contact number or could otherwise obtain such, quite possibly. I live in the US myself Dillon. My "approach" as you put it is blunted by nits that like to take the easy way out of everything and cannot fathom anything other than black and white notions for responsibility. In the scenario you gave, there is a bit of responsibility on both parts. You are responsible for your choice of coder and for failing to verify that they do good work. They are responsible for utterly failing to write the code. From the wording and tone of your scenario, both you and the coder company are start ups and thus prone to mistakes. Responsibility is shared here and both companies would get a certain amount of flak, but for different reasons. In the case of Linden Lab and their use of Amazon's SES service, it's a bit different. Yes, Linden Lab is responsible for their user's data, but only while that data is on their servers and their systems. They have no control over an outside source and like it or not, they do not have the capacity to handle running a mail server anymore. They had to examine their options and chose the service that was used most often by other online services and until now had a very good track record. They bear the responsibility for that choice. However, the responsibility for security of those AWS/SES servers falls squarely on amazon. They had a breach (potentially) and data was leaked. Now, I am quite certain that it was not just Linden Lab's user data that would be leaked as many other places use the same system. That is why my question was phrased the way it was: Linden Lab was NOT the only one in that situation whose data was leaked. This granular reality of responsibility is one that is very much in tune with the real world. Responsibility is not a blanket concept nor is it black and white - that's just the way people believe it should be handled and the way it HAS been handled. Link to comment Share on other sites More sharing options...
Perrie Juran Posted October 31, 2013 Share Posted October 31, 2013 Tagging here out of convenience. There is a little bit of everybody is right and everybody is wrong here and a lot of arguing over semantics. Actually Dillon got it in part, if you are talking legally, Jurisdiction is very important. If you ever read a warranty it will say, at least here in the U.S., "your legal rights may vary by State." Who gets held responsible and for what they get held responsible will vary by State and / or, as in Maddy's incident, Federal law. So legally speaking you can not state carte blanche rules that apply every where. Because every Jurisdiction has its own durn fine print. If I were to sue over my personal Data being breached, I would sue both LL and Amazon. The first thing the Court would look at is whether it has Jurisdiction. Then, if it did, it would need to decide according to the laws in its Jurisdiction who gets held responsible. That is why everybody and their mother gets named in law suits. Part of the process is the Court sorting out who is legally responsible for the damages according to the laws in its Jurisdiction and what share (percentage) of the responsibility each party has. I'm just talking legally speaking above. Ethically speaking I don't think all the laws are right. I think that in some cases the laws hold the wrong parties responsible. But the ethics of it are a whole separate subject. We could say that ethically speaking Solar thinks LL is not responsible but that other people in this thread think that they are. Link to comment Share on other sites More sharing options...
Phil Deakins Posted October 31, 2013 Share Posted October 31, 2013 In your last post to me you said that we will have to agree to disagree, and I can't disagree with that. Just remember that people, including you, do not write in the precise way that you would like, so, to avoid future confusions for yourself, it would be good to bear that in mind. Link to comment Share on other sites More sharing options...
Phil Deakins Posted October 31, 2013 Share Posted October 31, 2013 Dillon Levenque wrote: Solar Legion wrote: Sorry, no one has any control whatsoever over systems they do not directly own or maintain. That is reality, expecting otherwise will lead you to be disappointed again and again. Feel free to believe otherwise. Now here is a fun one for you: Linden Lab uses Amazon's SES system for their E-mails now. Who do you blame? Linden Lab or Amazon? I am doing nothing other than being ralistic with thisL I could not really care any less how things are done by those with unrealistic expecatations. Aren't you the one who supposedly insists every word and phrase must match literally what you believe it to mean? Here's what I said: " If you are dealing with LL and only LL, then LL has full responsibility to you, regardless of where or how they subcontracted anything." Exactly where in that or anything else in my comment did I mention 'control'? Yes, he is the one BUT... he only insists that everyone writes literally. He didn't say that he'll actually understand what is written, or that he won't twist what is written, if he's done that intentionally Link to comment Share on other sites More sharing options...
Phil Deakins Posted October 31, 2013 Share Posted October 31, 2013 Solar Legion wrote: It is simple: Linden Lab's responsibility is to the data they store and pass through the systems they control. Once it leaves their systems, it becomes the responsibility of the owner of those systems. I'm sorry, but that's not true. LL certainly relinquishes full control over the data when they give it to another company, but, in passing it to another company, they don't relinquish any of the responsibility to their customers for it. If they are going to pass it on at all, they really have to ascertain, as best they can, that the data will be secure in the hands of the other company. What is true is that, as long as they have done all they can to ensure the security of the data before passing it on, and the data leaks from the other company, they are not at fault. Nevertheless, they cannot turn to their customers and say that "It's not our responsibility". They can rightly say, "It's the other company's fault", but they can't abdicate their responsibility to their customers for the security of their customers' data. I think you are getting hung up on 'control', and wrongly combining it with 'responsibility'. Suppose you are in possession of someone else's car, and you let a friend use it. And suppose your friend crashes it. It's true that you weren't in control of the car when your friend was using it, and, if your friend caused the crash, it's true that your friend is to blame for the damage to the car. But can you tell the person who owns the car that it's not your responsibility, and duck out of the financial consequences? Of course not. You are responsible to the owner for the car at all times, and it's you who has to pay up. Of course you can get your friend to make good on it to you, but, if he won't, you lose out. ETA: In your post #131 at the top of this page, you said that Amazon is to blame, and you are right. But now you are combining 'blame' with 'responsibility'. The two are not the same. Responsibility is one thing, control is another thing, and blame is yet another thing. You're the only one in this discussion who is shifting it to control and blame, and what you say about those is correct, but everyone you disagree with is talking about responsibility, and that's what the discussion is about - responsibility. Amazon is responsible to LL for the data's security, and not to LL's customers, and LL is responsible to their customers for it. Link to comment Share on other sites More sharing options...
Phil Deakins Posted October 31, 2013 Share Posted October 31, 2013 Madelaine McMasters wrote: Solar Legion wrote: Nice comparison of apples to oranges. Computer data is computer data - it is not a medical instrument. Sorry - Amazon is to blame for any leaks that occur through the use of their SES service. That people do not accept this simple fact simply goes to show that everyone is quite ready and willing to take the easy way out. Wrong, Solar. If a hospital's use of Amazon SES resulted in a HIPAA violation because of a breach within Amazon, the violation would be registered against the hospital, not Amazon. The hospital might well go after Amazon to recover any damages that resulted, but the record would show the hospital as the violator. You seem to be confusing blame with responsibility. I hope you never find yourself in a courtroom, you may find that reality is very unpleasant. Hey! I was away most of yesterday and asleep after that, so I've only just got back to this thread, and I've been responding to posts as I read them. I thought it was rather clever of me to realise that Solar was mixing the meanings of word together, and I posted about it. Now I see that you've already stolen my thunder, and I am not amused. Hrmph! Still, I did spot that he was also mixing 'control' in, and you missed that, so there! Link to comment Share on other sites More sharing options...
Solar Legion Posted October 31, 2013 Share Posted October 31, 2013 Phil, while your reasoning is rather sound in most parts, your attempt to use a car as an example is rather flawed. Server systems are not cars and in this case we are talking about the interaction between two different company systems. The notion of "control" and "ownership" is tied in with "responsibility" where data is concerned. Perrie is quite right in saying that such is not the way it is treated 'legally' .... And I made a point in saying that I don't give a whit about the laws, they are flawed and make an attempt at black/white, blanket applications. Linden Lab is responsible for any data stored on or that passes through their servers. Their responsibility for that data ENDS when it leaves their systems. Note also that I have repeatedly stated that Linden Lab is responsible for their choice of external data handler: That is the ONLY thing they have to answer for where the customer/user is concerned. Amazon's systems were - at the time - verified to be secure. Linden Lab chose them to handle their e-mails. They send Amazon the data and it is up to Amazon to ensure it is secure while it is in their systems. You cannot expect an individual or company IT team to be able to secure data once it leaves their systems. Now, if you'd like to try your hand at another analogy, kindly use one that compares Apples to Apples. No physical goods of any kind, no sensitive data. Stick with E-mails, public IP addresses, that sort of thing. Link to comment Share on other sites More sharing options...
Solar Legion Posted October 31, 2013 Share Posted October 31, 2013 You're on the right track Perrie. It's not just a matter of ethics (to me) Perrie. It's a matter of reality. Being realistic, a breach in Amazon's SES systems would not affect Linden Lab alone, it would affect several of Amazon's AWS/SES customers. While those customers can then be yelled at by THEIR users for their choice of mail/web service provider, it is not realistic to expect Amazon's customers to bear the responsibility for their server security. Personally, I think people are getting hung up on the fact that we have been talking about Linden Lab (just one of Amazon's AWS/SES customers) and utterly ignoring the larger picture of such a breach. Link to comment Share on other sites More sharing options...
Perrie Juran Posted October 31, 2013 Share Posted October 31, 2013 Solar Legion wrote: You're on the right track Perrie. It's not just a matter of ethics (to me) Perrie. It's a matter of reality. Being realistic, a breach in Amazon's SES systems would not affect Linden Lab alone, it would affect several of Amazon's AWS/SES customers. While those customers can then be yelled at by THEIR users for their choice of mail/web service provider, it is not realistic to expect Amazon's customers to bear the responsibility for their server security. Personally, I think people are getting hung up on the fact that we have been talking about Linden Lab (just one of Amazon's AWS/SES customers) and utterly ignoring the larger picture of such a breach. My bolding above. Realistic or Reasonable? Again, legally speaking, that is a question that gets asked in Court, especially in so called grey areas of the law. It is also why we have something referred to as "Case Law." How have Courts previously applied the Law. The Courts establish what they believe to be a "reasonable expectation" under the Law. Here would be a (hypothetical) question. What if LL knew that Amazon's servers were getting breached and still chose to use Amazon? Back when LL was requiring age verification for access to adult content there was a small uproar about the third party service they had chosen to do the verification. The company they chose did not have a good reputation. Would LL have been responsible if the private information I supplied had become public? Here is my personal POV. I'm summarizing, I know there are detailed statements made by LL regarding all this: Linden Lab has told me they collect and store certain personal information and that they keep it secure. They have also told me that sometimes they use third party providers. Linden Lab has a responsibility to choose these providers carefully. If there is a report of a possible breach LL is responsible to investigate thoroughly and act accordingly depending on the outcome of that investigation. Nothing relieves LL from those responsibilities. Basically speaking the Law requires that a company acts with due diligence. Whether or not LL could be held legally responsible for a breech of a third party provider would be a matter of the law in the appropriate Jurisdiction. Link to comment Share on other sites More sharing options...
Solar Legion Posted October 31, 2013 Share Posted October 31, 2013 Realistic, Perrie. The courts define what is "reasonable" or not, no matter how realistic that decision would be. The flap with Aristotle was based around the fact that that company was also tied to political surveys and the like - and yes, much of that information truly was sensitive. It comes back to the nature of the information being shared and sent. The sort of information for the age verification process of the time truly was personal and sensitive. The e-mail addresses passed through Amazon's systems ... just aren't at that level whatsoever. Now, here's something to note as well concerning Aristotle: The information you supplied to them was already "public" in the sense that they could actually verify it. Link to comment Share on other sites More sharing options...
Perrie Juran Posted October 31, 2013 Share Posted October 31, 2013 Solar Legion wrote: Realistic, Perrie. The courts define what is "reasonable" or not, no matter how realistic that decision would be. The flap with Aristotle was based around the fact that that company was also tied to political surveys and the like - and yes, much of that information truly was sensitive. It comes back to the nature of the information being shared and sent. The sort of information for the age verification process of the time truly was personal and sensitive. The e-mail addresses passed through Amazon's systems ... just aren't at that level whatsoever. Now, here's something to note as well concerning Aristotle: The information you supplied to them was already "public" in the sense that they could actually verify it. I know we could get really far fetched with all kinds of possible scenarios. I function under this rule, "There is no privacy on the Internet." If someone wanted to find out bad enough what I do on the Internet, who I am, a lot of personal information, it is out there for grabs. One of the alarms that people recently sounded was regarding the NSA using Man In The Middle to monitor what people were doing. There were some big questions raised about how they were getting around HTTPS. "The NSA's system for deploying malware isn't particularly novel, but getting some insight into how it works should help users and browser and software vendors better defend against these types of attacks, making us all safer against criminals, foreign intelligence agencies, and a host of attackers. That's why we think it's critical that the NSA come clean about its capabilities and where the common security holes are—our online security depends on it." That said, I do want my service providers to do all that they can to keep my personal information secure. We were told that Aristotle was not keeping/storing our information. If they did I would consider that a serious breech of trust. But if they did and let's say someone wanted an RL list of SL users, it becomes quick, easy and simple to obtain. Far fetched? Now a days there are a lot of things that I no longer consider far fetched. I don't really stress over this stuff. But every time I share personally identifiable information on the Net, I do ask myself if I want to make the trade off: My information in exchange for the service I want. Link to comment Share on other sites More sharing options...
Jazleen Raynier Posted October 31, 2013 Share Posted October 31, 2013 I don't claim to know anything at all about computers and their workings, but the same email account I use for SL, and often get a phishing scam stating that my paypal address has shown signs of an attempt to break into it. Trouble is I don't have a paypal address, nor will I, but that doesn't stop the same phishing scam coming to me at least every week. The same as my Barclays account, my LLoyds account, my Halifax account etc etc stating those accounts have been hacked - sadly for those a little less stupid than me don't realise is that I don't have an account with any of those banks and there is no way in hell I'm going to open their little game. If it is a case of someone sending phishing scams you really shouldn't open them, even if you think they are from something legitimate as the first time you do you could be putting a trojan horse into your computer. You have to speak to LL asap, so they can at least do some checks if for no other reason but to tell you it isn't coming from them. Secondly, change all your passwords and stop opening emails that are obviously a scam. Link to comment Share on other sites More sharing options...
Phil Deakins Posted October 31, 2013 Share Posted October 31, 2013 Solar Legion wrote: Phil, while your reasoning is rather sound in most parts, your attempt to use a car as an example is rather flawed. Server systems are not cars and in this case we are talking about the interaction between two different company systems. I do know that a car and a server system are different things, but the analogy for this discussion is spot on. The person who borrows the car is responsible to the owner of the car even if s/he let someone else use it. The company (LL) that receives personal data from its customers is responsible to its customers for the security of that data. Linden Lab is responsible for any data stored on or that passes through their servers. Their responsibility for that data ENDS when it leaves their systems. Note also that I have repeatedly stated that Linden Lab is responsible for their choice of external data handler: That is the ONLY thing they have to answer for where the customer/user is concerned. Linden Lab is responsible to its customers, and that responsibility does not end if they pass the data on to another company. Amazon's systems were - at the time - verified to be secure. Linden Lab chose them to handle their e-mails. They send Amazon the data and it is up to Amazon to ensure it is secure while it is in their systems. You are correct about that, but does not absolve LL's responsibility to its customers. You cannot expect an individual or company IT team to be able to secure data once it leaves their systems. That's true. If LL has taken all reasonable steps to ensure that the data is safe in the other company's hands, then that's all they can do. If the other company leaks it, it's not LL's fault. However, none of that absolves LL's responsibility to their customers about it. Now, if you'd like to try your hand at another analogy, kindly use one that compares Apples to Apples. No physical goods of any kind, no sensitive data. Stick with E-mails, public IP addresses, that sort of thing. My analogy was spot on. Perhaps you would like to try your hand at understanding it. Link to comment Share on other sites More sharing options...
Solar Legion Posted October 31, 2013 Share Posted October 31, 2013 While I understand your analogy Phil, I do not like repeating myself: A car and computer data/servers are two very different things. The analogy does not work - period. For it to be ABLE to work, you would need to treat the car as a server and the passenger as the data, add in a second car to represent the server the data is being handed off to, followed by a third car which manages to force the passenger of the first (the originating server (car) and data (passenger)) into it before driving off (kidnapping). A car wreck is NOT a server security breach. You also seem to be hug up on Linden Lab's responsibility to its customers - a responsibility concerning securing the data that ends once the data leaves their server systems but for which you want them to retain. Their responsibility extends only as far as making certain that the provider they choose to handle the data has taken every step they can to secure it. Past that, they do not bear responsibility if the provider's systems are breached - not for something as trivial as an e-mail address. You are confusing two very different responsibilities Phil: Linden Lab's responsibility for the security of their systems and their "responsibility" to provide the customer with a decent product, customer service etc. While I can agree that Linden Lab is partially responsible if the data leaked is far more personal (one of the reasons they eventually terminated their original method for age verification) they are not responsible for leaks of trivial data. Hundreds of thousands of e-mails get sent each and every day, I have not seen many news articles concerning a mail server leak unless it is a leak coming directly from the original provider. In any event, please work on comparing apples to apples. Link to comment Share on other sites More sharing options...
Solar Legion Posted October 31, 2013 Share Posted October 31, 2013 Most of that was the reasoning behind Linden Lab dropping Aristotle and eventually the entire original method for age verification. I don't stress over the smaller details/data. If I want everyone to know something truly personal, I tell them. Link to comment Share on other sites More sharing options...
Facebook
Instagram
Twitter
YouTube
Flickr
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now