Jump to content

Recommended Posts

20 minutes ago, Lindal Kidd said:

Also, one of the reasons LL split off Tilia as a separate entity was so they could market its services to others.

I'm sure that this is true. And while that may be good for LL, it's not in itself much consolation to those who object to Tilia.

21 minutes ago, Lindal Kidd said:

You ought to compare the "ridiculous" Tilia ToS with the Second Life ToS you signed when you arrived.  They're pretty much identical.

In fairness to @Mikey Shu and other non-Americans, I don't think it's so much the Tilia TOS that's the issue as it is the specific ID requirements. And, in fairness to LL, those seem to be dictated by US law and regulations, rather than by the company itself.

I think it's entirely valid to point out the Linden Lab is not, itself, the body that is setting these standards for identification. However, I can certainly understand why non-US citizens would object, even if it is at the US government that they should be directing their ire. The EU (and other non-EU countries in the developed world) generally have much stronger privacy protections than are available in the US . . . which is, of course, why Facebook, Google, and other online companies are continually running afoul of the EU's GDPR, and finding themselves fined immense sums of money.

I'm quite sure that the Tilia requirements actually are in compliance with GDPR -- or LL would find itself facing a much more worrisome and potentially expensive problem than irate customers. But that said, there is generally a higher expectation for privacy outside of the US than there is within it, and it's understandable that some non-US residents are deeply unhappy with being required to conform to US practices in this regard.

Almost certainly, the anger at LL is misdirected, if they are merely complying, as they must, with US law. But that doesn't mean that those who value their online privacy should necessarily simply shrug this off.

30 minutes ago, Lindal Kidd said:

They've implemented some state of the art protections for personal information that they think are worth something.  See this blog post: https://community.secondlife.com/blogs/entry/2590-information-about-privacy-and-security-in-tilia/

Is there an actual consensus among those knowledgeable about such things that this is indeed so? I'm not challenging your statement, but rather asking if you know yourself, or have seen others who are in a position to know, that these are in fact "state of the art" protections?

  • Like 4

Share this post


Link to post
Share on other sites
52 minutes ago, Mikey Shu said:

It's sad to say, but after talking with my friend / business partner, we decided that we are now suspending our businesses within SL for as long as this tilia crap stays the way it is, for cashing out. So I guess after more than 12 years in SL, the day has come where it's time to look for other worlds to do business in. LL isn't reliable anymore, they've showed that enough over the last months. Congrats, Linden Lab!

I'm really sorry to hear this.

See my response to Lindal, above: I don't think it's really Linden Lab that is at fault here, but rather US regulations that require that they collect this information.

So, in that sense, your anger is misdirected. But I can still certainly understand why might feel sufficiently uncomfortable with these requirements, regardless of who is mandating them, that you'd feel the need to fold up your business.

This is my concern: that there are possibly many more merchants and creators from whom we are not hearing here who may be responding as you are.

  • Like 2

Share this post


Link to post
Share on other sites
5 hours ago, chardonay Babii said:

Think about it, multinational companies worth billions and governments struggle to stop hackers stealing info and selling it on the dark web.   Do you want to take that risk and trust this company can protect all your sensitive RL  info to collect a few Lindens from a content creating business? I wouldn’t do it for a thousand bucks, I’d leave it in there.  FYI I read the terms and privacy policy. That’s the contract terms I would have to agree to but won’t do.  It’s not a knee jerk reaction it’s experience.  Once bitten twice shy. The Tilia team say they have good intentions but sorry guys for me the risk outweighs the potential benefit.  

If you never cash out you never have to agree to the Tilia terms. It is that simple. I never cash out and didn't have to agree. Of course, I'm the one that brought up the fact that the way they were doing things was coercion and they did back track on making everyone agree when they realized I knew wtf I was talking about. They know they would lose in court which is exactly where they were going to find themselves if they had persisted.

Share this post


Link to post
Share on other sites
3 hours ago, Selene Gregoire said:

If you never cash out you never have to agree to the Tilia terms. It is that simple. I never cash out and didn't have to agree. Of course, I'm the one that brought up the fact that the way they were doing things was coercion and they did back track on making everyone agree when they realized I knew wtf I was talking about. They know they would lose in court which is exactly where they were going to find themselves if they had persisted.

I tried to cash out to PayPal yesterday and had to agree to the TOS first.   I do or used  to cash out due to having two smaller SL  businesses for years.   

Share this post


Link to post
Share on other sites
Posted (edited)
5 hours ago, Scylla Rhiadra said:

 

This is my concern: that there are possibly many more merchants and creators from whom we are not hearing here who may be responding as you are.

There are apparently a bunch judging from the merchant chatter. Mostly "little folks" which had nothing to do with products or talent  --- fairly often it is a "marketing" thing :D.   I personally don't know anyone who is NOT cashing out and STILL keeping their store open and with a few new products --- other than moi.    That doesn't seem to be a popular choice in my small circle.   I also don't know anyone personally that has left SL over Tilia but I was assured by friends that there is a small exodus. 

 

And to @Mikey Shu   :D. There really AREN'T a lot of "other worlds" to sell in IF selling is your endgame.   Sansar of course uses Tilia and seems to have gone through its "retailer" phase already unless something changes dramatically.  Opensim has security and copybot (not even copybot but "god mode") issues and isn't a very lucrative platform for people used to SL.  Kitely market would be the place to check out but I only make about $20 a month from Kitely now which is a very small percentage of what I make in SL.  So it REALLY depends on what you are after. 

 

You could of course stay and just not cash out to Paypal any longer.  That's a choice too.  I really hate to see the creators leaving but I certainly understand their point of view.  In the end everyone has to do what is the best for themselves.  

 

Edited by Chic Aeon
spelling
  • Like 3

Share this post


Link to post
Share on other sites
11 minutes ago, chardonay Babii said:

I tried to cash out to PayPal yesterday and had to agree to the TOS first.   I do or used  to cash out due to having two smaller SL  businesses for years.   

Ok. Then the only thing left to say is LL dba Tilia is going to keep your info as secure as any site is going to be able to against hackers. Truth is there is no such thing 100% secure. It boils down to how much you feel you can trust LL dba Tilia to keep your info safe. Both actually have a very good track record of doing so as compared to many of the companies I've done business with in the past 30 years or so.

Of course, LL/Tilia is not a major target like Equifax.

Share this post


Link to post
Share on other sites
9 minutes ago, Chic Aeon said:

You could of course stay and just not cash out to Paypal any longer.  That's a choice too.  I really hate to see the creators leaving but I certainly understand their point of view.  In the end everyone has to do what is the best for themselves.  

It was said by a Linden, somewhere in that long thread or the one they locked (not stickied), that at some point in the future we would be able to withdraw from LL/Tilia and have the monies directly deposited into our checking/savings accounts. No need for PayPal (for US residents) anymore. That is what I've been waiting for all these years.

I trust PayPal far less than I do LL. They burned that bridge long ago.

  • Like 2

Share this post


Link to post
Share on other sites
5 hours ago, Lindal Kidd said:

You ought to compare the "ridiculous" Tilia ToS with the Second Life ToS you signed when you arrived.  They're pretty much identical.

 

Except in 2007 there was no requirement to provide a document with my home address, a social security card or similar, just a name and means to deposit money such as a CC or later PayPal.   

  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)
7 minutes ago, chardonay Babii said:

Except in 2007 there was no requirement to provide a document with my home address, a social security card or similar, just a name and means to deposit money such as a CC or later PayPal.   

asking for RL details is used for many years already when people cash out , it's only taken over by a new Linden department.
If you never had to fill in some tax forms, upload your ID /driverslicense or utlility bill you just been lucky.

Edited by Alwin Alcott

Share this post


Link to post
Share on other sites
8 minutes ago, chardonay Babii said:

Except in 2007 there was no requirement to provide a document with my home address, a social security card or similar, just a name and means to deposit money such as a CC or later PayPal.   

The US laws have changed since 2007. LL must have the info in order to comply with the federal statutes. If not then either you aren't allowed to withdraw funds or LL has to shut the ability to withdraw down for everyone if they fail to comply. Since LL is domiciled in the US, there is no way around the changes in the law.

  • Like 1

Share this post


Link to post
Share on other sites
23 minutes ago, Selene Gregoire said:

The US laws have changed since 2007. LL must have the info in order to comply with the federal statutes. If not then either you aren't allowed to withdraw funds or LL has to shut the ability to withdraw down for everyone if they fail to comply. Since LL is domiciled in the US, there is no way around the changes in the law.

I’m an Australian and the US  can keep their law.   

Maybe they they should provide me the same personal information they want from me for a transaction when I buy Linden’s..

 

 

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, chardonay Babii said:

I’m an Australian and the US  can keep their law.   

Maybe they they should provide me the same personal information they want from me for a transaction when I buy Linden’s..

 

 

Doesn't matter where the customer lives, companies have to abide by the laws of the country in which they are domiciled. Whether you like it or not. All countries are that way, including Australia.

Share this post


Link to post
Share on other sites
9 hours ago, Scylla Rhiadra said:

I'm really sorry to hear this.

See my response to Lindal, above: I don't think it's really Linden Lab that is at fault here, but rather US regulations that require that they collect this information.

So, in that sense, your anger is misdirected. But I can still certainly understand why might feel sufficiently uncomfortable with these requirements, regardless of who is mandating them, that you'd feel the need to fold up your business.

This is my concern: that there are possibly many more merchants and creators from whom we are not hearing here who may be responding as you are.

 

I have to agree with you. Kinda like the whole situation with Hangars Liquides. Not exactly the same, of course; but just saying LL getting a stricter in many areas concerning RL money, are mostly simply the result of outside regulators (like IRS, international anti-money laundering efforts) exerting pressure on them (the kind you can't make go away). I think it's fair to say LL wants all your monies, without stressing ppl out, or frustrating them unnecessarily. But I don't think they really have much of a choice here.

  • Like 1

Share this post


Link to post
Share on other sites
4 minutes ago, kiramanell said:

 

I have to agree with you. Kinda like the whole situation with Hangars Liquides. Not exactly the same, of course; but just saying LL getting a stricter in many areas concerning RL money, are mostly simply the result of outside regulators (like IRS, international anti-money laundering efforts) exerting pressure on them (the kind you can't make go away). I think it's fair to say LL wants all your monies, without stressing ppl out, or frustrating them unnecessarily. But I don't think they really have much of a choice here.

SL has been fun but since I wont accept the TOS as it stands even if it is because of US law, I cant justify selling my SL creations for profit if there is no avenue for exchange into my bank account or Paypal. I might list both stores products for free in fairness to  my customers.  

Share this post


Link to post
Share on other sites
Posted (edited)
2 hours ago, Selene Gregoire said:

Doesn't matter where the customer lives, companies have to abide by the laws of the country in which they are domiciled. Whether you like it or not. All countries are that way, including Australia.

Yeah I know it sucks for all concerned.

Sorry for being the fun police in this thread. 

Will Residents outside the U.S. still need to provide verification or ID for credit processing transactions? 
Yes, anyone who processes credit will need to present a government-issued ID.  <- There is zero chance of this happening with photo ID or not

Edited by chardonay Babii

Share this post


Link to post
Share on other sites
Posted (edited)
11 hours ago, Scylla Rhiadra said:

There are at least two possible ways to interpret the word "trust" here.

If by that word you mean, do I trust LL not to do something unethical or nefarious with that information, then I think the answer is yes: I do trust them. I can think of no case ever where LL was caught data mining, selling information, or using RL info in some fashion that violates the spirit of the nondisclosure clauses in the TOS and CS. I "trust" LL, in this sense, a lot more than I "trust" Google, Apple, Amazon, or Facebook (not to mention just about any company behind phone apps that you could name).

If by "trust," however, you mean, do I trust that they are savvy and careful enough to keep that information safe from leaks and hackers . . . well, this is a more legitimate concern. I don't actually have an answer for that, because I don't have the technical chops (nor I think do we have enough information) to judge how exposed or vulnerable it is likely to be.

On the whole though, I doubt that LL's databases are any less secure than most of the undoubtedly huge number of digital repositories that are already storing this information.

 

^^ Very well put!

I don't think LL is up to no good; and, in that sense, I mistrust Google, Facebook, Apple, etc, a thousandfold more. In fact, with those companies, abuse of your personal information (by whatever means they collected is), is almost guaranteed. As is stand, LL couldn't really profit from your personal information anyway (not to mention that they already possess a lot of that). They can't very well send you RL ads based on your inworld purchases, as there's hardly a real relationship with real-life shopping (like when was the last time I went shopping for 20+ houses a year in RL?).

Which brings me to your second point. Could LL lose the data? (Like to hackers). Everything is possible. But, as potentially marketable 'leads', your personal info is pretty much useless for hackers too. So, yeah, it could happen; but on my things-to-worry-about list, that risk comes in at a very low priority.

Edited by kiramanell
  • Like 2

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, chardonay Babii said:

Yeah I know it sucks for all concerned.

Sorry for being the fun police in this thread. 

Will Residents outside the U.S. still need to provide verification or ID for credit processing transactions? 
Yes, anyone who processes credit will need to present a government-issued ID.  <- There is zero chance of this happening with photo ID or not

There were also instructions for those who can not obtain a government issued ID to contact LL so they can tell you what you need to do. It may have even said to file a support ticket. 

You seemed determined to leave SL over something LL has no control over so there's no point in saying anything more. It's not my job to convince people to stay and LL sucks at retention so, there you are. Where you go from here is up to you.

Edited by Selene Gregoire

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, Selene Gregoire said:

There were also instructions for those who can not obtain a government issued ID to contact LL so they can tell you what you need to do. It may have even said to file a support ticket. 

You seemed determined to leave SL over something LL has no control over so there's no point in saying anything more. It's not my job to convince people to stay and LL sucks at retention so, there you are. Where you go from here is up to you.

Thanks anyway.  I love SL and don’t really want to leave.  The reason I  stay is creating and my inworld businesses.  Financially I don’t need revenue from SL sales, it’s more the spirit of it that is challenging future participation.  :(

 

 

                      . 

 

Edited by chardonay Babii

Share this post


Link to post
Share on other sites

How this thread is still active?  Surely there's some topic more suited to all the hysterical butthurt.

You'd think the stipends were delayed a half hour.

  • Like 2
  • Haha 1

Share this post


Link to post
Share on other sites
32 minutes ago, Qie Niangao said:

How this thread is still active?  Surely there's some topic more suited to all the hysterical butthurt.

You'd think the stipends were delayed a half hour.

It came back to life since after the first of the month due to some not being aware of the new Tilla policies that LL had to change due to government rules.

  • Like 2
  • Thanks 1

Share this post


Link to post
Share on other sites
18 hours ago, Mikey Shu said:

It's sad to say, but after talking with my friend / business partner, we decided that we are now suspending our businesses within SL for as long as this tilia crap stays the way it is, for cashing out. So I guess after more than 12 years in SL, the day has come where it's time to look for other worlds to do business in. LL isn't reliable anymore, they've showed that enough over the last months. Congrats, Linden Lab!

Good. More business for everybody else. Don't let the door hit you on your way out.

  • Like 4

Share this post


Link to post
Share on other sites
21 minutes ago, Qie Niangao said:

Good. More business for everybody else. Don't let the door hit you on your way out.

pretty much yes. No business person into maximising profits from their SL products is ever going to miss anyone who previously cashed out of SL

and tbh, as a consumer I don't much care either. When a supplier stops providing product, I still spend the same amount of money. the money just goes to somebody else.  And if it ended up that there were no suppliers at all then I go back to making my own stuff for myself, and dropping it for free on people who want it

  • Like 3

Share this post


Link to post
Share on other sites
16 hours ago, Scylla Rhiadra said:

Is there an actual consensus among those knowledgeable about such things that this is indeed so? I'm not challenging your statement, but rather asking if you know yourself, or have seen others who are in a position to know, that these are in fact "state of the art" protections?

Well there's not really going to be much in there that's not pretty much industry standard, that is to say there's a database of our data, enciphered with an appropriate symmetric cryptographic algorithm (Likely AES256), where the key is protected by an asymmetric key pair of a modern algorithm (probably an elliptic curve), where the private key was generated in an HSM (Hardware Security Module), where the HSM may or may not be FIPS-140-2 (or now possibly even level 3) validated.  All of this is pretty run of the mill for military, government, financial services.

Access to the data centre itself should be mandating multifactor authentication and likewise they mention logical system access via multifactor tokens and also a large part of the overall security will be implemented not only by technical constraints but also by policy and procedure.  Again, all standard operating practice for this sort of scenario.

So just to throw some darts at the board...

"Our engineers created a new “personal information vault” project. This vault uses modern algorithms to encrypt sensitive information in a way that would require both enormous computing power and an enormous amount of memory for an attacker to crack… if they could even get a copy of the encrypted data."

We're using standard AES256 cipher for block encryption and Elliptic Curve cipher for the Asymmetric key. Private key marked as non exportable and held in an HSM.

"And all of this new encryption is wrapped around the encryption we already used - encryption which was the industry standard at the time."

Yeah, that's the "We already encrypted the database with standard ciphers such as AES256 but in SL we only stored the key in software". ;)

"These are entire new layers using encryption technologies which didn’t exist when Second Life was new. "

Well hmm... https://en.wikipedia.org/wiki/Elliptic-curve_cryptography

History

The use of elliptic curves in cryptography was suggested independently by Neal Koblitz[7] and Victor S. Miller[8] in 1985. Elliptic curve cryptography algorithms entered wide use in 2004 to 2005.

"Even after all of these changes, the old protection remains in place at the bottom of that stack. Figuratively speaking, we locked the old vault inside a bigger, stronger vault. We chose an approach where we didn’t need to decrypt information in order to enhance your protection. "

This is consistent in my mind as to "vault within a vault" being an encrypted database with a better protection for the block cipher key.  No need to decrypt what was already there, just provide stronger key protection, the symmetric block cipher key remained the same.

"There is another key part of this project: Our storage mechanisms for sensitive customer information are now isolated from Second Life. The information isn’t stored at the same physical location anymore, and hasn’t been for a while. But the difference is more than physical. "

Means "We had to buy a bigger USB stick to throw it across the room" :)

"Second Life’s servers do not have direct access to Tilia information that isn’t required for daily Second Life usage. Even developers who have worked at the company for a dozen years - developers who have full access to every last Second Life server - do not have access to the servers that store and protect the most sensitive information. A policy of least privilege means fewer opportunities for mistakes. "

Did those developers EVER have full access to our data and if so why?  That should never have been a requirement.  Even in the case of development, that should be on a development environment without live data, the live data shouldn't ever be accessible - period!

"This means that compromising one database inside of Tilia is insufficient to decrypt and correlate sensitive data without compromising a different service."

A segmented architecture, multiple databases, each with its own symmetric key, protected by own key pair thus would require compromise of multiple keys/systems, yes normal stuff here.

"We have deployed numerous commercial products which help monitor for access, abuse, or data copying attempts for data that is made available to Tillia employees. This means that even an attacker with all employee access credentials, access to employee multifactor authentication tokens, and all Tilia access permissions would still face some challenges in avoiding early detection. "

We've installed Splunk because it's free! Joking aside, they've deployed one or more SIEMs (Security Information and Event Management software) and some IDS (Intrusion Detection  System) software to monitor along with probably some agent based software to monitor PC behaviour and possibly thrown in some CASB (Cloud Access Security Broker) software just for fun.

What I haven't seen is any mention of how they'd handle the situation where a family member or two is kidnapped and the attackers have set up a live feed of the electric drill being held to the eyeball of the staff members youngest child. Which when the prize is rich enough is the upgraded version of:-

image.png.e29d7fd5b58ee75d430bd7f853da90ec.png

Overall, what Soft Linden describes and what I believe (I also believe in aliens), is distilable to pretty much standard good operating practice for the service being operated. 

There are also existing services which allow a user to scan government documents, take a selfie, have that validated and a confidence factor returned to the calling service.  No data is stored, there's no need once the ID result is validated.  I'd be curious to know why LL hasn't gone down this route.

I note that Soft Linden didn't explicity call out blockchain anywhere but they may or may not be playing with that too, because some people feel it's trendy!

All of the above is based upon supposition and interpretation of the end user facing blurb posted below and I have no further insight other than the ability to read and interpret based upon experience.

 

  • Like 3
  • Thanks 2

Share this post


Link to post
Share on other sites
4 hours ago, Qie Niangao said:

How this thread is still active?  Surely there's some topic more suited to all the hysterical butthurt.

You'd think the stipends were delayed a half hour.

I created a monster.

  • Like 1
  • Haha 10

Share this post


Link to post
Share on other sites
Posted (edited)
15 hours ago, Bradford Mint said:

Well there's not really going to be much in there that's not pretty much industry standard, that is to say there's a database of our data, enciphered with an appropriate symmetric cryptographic algorithm (Likely AES256), where the key is protected by an asymmetric key pair of a modern algorithm (probably an elliptic curve), where the private key was generated in an HSM (Hardware Security Module), where the HSM may or may not be FIPS-140-2 (or now possibly even level 3) validated.  All of this is pretty run of the mill for military, government, financial services.

Access to the data centre itself should be mandating multifactor authentication and likewise they mention logical system access via multifactor tokens and also a large part of the overall security will be implemented not only by technical constraints but also by policy and procedure.  Again, all standard operating practice for this sort of scenario.

So just to throw some darts at the board...

"Our engineers created a new “personal information vault” project. This vault uses modern algorithms to encrypt sensitive information in a way that would require both enormous computing power and an enormous amount of memory for an attacker to crack… if they could even get a copy of the encrypted data."

We're using standard AES256 cipher for block encryption and Elliptic Curve cipher for the Asymmetric key. Private key marked as non exportable and held in an HSM.

"And all of this new encryption is wrapped around the encryption we already used - encryption which was the industry standard at the time."

Yeah, that's the "We already encrypted the database with standard ciphers such as AES256 but in SL we only stored the key in software". ;)

"These are entire new layers using encryption technologies which didn’t exist when Second Life was new. "

Well hmm... https://en.wikipedia.org/wiki/Elliptic-curve_cryptography

History

The use of elliptic curves in cryptography was suggested independently by Neal Koblitz[7] and Victor S. Miller[8] in 1985. Elliptic curve cryptography algorithms entered wide use in 2004 to 2005.

"Even after all of these changes, the old protection remains in place at the bottom of that stack. Figuratively speaking, we locked the old vault inside a bigger, stronger vault. We chose an approach where we didn’t need to decrypt information in order to enhance your protection. "

This is consistent in my mind as to "vault within a vault" being an encrypted database with a better protection for the block cipher key.  No need to decrypt what was already there, just provide stronger key protection, the symmetric block cipher key remained the same.

"There is another key part of this project: Our storage mechanisms for sensitive customer information are now isolated from Second Life. The information isn’t stored at the same physical location anymore, and hasn’t been for a while. But the difference is more than physical. "

Means "We had to buy a bigger USB stick to throw it across the room" :)

"Second Life’s servers do not have direct access to Tilia information that isn’t required for daily Second Life usage. Even developers who have worked at the company for a dozen years - developers who have full access to every last Second Life server - do not have access to the servers that store and protect the most sensitive information. A policy of least privilege means fewer opportunities for mistakes. "

Did those developers EVER have full access to our data and if so why?  That should never have been a requirement.  Even in the case of development, that should be on a development environment without live data, the live data shouldn't ever be accessible - period!

"This means that compromising one database inside of Tilia is insufficient to decrypt and correlate sensitive data without compromising a different service."

A segmented architecture, multiple databases, each with its own symmetric key, protected by own key pair thus would require compromise of multiple keys/systems, yes normal stuff here.

"We have deployed numerous commercial products which help monitor for access, abuse, or data copying attempts for data that is made available to Tillia employees. This means that even an attacker with all employee access credentials, access to employee multifactor authentication tokens, and all Tilia access permissions would still face some challenges in avoiding early detection. "

We've installed Splunk because it's free! Joking aside, they've deployed one or more SIEMs (Security Information and Event Management software) and some IDS (Intrusion Detection  System) software to monitor along with probably some agent based software to monitor PC behaviour and possibly thrown in some CASB (Cloud Access Security Broker) software just for fun.

What I haven't seen is any mention of how they'd handle the situation where a family member or two is kidnapped and the attackers have set up a live feed of the electric drill being held to the eyeball of the staff members youngest child. Which when the prize is rich enough is the upgraded version of:-

image.png.e29d7fd5b58ee75d430bd7f853da90ec.png

Overall, what Soft Linden describes and what I believe (I also believe in aliens), is distilable to pretty much standard good operating practice for the service being operated. 

There are also existing services which allow a user to scan government documents, take a selfie, have that validated and a confidence factor returned to the calling service.  No data is stored, there's no need once the ID result is validated.  I'd be curious to know why LL hasn't gone down this route.

I note that Soft Linden didn't explicity call out blockchain anywhere but they may or may not be playing with that too, because some people feel it's trendy!

All of the above is based upon supposition and interpretation of the end user facing blurb posted below and I have no further insight other than the ability to read and interpret based upon experience.

 

In that the official thread is closed to questions I'd love these concerns addressed.

Assuming data encryption makes data theft impossible as stated what happens in the event of the following..

Regarding providing my Australian government document with a photo ID-

What guarantee is there the subsidiary company will not be sold off or end up in the hands of another owner that can change the TOS as stated in the TIia TOS the company can do.  To what extent is the subsequent owner of the company  at liberty to to protect and not sell my data?

In the event the US government changes privacy laws and can force the owner of Tilia to hand over my data what protection is in place to stop the US govt from building a personal  profile on non US citizens using the supplied sensitive dcument/s?

Similar questions in the event of a court order to supply data during an investigation?

Edited by chardonay Babii
  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...