Jump to content

Sorry. This is not OK. B bots profile scraping.

Coffee Pancake

By Coffee Pancake,
in General Discussion Forum

 Share
You are about to reply to a thread that has been inactive for 459 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Coffee Pancake

Coffee Pancake

Posted
Posted (edited)

My profile is set in the privacy options to FRIENDS ONLY

Check out what's open the the wider internet and actually "Public" by opening this link in an incognito tab.

https://my.secondlife.com/coffee.pancake

Z6K2BId.png

Now check me out on the B name we cant mention's avatar index.

EBa7Uow.png

I am deeply disheartened by LL's initial reaction to this.

I can only imagine what all the merchants on the top list are thinking right now.

 

This is a massive wholesale data leak and should be treated as seriously as any other security issue.

None of this is ok.

 

Edit - Hamlet published the links to the site and a statement from the operator on new world notes.

Edited by Coffee Pancake
add link to NWN
  • Like 10
  • Thanks 2
  • Sad 1
Link to comment
Share on other sites
  • Replies 224
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Volo Linden
Volo Linden

Hello all, we understand your concern regarding the content shown on the BonnieBots website. As Keira stated in the topic "Has anyone else noticed the B[xxxx] accounts?," the information displayed is

Coffee Pancake
Coffee Pancake

My profile is set in the privacy options to FRIENDS ONLY Check out what's open the the wider internet and actually "Public" by opening this link in an incognito tab. https://my.secondlife.co

PekeNL
PekeNL

Essentially this entire thread is dedicated to the fact that your privacy settings are apparently meaningless for third parties. Since it's third party, they could do whatever with this information. S

Posted Images

Coffee Pancake

Coffee Pancake

Posted
  • Author
Posted

The 3rd party already has the data and it is published now. 

  • What's the latency between a profile edit and their website updating?
  • What happens to copies of the data after an edit has been made.
  • Is it kept, who can see it and for how long.
  • what other data can they see and manipulate via private UI
  • Do they have a complete rolling back catalog of profile changes for everyone.
  • Who is behind this project.
  • Where is their privacy policy.
  • How is this affected by the GDPR or other data protection legislation.
  • Who is responsible or accountable for their actions with our data.
  • Is their reproduction of images and text in violation of any users copyright seeing as it is not covered by our agreements with LL.

It's fair to say that by statistical analysis they will have a reasonable idea of who everyone's alts are. Does the UI exist privately for them to query this information, who has access to that information ... 

This is not ok. 

It just gets worse the more you look at it.

When can we expect an official statement on the blog about this and data scraping operations in general.

  • Like 8
  • Thanks 1
Link to comment
Share on other sites
Scylla Rhiadra

Scylla Rhiadra

Posted
Posted
9 minutes ago, Coffee Pancake said:

It's fair to say that by statistical analysis they will have a reasonable idea of who everyone's alts are.

I agree that this is a bit alarming -- and given that the data is being harvested within SL, LL really does have a responsibility to respond.

But what sort of "analysis" is likely to reveal alts? If so, we may end up with Son of RedZone on our hands?

  • Like 7
Link to comment
Share on other sites
Coffee Pancake

Coffee Pancake

Posted
  • Author
Posted
Just now, Scylla Rhiadra said:

But what sort of "analysis" is likely to reveal alts? If so, we may end up with Son of RedZone on our hands?

Examine your own alt usage.

I'm betting all of you show up frequently side by side in the same location, perhaps to pass L$ or inventory around. maybe you have a store on an alt. maybe your alt goes to naughty places but shares your home to get dressed.

We're all creatures of habit and those habits are statistically significant.

  • Like 6
Link to comment
Share on other sites
Coffee Pancake

Coffee Pancake

Posted
  • Author
Posted
1 minute ago, Ceka Cianci said:

I'm curious, does that depend on the Security filters people have set? Like from Everyone seeing it or just Second life or Friends  or Nobody?

With my online profile, I have all my security filters set to Nobody and Friends.

I just checked .. Your entire profile is visible on their site open to anyone on the internet.

It even includes your premium account status.

 

  • Like 2
  • Thanks 1
Link to comment
Share on other sites
Coffee Pancake

Coffee Pancake

Posted
  • Author
Posted
2 minutes ago, Pixie Kobichenko said:

I’m not being snarky nor obtuse on purpose.  I’ve read the thread & don’t understand what is going on?  

This is what people can see of your profile on the web via linden services if they aren't logged in at all. 

Not much at all as per your user settings.

H20ckjo.png

On the Bots website, your entire profile has been published independently of LL and SL and is easily found. All images, all text, all pics, all there for everyone.

  • Like 1
  • Thanks 3
Link to comment
Share on other sites
Pixie Kobichenko

Pixie Kobichenko

Posted
Posted
1 minute ago, Coffee Pancake said:

This is what people can see of your profile on the web via linden services if they aren't logged in at all. 

Not much at all as per your user settings.

H20ckjo.png

On the Bots website, your entire profile has been published independently of LL and SL and is easily found. All images, all text, all pics, all there for everyone.

Thank you for explaining.  That does seem to be an issue if I click buttons to do something & there’s a loophole to exploit around it. 

  • Like 2
Link to comment
Share on other sites
PekeNL

PekeNL

Posted
Posted
5 minutes ago, Pixie Kobichenko said:

I’m not being snarky nor obtuse on purpose.  I’ve read the thread & don’t understand what is going on?  

Essentially this entire thread is dedicated to the fact that your privacy settings are apparently meaningless for third parties. Since it's third party, they could do whatever with this information. So if there's people who use the same online handles across a multitude of platforms it could be linked.

Let's say for example your cross platform handle is Bob12. There's a boatload of companies today who will hoard as much data as possible for profit. You apply for a job, and somewhere, somehow your online handle gets linked somewhere to your real name. Your future employer googles your name, and finds your nickname. They then find out that Bob12 not only is a skilled COD player, but also has a lot of niche fetishes that they act out online. This is obviously information you don't want them to find.

And before you go: "But you shouldn't put it up there if you don't want it seen.": You are correct, but also wrong because privacy laws exists for a reason.

  • Like 2
  • Thanks 10
Link to comment
Share on other sites
Pixie Kobichenko

Pixie Kobichenko

Posted
Posted
2 minutes ago, PekeNL said:

Essentially this entire thread is dedicated to the fact that your privacy settings are apparently meaningless for third parties. Since it's third party, they could do whatever with this information. So if there's people who use the same online handles across a multitude of platforms it could be linked.

Let's say for example your cross platform handle is Bob12. There's a boatload of companies today who will hoard as much data as possible for profit. You apply for a job, and somewhere, somehow your online handle gets linked somewhere to your real name. Your future employer googles your name, and finds your nickname. They then find out that Bob12 not only is a skilled COD player, but also has a lot of niche fetishes that they act out online. This is obviously information you don't want them to find.

And before you go: "But you shouldn't put it up there if you don't want it seen.": You are correct, but also wrong because privacy laws exists for a reason.

This sounds like something the Lindens need to address.  A much bigger issue than than things they’ve gone after like tge old name of the Virtual Secrets site.

  • Like 2
Link to comment
Share on other sites
Scylla Rhiadra

Scylla Rhiadra

Posted
Posted
27 minutes ago, Coffee Pancake said:

Examine your own alt usage.

I'm betting all of you show up frequently side by side in the same location, perhaps to pass L$ or inventory around. maybe you have a store on an alt. maybe your alt goes to naughty places but shares your home to get dressed.

We're all creatures of habit and those habits are statistically significant.

This kind of approach is going to lead to a great many false positives -- probably a lot more than you'd get with IP address scraping and matching.

Which, of course, may actually make it worse.

  • Like 4
Link to comment
Share on other sites
Ceka Cianci

Ceka Cianci

Posted
Posted
32 minutes ago, Scylla Rhiadra said:

I agree that this is a bit alarming -- and given that the data is being harvested within SL, LL really does have a responsibility to respond.

But what sort of "analysis" is likely to reveal alts? If so, we may end up with Son of RedZone on our hands?

I would think about the only place you could really link someone to their alt would be in the picks, since those are really the only ones that give locations in second life..

That or maybe a land group showing the members. I mean unless someone is making it known or  not worried about them linking..

  • Like 1
Link to comment
Share on other sites
Paul Hexem

Paul Hexem

Posted
Posted (edited)

Not going to lie, I don't see how the concerns in this thread aren't addressed by the previous response- don't put stuff in your profile you don't want people to know. That information has always been visible to anyone via a variety of means.

Edited by Paul Hexem
  • Like 2
  • Thanks 1
Link to comment
Share on other sites
Scylla Rhiadra

Scylla Rhiadra

Posted
Posted
Just now, Ceka Cianci said:

I would think about the only place you could really link someone to their alt would be in the picks, since those are really the only ones that give locations in second life..

That or maybe a land group showing the members. I mean unless someone is making it known or  not worried about them linking..

I think it would certainly take a much more sophisticated algorithm than I suspect they have available now to do it. Nor is there, at the moment, any reason to believe that whoever is collecting the information wants to . . . although it would be interesting to know why they are collecting it.

But that data is now going to be freely available online to the next guy who thinks he can make a quick buck by leveraging it into an "alt detector." Or the kind of protection racket RedZone became.

It may well not happen, but it is . . . disturbing. And, again, the actual data is being collected in-world, so LL sort of has a responsibility here, I think.

  • Like 1
Link to comment
Share on other sites
Paul Hexem

Paul Hexem

Posted
Posted
1 minute ago, Scylla Rhiadra said:

so LL sort of has a responsibility here, I think.

To do what, though?

The only way to prevent this sort of thing would be allow people to make themselves totally invisible to everyone else in the region with them. Which would be a griefer paradise.

I mean, LL could make a rule saying we can't put info on the web about SL and what we see in it... But that's a stupid idea, too. Not to mention totally unenforceable.

Link to comment
Share on other sites
Scylla Rhiadra

Scylla Rhiadra

Posted
Posted
1 minute ago, Paul Hexem said:

To do what, though?

The only way to prevent this sort of thing would be allow people to make themselves totally invisible to everyone else in the region with them. Which would be a griefer paradise.

I mean, LL could make a rule saying we can't put info on the web about SL and what we see in it... But that's a stupid idea, too. Not to mention totally unenforceable.

Well, if the info is being collected by bots -- then get rid of the bots.

If it's being culled from some sort of viewer or portal that circumvents user-determined privacy settings, then fix the code to close that option down.

One could, in theory, produce this kind of database by just zipping around in-world, and copying profile information. But that would be such a lengthy and laborious process it would hardly be possible or worthwhile.

So, this is being automated somehow. That needs to be determined, and plugged.

  • Like 2
  • Thanks 1
Link to comment
Share on other sites
Sid Nagy

Sid Nagy

Posted
Posted (edited)
16 minutes ago, Paul Hexem said:

Not going to lie, I don't see how the concerns in this thread aren't addressed by the previous response- don't put stuff in your profile you don't want people to know.

If you push the friends only button, it should be friends only. In this case people on your SL friends list. Not the 'friends' that harvest data.
Most people share other and more confidential things with friends than in public.

Edited by Sid Nagy
  • Like 3
  • Thanks 1
Link to comment
Share on other sites
Ceka Cianci

Ceka Cianci

Posted
Posted
3 minutes ago, Scylla Rhiadra said:

I think it would certainly take a much more sophisticated algorithm than I suspect they have available now to do it. Nor is there, at the moment, any reason to believe that whoever is collecting the information wants to . . . although it would be interesting to know why they are collecting it.

But that data is now going to be freely available online to the next guy who thinks he can make a quick buck by leveraging it into an "alt detector." Or the kind of protection racket RedZone became.

It may well not happen, but it is . . . disturbing. And, again, the actual data is being collected in-world, so LL sort of has a responsibility here, I think.

I never liked them online profiles and always thought they should have been an opt IN thing..They should have been something that you could add if you wanted.. I never seen a need to make them connect to the inworld profile in the first place .. For me they always felt insecure because they put one of the the most personal in world part of SL out on the net..  Wasn't that M that came up with these stupid things in the first place?

Anyways, since they first came around, I have always been conscious of them in an SL sort of in world security leak sense and someone would be hard pressed to line my alts up with each other or my main..  I have always kept them separated with online profiles in mind..

One thing i really learned from being so involved on the other side of the RZ fight is, security and what links out on the net and what doesn't.. The big problem today is so many people don't care about privacy anymore or personal information.. Even facebook showed they aren't really changing, they are pretty much just waiting until the public gets dumb enough about privacy or personal information to where it's the norm to just give it away.

Not me.. there is nothing on any of my profiles that lead anywhere really.. My picks don't ever show anywhere I'm at  either.. they are all in the same location and different locations for each alt.. hehehe

  • Like 2
Link to comment
Share on other sites
Ceka Cianci

Ceka Cianci

Posted
Posted (edited)
1 hour ago, Coffee Pancake said:

I just checked .. Your entire profile is visible on their site open to anyone on the internet.

It even includes your premium account status.

 

I can see that as a problem for someone putting  information that they think will only be seen in world..  Myself, I never trusted  profiles once online profiles came along anyways, so there really isn't anything I really am worried about filtering.. But yea, many people think the net is some user friendly place like a safe console game where nothing really can hurt you..

I used to have  Premium as part of my silly forum avatar saying under my forum name so that part really doesn't bother me.. But since online profiles have came along, it was like LL sort of tying my hands behind my back on how free I could be in profiles since then.. All that crap back then was their attempt at social networking..

Edited by Ceka Cianci
Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 459 days.

Please take a moment to consider if this thread is worth bumping.

Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...