Sorry. This is not OK. B bots profile scraping.

[Rowan Amore]

Just now, Love Zhaoying said:

If, "I feel attacked!11!!1!!!"

As in, I FEEL "harassed"..

Is that the SAME as "being harassed"? 

I don't think so.

Clowns scare a lot of people.  Perhaps they shouldn't be allowed to wander freely in SL either?  Just musing.  Or werewolves.  Or vampires.  Or...

 

[Scylla Rhiadra]

3 minutes ago, Solar Legion said:

I'd much rather go by what is known than by what-ifs - at least in cases such as this.

I agree. I've said it merits attention, not that we should be breaking out the pitchforks and torches.

It's mere foolishness not to keep an eye on things that pose potential threats.

[Arielle Popstar]

3 minutes ago, bigmoe Whitfield said:

Thing to remember too though, LL can not control what's posted to a 3rd party website,  but LL is contact with the sites owner and making sure things are going the way they need too according to what keira posted.   So we just have to rely on what LL is doing and working on with the owner at this point.  

LL can control who is gathering the information from inworld and do so whenever they block and ban copybotters taking content from inworld and post it to a 3rd party site. 

[Ezbeharra]

Okay, I am asking sincerely here because I think it is relevant:

1. Can someone explain what rationale this site could possibly have for collecting profile data and making it searchable, when its purpose, according to the New World Notes article, is to track region activity in order to determine which high traffic regions are filled with actual users at their keyboards?
2. Has anyone noticed that it doesn't even really do that very well, and certainly doesn't use user identification in its tracking? It just gets the raw number of users in a region and compares it to the previous visit. For example, I was in a region with heavy traffic, lots of coming and going, for several hours, but it's very low ranked on their list because the overall number hadn't changed much. So clearly they aren't actually identifying individual users as part of this, to track whether the same people are just sitting in a region for a long time. You don't even need a traveling bot do to that, the information is available anywhere.

[EliseAnne85]

2 minutes ago, Scylla Rhiadra said:

I don't know how LL would apply that here. But IF there are indications that the public accessibility of this mass of data is constraining people or impacting upon their use of the platform, LL should, and likely will, take action.

I don't know either exactly, of course, other than bots in your home could most definitely cause alarm.  There seem to be some aspects of disturbing the peace here although I'm not sure exactly all what is going on with these bots.  They seem to be taking data that others feel they never fully agreed to.

[EliseAnne85]

5 minutes ago, Rowan Amore said:

Clowns scare a lot of people.  Perhaps they shouldn't be allowed to wander freely in SL either?  Just musing.  Or werewolves.  Or vampires.  Or...

 

No, no...the alarm was about the bots being in your house repeatedly.  That's alarming.

[Orwar]

2 minutes ago, Scylla Rhiadra said:

3) LL may not "have" to do anything about this, but if it starts spooking people, or if there is enough noise, or if there is reasonable evidence that the data can be put to uses that harm SL's attractiveness, then they likely should, and possibly would take action.

   Because it's easier to execute the person the lynch mob are chasing, than it would be to disperse the lynch mob?

   Anyone can, at any given time, open a profile and copy the URI, then distribute the URI, and then anyone can click on that URI to open the profile it belongs to (even if they're hidden from search) - the interface they've put up on that site is just like the browser world map but with profile URIs rather than location SLURLs. 

   It's totally fine to be suspicious of things you don't understand, but before shouting for it to be taken out behind the shed it might be prudent to spend a minute figuring out what it actually is.

   Here, have mine: secondlife:///app/agent/14a1a1eb-ab84-48ca-aacd-3048bb27c8d7/about - oh noes, all that information I published about myself online, visible to strangers who may disagree with my life choices or preferences. How scary! 

[Coffee Pancake]

There is also the question of the stored data they are not publishing by aggregation on the site.

They show region stats and avatar traffic.

They don't show who those avatars are, and they absolutely do have that data.

The data they have by necessity to build the website is far deeper than we see published.

• Who can see this data?
• What are they doing with that data?
• Who can buy this data?

 

We do know BB isn't the effort of a single person (and some other things claimed by an account purporting to be BB that appeared late last night on reddit to "get ahead" of the controversy).

[EliseAnne85]

10 minutes ago, Scylla Rhiadra said:

I agree. I've said it merits attention, not that we should be breaking out the pitchforks and torches.

It's mere foolishness not to keep an eye on things that pose potential threats.

What is a threatening is these bots seem to be getting more and more aggressive by going inside people's SL homes, yet they want to be seen as friendly so others will use their website.  They are defeating that purpose by alarming others.  Gives me a red flag there.  

[bigmoe Whitfield]

2 minutes ago, Coffee Pancake said:

 

We do know BB isn't the effort of a single person (and some other things claimed by an account purporting to be BB that appeared late last night on reddit to "get ahead" of the controversy).

just poked my head in over there and saw that too.

[Solar Legion]

2 minutes ago, EliseAnne85 said:

What is a threatening is these bots seem to be getting more and more aggressive by going inside people's SL homes, yet they want to be seen as friendly so others will use their website.  They are defeating that purpose by alarming others.  Gives me a red flag there.  

If your home is a skybox, get and use a security orb or similar and set a landing point on the ground or remove public access to your parcel (if you can).

[Dorientje Woller]

Just now, EliseAnne85 said:

What is a threatening is these bots seem to be getting more and more aggressive by going inside people's SL homes, yet they want to be seen as friendly so others will use their website.  They are defeating that purpose by alarming others.  Gives me a red flag there.  

Thanks for pointing this out. Like said, I have on a daily base one visit of the same bot, in my house overruling the security settings. I am now not even sure if that bot is dropping in my house while I am logged off. Nice feeling of security ... NOT.

 

[Ezbeharra]

10 minutes ago, Orwar said:

   Here, have mine: secondlife:///app/agent/14a1a1eb-ab84-48ca-aacd-3048bb27c8d7/about - oh noes, all that information I published about myself online, visible to strangers who may disagree with my life choices or preferences. How scary! 

Now imagine there's a website that keeps track of the recent regions that URI was spotted in by some bot. Imagine you have a stalker.

[Solar Legion]

3 minutes ago, Dorientje Woller said:

Thanks for pointing this out. Like said, I have on a daily base one visit of the same bot, in my house overruling the security settings. I am now not even sure if that bot is dropping in my house while I am logged off. Nice feeling of security ... NOT.

The Access Controls via the Parcel menu do not extend to the build ceiling (4096) unless an avatar is expressly banned.

To manage such access one must use a third party security system. Get one, set it up properly (make sure it does not extend beyond whatever building you're managing the access for) ... and set the eject timer accordingly (zero seconds if restricted to the interior of a building).

Edited January 21, 2023 by Solar Legion

[Love Zhaoying]

19 minutes ago, Rowan Amore said:

Clowns scare a lot of people.  Perhaps they shouldn't be allowed to wander freely in SL either?  Just musing.  Or werewolves.  Or vampires.  Or...

First they came for the Clowns, and I said nothing because I am not a Clown.

Then, they came for the Werewolves, and I said nothing because I am not a Werewolf.

Then, they came for the Vampires, and I said nothing because I am not a Vampire.

Then, they came for the FURRIES AND THE NEKOS and there was nobody left to say anything for me!

@Rowan Amore, you are a great Muse.

[Scylla Rhiadra]

14 minutes ago, Orwar said:

   Because it's easier to execute the person the lynch mob are chasing, than it would be to disperse the lynch mob?

   Anyone can, at any given time, open a profile and copy the URI, then distribute the URI, and then anyone can click on that URI to open the profile it belongs to (even if they're hidden from search) - the interface they've put up on that site is just like the browser world map but with profile URIs rather than location SLURLs. 

   It's totally fine to be suspicious of things you don't understand, but before shouting for it to be taken out behind the shed it might be prudent to spend a minute figuring out what it actually is.

   Here, have mine: secondlife:///app/agent/14a1a1eb-ab84-48ca-aacd-3048bb27c8d7/about - oh noes, all that information I published about myself online, visible to strangers who may disagree with my life choices or preferences. How scary! 

As I said, it's far too early for lynch mobs or public executions. I've suggested this should be watched. I don't see that as a panicky or unreasonable response.

You're also not really getting the "big / aggregate data" thing, are you? No one cares about your profile, Orwar.

[Innula Zenovka]

46 minutes ago, Coffee Pancake said:

They are hot linking to images from LL's CDN.

Which means there is no practical recourse, this in effect makes all images uploaded into SL public domain for the duration of the service. I'm not sure photographers, artists and creators knew that when they started uploading content.

This also means we're paying for the bandwidth this site steals from the CDN.

Have you tried following the procedure outlined at https://www.dmca.com/FAQ/How-can-I-file-a-DMCA-Takedown-Notice to see what happens?

I don't know if it will do any good, but if you don't try it, then it certainly won't.

[Dorientje Woller]

2 minutes ago, Solar Legion said:

The Access Controls via the Parcel menu do not extend to the build ceiling (4096) unless an avatar is expressly banned.

Home is on a plot on the mainland.

[Arielle Popstar]

1 minute ago, Innula Zenovka said:

Have you tried following the procedure outlined at https://www.dmca.com/FAQ/How-can-I-file-a-DMCA-Takedown-Notice to see what happens?

I don't know if it will do any good, but if you don't try it, then it certainly won't.

If it is being hotlinked from S/L servers, wouldn't she have to file it on the Lab?

[Solar Legion]

Just now, Dorientje Woller said:

Home is on a plot on the mainland.

Then utilize the Access controls and a Security system as outlined in the edits to the post you've quoted.

[Love Zhaoying]

9 minutes ago, EliseAnne85 said:

What is a threatening is these bots seem to be getting more and more aggressive by going inside people's SL homes, yet they want to be seen as friendly so others will use their website.  They are defeating that purpose by alarming others.  Gives me a red flag there.  

We should be welcoming our new Robot Overlords. How are they supposed to learn good RP without watching us in our SL beds?

[Lyric Demina]

10 hours ago, Coffee Pancake said:

My profile is set in the privacy options to FRIENDS ONLY

Check out what's open the the wider internet and actually "Public" by opening this link in an incognito tab.

https://my.secondlife.com/coffee.pancake

Now check me out on the B name we cant mention's avatar index.

I am deeply disheartened by LL's initial reaction to this.

I can only imagine what all the merchants on the top list are thinking right now.

 

This is a massive wholesale data leak and should be treated as seriously as any other security issue.

None of this is ok.

 

Edit - Hamlet published the links to the site and a statement from the operator on new world notes.

Agreed.  None of this is ok.  None of it.  I and others have tried to flag it.  I had a trouble-ticket put in.  I downgraded and am downgrading a few accounts with comments directly related to the issue so that  Linden Lab will lose money over this.  It seems like a futile gesture but at least the principle is upheld that -- as you said -- NONE OF THIS IS OK.

[Love Zhaoying]

7 minutes ago, Scylla Rhiadra said:

As I said, it's far too early for lynch mobs or public executions.

As I've pointed out in unrelated threads, LL gave us Torches and Swords in our Libraries for SOME reason!!

An angry mob is as good a reason as any.

ETA: It's almost 1pm EST here, not all that early, really.  Almost past Brunch.

Edited January 21, 2023 by Love Zhaoying

[Caeruleiae]

1 hour ago, TimKoul said:

and yet, security breaches still exist. You know 100% is unrealistic.

Yes, but they can't be caused by what these particular bots are doing. It's impossible for any system to be 100% effective, against any kind of breach. But what these bots are doing, isn't that. They, specific, cannot perform any security breach, at least not as they are programmed and as this program works. Other breaches are entirely possible, just not in this context.

Your actual PII is protected from these bots. Since this thread is about these bots and the way the program or programs work that run them, tat's what I answered based on.

Your bank can't even protect your PII, in fact it protects it less than ll does, which is pretty sad. Banks have breaches almost daily, you just don't know about them. Banks link more of your PII to your account and likeness than most any other company, but they also expose your information to more potentially bad players than any other company. Yet, you still use them, in one form or another and opt into everything just by doing so. 

[Orwar]

5 minutes ago, Ezbeharra said:

Now imagine there's a website that keeps track of the recent regions that URI was spotted in by some bot. Imagine you have a stalker.

   Ah, I see. I should imagine I'm being stalked. We're all being stalked. I mean, the information isn't in the data they've published or anything, but I should imagine it could be. 

   How about we focus on worrying about reality rather than imagined possibly-maybes. I mean the president could be a lizard from Mars puppeteered by a secret global shadow government - I have no physical proof of the contrary, after all!