Jump to content

Open letter to Linden Lab: Enforcing policies?

Sid Nagy

By Sid Nagy,
in General Discussion Forum

 Share
You are about to reply to a thread that has been inactive for 529 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Kitty Barnett

Kitty Barnett

Posted
Posted

Just for reference: Twitter actually outlines what you can/cannot do with automated data retrieval (in Twitter's case an API, in SL's case that would be LSL or reusing data interfaces intented for SL viewers) @ https://developer.twitter.com/en/developer-terms/more-on-restricted-use-cases .

I don't see any reason why a similar document couldn't be drafted by LL to apply to SL Especially since part of the restrictions are of Twitter's own design, but other parts are simply rephrasing the various privacy laws that exist in different countries in a context that makes sense for what Twitter is about.

I choose Twitter because it has a good mix of real and made-up identies who talk about personal and non-personal things or outright make things up and similarly to SL's profiles, chat and location data, just because you choose to share something with other Twitter/Second Life users, or because something needs to be available for the normal/expected use of the platform when used by human users doesn't mean it's a free-for-all-purpose datamine (or at least Twitter doesn't feel like it can get away with that claim).

  • Like 1
  • Thanks 2
Link to comment
Share on other sites
  • Replies 431
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Patch Linden
Patch Linden

Hello everyone! This post, like others has been locked for going so far off the rails of the topic that I think was originally intended to be discussed, and the outward accusatory, defamatory ton

Sid Nagy
Sid Nagy

We all saw over the last few days how strict LL finds the fine print in their forums policies, to lock the for them uncomfortable threads. Fine, a company has policies and they follow them up. Good.

Casper Warden
Casper Warden

Hey, I thought I'd chime in here. As someone who operates bots which conduct grid surveys to assist with the function of our products and services, my opinion is that - regardless of the LL terms

Posted Images

Theresa Tennyson

Theresa Tennyson

Posted
Posted
24 minutes ago, belindacarson said:

You know something? I'd be interested to know in general just how many SL avatars are up in arms over what is publically available data being compiled and listed as opposed to the usual crowd on these forums.

Are you talking about absolute numbers or the percentage of those who know it's happening?

Link to comment
Share on other sites
Chaser Zaks

Chaser Zaks

Posted
Posted (edited)

ITT: Paranoid people upset over data that they already made public.

People figure out how many times a item sells by refreshing the front page of the marketplace and pulling the data from "What Customers are Buying Now:". Anyone could do this, I could do this, and no one would know that the information has been gathered. The only difference is someone has made this information accessible to anyone regardless of programming knowledge, which I think is more fair than gate keeping it behind programming skill.

 

Profiles can be gathered from https://world.secondlife.com/resident/796b1537-70d8-497d-934e-0abcc2a60050, as well as https://wiki.secondlife.com/wiki/LlRequestAgentData and https://wiki.secondlife.com/wiki/LlGetObjectDetails

 

Personally, I don't see anyone publishing data that'd be a violation of someone's privacy at the moment. I've seen people publishing locations of people by some group I wont mention the name, but LL slapped them pretty hard and they since stopped.

  • UUIDs to Name mapping is pretty much public information, Quite a few scripts keep people's names and IDs on record.
  • Profile privacy setting is for web profiles only, which are being deprecated, legacy profiles are coming back, so anyone can view people's 1st life or 2nd life tab. Both of which are public information.
  • Picks are also public information.
  • Region population is also public information, I scrape this using the map API every 15 minutes. This doesn't disclose who is in the region, just how many people are there. You know who else scrapes this data? The viewer, except at a much higher frequency. All viewers request the map items layer(stuff like telehub icons, agent pips(the little green dots on the map), etc).

 

Now if it was stuff like where people are at, or people's home location, or where specific people hung out, or other invasive information, yeah I'd see a problem, but that isn't the case here. It is public information(information that can be requested from Second Life from anywhere in Second Life at any given time) that is being gathered.


As for bots, I would like it if bots would disclose who they are and if they are a bot, especially some specific spinny bots that have been around for quite some time that I am pretty sure everyone knows about. Otherwise, I'm pretty sure most bots already get tagged by the login server by identifying viewer strings.

 

Also hate to break it to you, but Google and other search engines have already scraped profiles than anyone on SL is doing and probably linked it to accounts you have on other websites to do all sorts of tracking. I'd worry about them rather than residents who use this stuff for Second Life stuff such as creating developer APIs so people can better improve people's Second Life experience.
Plus, Second Life is probably the least of your concerns, ever try Googling your real name? You'll be in for a surprise.

 

Simply put: If you don't want someone reading it, don't put it somewhere public (EG: a profile).

Edited by Chaser Zaks
  • Like 1
  • Thanks 1
Link to comment
Share on other sites
Sid Nagy

Sid Nagy

Posted
  • Author
Posted (edited)
51 minutes ago, belindacarson said:

You know something? I'd be interested to know in general just how many SL avatars are up in arms over what is publically available data being compiled and listed as opposed to the usual crowd on these forums.

Of course mileages vary. People have different thoughts and feelings about data harvesting.
It will go from "I could not care less", "i have nothing to hide" on one side and total paranoia on the other side.
And most people are somewhere in between these two takes on things.

I personally ain't against all use of bots. But I'm also totally for a careful use of bots. They can gather so much different information, that if one combines them and analyses them, one can have information on individuals that would never surface if that information wasn't gathered by bots. Even if it is all "public" information.

It is not for nothing that the EU has put in a lot of time and effort to come to better protection of their citizens over the last years.  Maybe Linden Lab should do the same: Rethink what is needed and what is acceptable in automated data gathering in world and for what purposes.
Their bot policy is from years ago. The world is changing fast.

And for instance: Does the marketplace website really has to show what products are sold recently?  It forms a resource for what I personally find undesired public data gathering.

Edited by Sid Nagy
  • Haha 1
Link to comment
Share on other sites
Innula Zenovka

Innula Zenovka

Posted
Posted
9 hours ago, Silent Mistwalker said:

A security orb is a type of bot. All of those things are controlled by scripts, not people as defined by LL. Even a vendor is a type of bot, technically. 

Is LL going to cut off our ability to make purchases inworld? No way in hell. Is LL going to cut off the ability to use a security orb on a parcel rented from a "3rd party" Hell no, they're used in BELLI. 

It's not the bots that are the problem. It's the people that use them for nefarious goals. Like ZFire. While what certain bots are doing isn't necessarily nefarious, it is a bit invasive. Remember when people raised a fuss about not being able to opt out of having their main profile tab pic thrown up on a board for all to see that you are the last person to visit the store? Now all those scripts have an opt out and have had for years. Same should go for the rez day boards. No one but LL needs to know where I am at any given time on the grid or what I am doing.

You couldn't opt out of RedZone without going to HIS WEBSITE AND LOGGING IN ON IT. That was deemed illegal in SL as well. 

 

As a scripter, I would disagree with this.

Both LSL scripts and the SL viewer are able to exchange information with the simulator and SL's servers, and to send various instructions to the simulator and servers.   Some things you can do either by script or with the viewer, some things you can do only with scripts, and some things you can do only with the viewer.

Bots are a way of automating tasks that cannot be performed by LSL scripts on their own. 

For example, while an LSL script can easily collect data about all the avatars on a region, it can't make the object containing the script teleport rapidly teleport from region to region, collecting data about all of them as it goes.      Similarly, while a script can detect when someone enters a parcel and can send them an IM inviting them to click a link to join a group, it can't directly send them a group invitation --- for that you need either someone behind the keyboard, or a bot.   Nor can a script can't monitor group chat and try to moderate it in the way a bot can.

So I would say completely the opposite  -- the point about bots is that they can do things that scripts can't do, at least not on their own.

  • Thanks 1
Link to comment
Share on other sites
Qie Niangao

Qie Niangao

Posted
Posted

I go away for a few hours, Tommy posts something, and ever since every post is about "privacy"—which is all completely off topic.

Oh sure, bots might do what any human could do, and copy data from one site to another. They might do it faster, but legally it doesn't matter: your gripes are about the copying, not that it's done by bots. Want to make them stop? Don't whine to the place somebody willingly posted it, whine to the place posting the copies. File a DMCA or STFU.

I really, really wish I knew how to move the discussion back to where it was before Tommy posted, back when we were mostly discussing the most visible form of bots on the grid, the traffic gaming bots, the one place the Lab actually has a policy.

Which policy, for reasons any Linden is free to explain, they appear to have never once enforced. Prove us wrong about that. Prove that the Lab is actually monitoring search for bot-gamed traffic. Show us.

  • Like 7
  • Thanks 1
Link to comment
Share on other sites
Sid Nagy

Sid Nagy

Posted
  • Author
Posted (edited)

Privacy is not off topic at all.
Data gathering with bots and combining these data, can lead to findings about persons in SL (like how much sales are made through the marketplace) that should only be available for the tax man, LL and the merchant in question, to just give a simple example.
That kind of processing data streams is only possible when automated.
Meaning bots harvesting in world or on the SL website.
That is a non desirable outcome of the use of bots and a breach of privacy IMHO.

The 'dark side' of the usage of bots has many aspects that can be discussed.

Edited by Sid Nagy
  • Like 3
Link to comment
Share on other sites
Dorientje Woller

Dorientje Woller

Posted
Posted (edited)
49 minutes ago, Sid Nagy said:

And for instance: Does the marketplace website really has to show what products are sold recently?  It forms a resource for what I personally find undesired public data gathering.

I consider that "What users buy now" a bit like a Top 100 Chart. If it ain't my cup of tea, I am not interested in listening to it :D

Edited by Dorientje Woller
Link to comment
Share on other sites
Maitimo

Maitimo

Posted
Posted
4 hours ago, belindacarson said:

If people are daft enough to post real life information on their second Life profiles, no sympathy for them.

 

Part of what was published by the bots was your Premium status. That is NOT public info, it's not visible on profiles for anyone.

Saying "Just don't write what you don't want people to see" is pointless advice. The bots were scraping far more than what users wrote in there.

  • Like 4
  • Haha 1
Link to comment
Share on other sites
belindacarson

belindacarson

Posted
Posted
33 minutes ago, Maitimo said:

Part of what was published by the bots was your Premium status. That is NOT public info, it's not visible on profiles for anyone.

Saying "Just don't write what you don't want people to see" is pointless advice. The bots were scraping far more than what users wrote in there.

actually, it IS public info since LL released a script that can show that information.  Correct facts, make a correct thread.

  • Thanks 1
Link to comment
Share on other sites
Love Zhaoying

Love Zhaoying

Posted
Posted

On Topic:

In order for LL to enforce their own policies, it may be necessary to only make things public that were INTENDED to be made public.

To solve the paradox of "Is Premium Status Public?", I believe the solution is for Linden Lab to remove / deprecate the new functionality that allows this information to be determined via LSL script.

Yes, that would break content. NEW content.

"Unforeseen consequences" is a valid excuse to "break" content by removing LSL functionality (especially something as new as the "is user Premium?" feature).

  • Like 3
Link to comment
Share on other sites
Scylla Rhiadra

Scylla Rhiadra

Posted
Posted (edited)
1 hour ago, Qie Niangao said:

I go away for a few hours, Tommy posts something, and ever since every post is about "privacy"—which is all completely off topic.

Oh sure, bots might do what any human could do, and copy data from one site to another. They might do it faster, but legally it doesn't matter: your gripes are about the copying, not that it's done by bots. Want to make them stop? Don't whine to the place somebody willingly posted it, whine to the place posting the copies. File a DMCA or STFU.

I really, really wish I knew how to move the discussion back to where it was before Tommy posted, back when we were mostly discussing the most visible form of bots on the grid, the traffic gaming bots, the one place the Lab actually has a policy.

Which policy, for reasons any Linden is free to explain, they appear to have never once enforced. Prove us wrong about that. Prove that the Lab is actually monitoring search for bot-gamed traffic. Show us.

My personal theory is that LL is, as we speak, reviewing its policies on bots in the light of the potential issues that allowing BB, or subsequent companies copying its methods, to use them as they are have raised.

I think that explains why Avatar Search has been disabled (at least temporarily): my suspicion is that is the result of negotiations with LL. And I look to see a new policy statement on bots from LL soon.

I'm not sure that will cover traffic bots. But it might.

Edited by Scylla Rhiadra
Autocorrect
  • Like 1
  • Thanks 1
Link to comment
Share on other sites
Rowan Amore

Rowan Amore

Posted
Posted
5 minutes ago, Love Zhaoying said:

On Topic:

In order for LL to enforce their own policies, it may be necessary to only make things public that were INTENDED to be made public.

To solve the paradox of "Is Premium Status Public?", I believe the solution is for Linden Lab to remove / deprecate the new functionality that allows this information to be determined via LSL script.

Yes, that would break content. NEW content.

"Unforeseen consequences" is a valid excuse to "break" content by removing LSL functionality (especially something as new as the "is user Premium?" feature).

They did recently remove a function that was allowing others to get your complete avatar shape.  It did break a new item (think it was a HUD) that got that information.

  • Thanks 1
Link to comment
Share on other sites
TimKoul

TimKoul

Posted
Posted
15 minutes ago, belindacarson said:

actually, it IS public info since LL released a script that can show that information.  Correct facts, make a correct thread.

Needing to use a script just to see that information doesn't make it "public", just means it's accessible to those who know how to get it. If it's so public as claimed, but there's no option to display it anywhere, it's not public but instead hidden.

  • Haha 2
Link to comment
Share on other sites
Maitimo

Maitimo

Posted
Posted (edited)
38 minutes ago, belindacarson said:

actually, it IS public info since LL released a script that can show that information.  Correct facts, make a correct thread.

Show me where it appears ON THE IN-WORLD PROFILE then I'll correct it. That script is only "public" due to an exploit.

Edited by Maitimo
  • Haha 1
Link to comment
Share on other sites
Love Zhaoying

Love Zhaoying

Posted
Posted
Just now, Maitimo said:
34 minutes ago, belindacarson said:

actually, it IS public info since LL released a script that can show that information.  Correct facts, make a correct thread.

Show me where it appears ON THE IN-WORLD PROFILE then I'll correct it.

Right, and this is kind of my point from earlier: If an LSL function "exposes information publicly" as an unintended consequence, which was not previous "public", then...maybe LL should consider re-thinking that LSL function.

It may be public NOW because of the new LSL function, but was it reallllly intended to be made public through the addition of that function? 

  • Like 7
Link to comment
Share on other sites
Maitimo

Maitimo

Posted
Posted
2 minutes ago, Love Zhaoying said:

Right, and this is kind of my point from earlier: If an LSL function "exposes information publicly" as an unintended consequence, which was not previous "public", then...maybe LL should consider re-thinking that LSL function.

It may be public NOW because of the new LSL function, but was it reallllly intended to be made public through the addition of that function? 

Right. Its use for this purpose is an exploit.

Saying "this is public info" is like saying your bank details are public because a hacker stole them and published them on 4-Chan

  • Like 2
  • Thanks 1
  • Haha 2
Link to comment
Share on other sites
Ceka Cianci

Ceka Cianci

Posted
Posted
12 hours ago, EliseAnne85 said:

Why someone would do that with a profile is silly.  I could make up a fake profile in Photoshop.  It's a way to get people to click on links though.  Person A contacts person B whom they made a fake profile of, and text a message "want to see where I published your profile?" and the person starts clicking.  That's something along the line of how my ex husband was hacked.  

This is a good reason why not to click on links getting posted in group chats, because that's how users get phished into filling out their login information on dummy sites that look like the MP or some other official looking site..

Then once their account is grabbed, that one will go around to every group and start spamming links to get more accounts. 

  • Like 1
Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 529 days.

Please take a moment to consider if this thread is worth bumping.

Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...