New Feature: Scripted Agent Estate Access Discussion

[M Peccable]

2 minutes ago, xDancingStarx said:

If the user doesn't consent they'll obviously need to be able to get the purchased product refunded, so just including a notecard inside of a purchased product would be very tricky IMO. It would also not be conform to GDPR where you have to actively agree. IMO the suggestion to include it in a notecard is not a legal advice by Linden but simply an indication about when they would not be angry with you.

That's good enough for me!

[Innula Zenovka]

9 minutes ago, Love Zhaoying said:

Luckily, some of us can detect bot by their miasma, they tend to smell really bad. 

I think they float in water, too.

 

[Arielle Popstar]

1 minute ago, Sammy Huntsman said:

The only thing I had issues with the BB site, was putting the profits of creators on their and putting if we were premium or not and what our levels were. I really didn't care that my profile was on there. 

Fine, you and a few others too who didn't care but many did because they had what could be termed sensitive information in their profiles either through what was written or even the sorts of Picks they chose. The defense being that one would have to be hacked for that to be tied to a r/l person but seemingly oblivious to the fact that in every viewer there is an offer to save the account name and password and even if one did not direct the password to be saved, anyone with access to that computer would be easily able to see the account name and then through the BB site,  see that persons profile and what it contains. No hacking required. 

[Sammy Huntsman]

1 minute ago, Arielle Popstar said:

Fine, you and a few others too who didn't care but many did because they had what could be termed sensitive information in their profiles either through what was written or even the sorts of Picks they chose. The defense being that one would have to be hacked for that to be tied to a r/l person but seemingly oblivious to the fact that in every viewer there is an offer to save the account name and password and even if one did not direct the password to be saved, anyone with access to that computer would be easily able to see the account name and then through the BB site,  see that persons profile and what it contains. No hacking required. 

I am just gonna say this, and I feel like it should be a given. If you don't want sensitive info going out there, don't put in your profile. It is as simple as that. People these days will put everything out there and then get mad, if the info is somewhere else. We are adults, and should be taking responsibility to not put sensitive info out in public. 

 

[xDancingStarx]

9 minutes ago, M Peccable said:

That's good enough for me!

Also, in Europe it's known tactics to send mass cease-and-desist orders for violating GDPR etc (I think mass sending is illegal by now in some countries?)

Still, if you just include the info in a notecard, you a) admit that you're processing this data and b) admit that you're violating GDPR (by using a notecard only), and somebody with "malicious intents" could maybe use that information against you? I don't know, I'm not a legal expert, but I find this whole topic very tricky.

Edited April 3, 2023 by xDancingStarx

[M Peccable]

Just now, xDancingStarx said:

Also, in Europe it's known tactics to send mass cease-and-desist orders for violating GDPR etc (I think mass sending is illegal by now in some countries?)

Still, if you just include the info in a notecard, you a) admit that you're processing this data and b) admit that you're violating GDRP (by using a notecard only), and somebody with "malicious intents" could maybe use that information against you? I don't know, I'm not a legal expert, but I find this whole topic very tricky.

I don't. You are focusing WAY too much on the legalities if you ask me. The information is UUIDs inside a virtual world, not RL name, address, and credit card numbers.

That's Linden Lab's job to worry about that, not ours. We need to be creative residents, assuming we can ever get back to normal.

[Silent Mistwalker]

1 hour ago, elleevelyn said:

this a self-certifying process.  This process/policy doesn't prevent anyone who doesn't self-certify from connecting to the grid their own viewer

in terms of self-certification of bot operators, the closest we have now is registering our bot as a scripted agent. Good bot operators do this. Yet a requirement to self-certify our scripted agents doesn't prevent bad actors [from doing bad things]

I know exactly what both policies are and what they do and don't do. Neither policy prevents someone from not self-certifying and then connecting to the grid. Those who do must meet LL's requirements or they are rejected.

There are many people out there who compile their own viewer but do not share the use of the viewer. most are just doing it to have their own preferences, very few do it for nefarious reasons like copybotting.

We can always ask two or three of those who have been approved (at some point) by LL.

@Henri Beauchamp

@Coffee Pancake

@Jessica Lyon

@NiranV Dean

All 4 have viewers out that are/were approved by LL. They have all been on the TPV list.

Scripted agents aren't really treated any differently. if LL doesn't approve of what you do with them, LL can and will remove them from the grid, regardless of being registered or not. 

[Paul Hexem]

1 minute ago, Silent Mistwalker said:

All 4 have viewers out that are/were approved by LL.

That's not actually the case. Viewers on the TPV list self certify. LL takes their word for it.

[Ceka Cianci]

4 hours ago, Arielle Popstar said:

Also the Privacy Policies and enforcements are different then before:

Linden Lab Official:Scripted Agent Policy

Privacy Preference Integrity

Second Life provides a set of privacy controls, such as limiting who can communicate with a Resident, who can see another Resident’s online status, who can discover their location within Second Life, and whether profiles are published on publicly visible web pages. Scripted Agents may not circumvent these privacy controls.

Enforcement of Scripted Agent Policy

Reporting violations of the Scripted Agent policy is crucial to helping Linden Lab with enforcement. To report a potential violation, we ask that Residents please use the in-world Report Abuse function and file it under the category Disturbing the Peace. When the Governance team receives a report, the team reviews it and performs an investigation to determine whether a violation has taken place. For additional guidance on filing an Abuse Report, please refer to Filing an Abuse Report

Violations of this policy may result in suspension and/or termination of your account. If you feel there has been an unfair decision in this regard, use the Abuse Appeals process.

 

Personal Data and Privacy Rights

Data transferred outside of the Second Life service or its supporting websites is not exempt from protection under applicable data privacy laws. This applies whether data is collected by Scripted Agents, LSL scripts, or external tools. Access to the Second Life service and access to Personal Data of Second Life Residents are both conditioned on adherence to all applicable global privacy regulations governing the collection, storage, processing, or transmission of Personal Data. These laws include Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We recommend that you seek guidance from a privacy attorney for additional, updated information before using Personal Data of Second Life Residents outside of Second Life.

 

Understanding Personal Data in Second Life

See our Using Personal Data page for data privacy considerations for Second Life Residents.

Enforcement of Privacy Rights

This policy requires that third parties fully comply with applicable global privacy regulations. Linden Lab reserves the right to act where we see evidence of non-compliance with the Scripted Agent Policy or applicable privacy regulations. At our discretion, enforcement may include removing violating Scripted Agents and supporting scripts from Second Life, requesting explanations of Personal Data activities, requesting changes to how Automated Access mechanisms function, or suspending or terminating service.

 

 

The date on both say today at 12:36.. If they changed something it was today..

Any idea what they changed? Usually they tell us when they changed something.. maybe they were just cleaning things up some?

Edited April 3, 2023 by Ceka Cianci

[M Peccable]

20 minutes ago, Sammy Huntsman said:

I am just gonna say this, and I feel like it should be a given. If you don't want sensitive info going out there, don't put in your profile. It is as simple as that. People these days will put everything out there and then get mad, if the info is somewhere else. We are adults, and should be taking responsibility to not put sensitive info out in public. 

 

The problem is that unfortunately, that is no longer a given anymore. So I applaud you for spelling it out so eloquently. Personal responsibility is something that seems absent these days.

[Sid Nagy]

46 minutes ago, Sammy Huntsman said:

The only thing I had issues with the BB site, was putting the profits of creators on their and putting if we were premium or not and what our levels were. I really didn't care that my profile was on there. 

Exactly this. What is in my profile, I can control. Profile harvesting is no big deal.

But what the bots can harvest and what their owners then can combine to draw conclusions in combination with ones avatar, that is what concerns me most. Especially when it ends up somewhere outside SL in a database or on a website or both.
AI, Google. Facebook and other data harvesters and possibly hackers are the next place where these data end up then.
And O boy, are they aces in putting 1+1 together. They get " better and better" everyday.
Linking those SL data with ones RL data is than only a matter of time.

Edited April 3, 2023 by Sid Nagy

[Love Zhaoying]

32 minutes ago, Innula Zenovka said:

I think they float in water, too.

 

And they burn, so they are made of plywood.

[Galaxy Littlepaws]

3 minutes ago, Ceka Cianci said:

The date on both say today at 12:36.. If they changed something it was today..

Any idea what they changed? Usually they tell us when they changed something.. maybe they were just cleaning things up some?

You can check the page history on the History tab, and compare. It's transparent which I am glad for.

https://wiki.secondlife.com/w/index.php?title=Linden_Lab_Official:Scripted_Agent_Policy&action=history

[Arielle Popstar]

7 minutes ago, Ceka Cianci said:

The date on both say today at 12:36.. If they changed something it was today..

Any idea what they changed? Usually they tell us when they changed something.. maybe they were just cleaning things up some?

If you click the History tab on that page you will see the changes they made on March 30/2023

[Silent Mistwalker]

27 minutes ago, Paul Hexem said:

That's not actually the case. Viewers on the TPV list self certify. LL takes their word for it.

Quote

This Policy does not place any restriction on modification or use of our viewer source code that we make available under an open source license as documented in our source code. Rather, the Policy sets out requirements for connecting to our Second Life service using a Third-Party Viewer, regardless of the viewer source code used, and for participating in our Viewer Directory.

All users and Developers of Third-Party Viewers must agree to the following sections linked to below, in addition to the Terms of Service. If you do not agree, you are not allowed to use Second Life through a Third-Party Viewer.

https://secondlife.com/corporate/third-party-viewers

Edited April 3, 2023 by Silent Mistwalker

[Arielle Popstar]

15 minutes ago, M Peccable said:

The problem is that unfortunately, that is no longer a given anymore. So I applaud you for spelling it out so eloquently. Personal responsibility is something that seems absent these days.

Do you feel that personal responsibility cuts both ways and that just because you can collect the data, it might not be a good idea to publish it where it could cause damage?

[M Peccable]

6 minutes ago, Arielle Popstar said:

Do you feel that personal responsibility cuts both ways and that just because you can collect the data, it might not be a good idea to publish it where it could cause damage?

Of course. I thought that was a given just as much as Sammy's post was, but maybe I was wrong. So to reiterate: Of course.

I doubt there are any posters in this thread that scrape data and publish it.

Edited April 3, 2023 by M Peccable

[Ceka Cianci]

22 minutes ago, Arielle Popstar said:

If you click the History tab on that page you will see the changes they made on March 30/2023

I read through the  one from March 30 and the one from today and they are the same.. they must have been changing links or something because the links are different in the scripted agent policy than they were the other day..

That's what they put there and had linked to the scripted agent policy to put more of a visual on that part of that policy it is in..

A Linden said earlier in the thread, that isn't a new policy.. It was put there from the privacy policy I believe it was.. one of those policies ..lol

At the top in the history it shows what they did..

Revision as of 08:53, 30 March 2023 by Maggie Linden (talk | contribs) (Created page with "{{KBmaster}} {{Conduct Nav}} ==Introduction== This guide gives a brief introduction to privacy considerations for Personal Data of Second Life Residents. It is not a replace...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

 

I think they were just messing with links is all..

 

Edited April 3, 2023 by Ceka Cianci

[Arielle Popstar]

1 minute ago, M Peccable said:

Of course. I thought that was a given just as must as Sammy's post was, but maybe I was wrong. So to reiterate: Of course.

I doubt there are any posters in this thread that scrape data and publish it.

Whether they are here or not is immaterial, it is what was done by them that triggered these threads and the changes in region flags and the data privacy wiki. Trying to resolve the resulting fallout without dealing with that is just a waste of time. Bots may have been an annoyance to some but I rarely see them so it has no effect on me whether they are legitimately scripted or not. I feel for you the effect it may have on your business and have no wish for this sort of a resolution to the data mining but a resolution is important as the data scraping has had a definite dampening effect of residents far outside of this forum as I see more and more people cleaning off their profiles. If a game or VW company cannot give a degree of data privacy, they lose the trust of their residents/users and the end result is people start to looking for alternatives like many are doing in Facebook.

[Galaxy Littlepaws]

4 minutes ago, Ceka Cianci said:

I read through the  one from March 30 and the one from today and they are the same.. they must have been changing links or something because the links are different in the scripted agent policy than they were the other day..

That's what they put there and had linked to the scripted agent policy to put more of a visual on that part of that policy it is in..

A Linden said earlier in the thread, that isn't a new policy.. It was put there from the from the privacy policy..

At the top in the history it shows what they did..

Revision as of 08:53, 30 March 2023 by Maggie Linden (talk | contribs) (Created page with "{{KBmaster}} {{Conduct Nav}} ==Introduction== This guide gives a brief introduction to privacy considerations for Personal Data of Second Life Residents. It is not a replace...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

 

I think they were just messing with links is all..

 

You can use the Compare feature. This is the exact one that shows what changes were done between the 30th and 3rd: https://wiki.secondlife.com/w/index.php?title=Linden_Lab_Official%3AScripted_Agent_Policy&type=revision&diff=1213838&oldid=1213822

It is commented with "Removed a confusing reference to bots and traffic", which was indeed confusing people.

Edited April 3, 2023 by Galaxy Littlepaws
Typo

[Love Zhaoying]

17 minutes ago, Arielle Popstar said:

Do you feel that personal responsibility cuts both ways and that just because you can collect the data, it might not be a good idea to publish it where it could cause damage?

If I were a free thinker, I'd blame other people for things that bother me. Because, nobody can tell me what to believe.

[Paul Hexem]

25 minutes ago, Silent Mistwalker said:

https://secondlife.com/corporate/third-party-viewers

Keep scrolling down that page, you'll see it. Section 6 and 7.

[benchthis]

48 minutes ago, Silent Mistwalker said:

I know exactly what both policies are and what they do and don't do. Neither policy prevents someone from not self-certifying and then connecting to the grid. Those who do must meet LL's requirements or they are rejected.

because of this they then use 3rd party bot systems to control second account aka alt armies. 

[Ceka Cianci]

1 minute ago, Galaxy Littlepaws said:

You can use the Compare feature. This is the exact one that shows what changes were done between the 30th and 3rd: https://wiki.secondlife.com/w/index.php?title=Linden_Lab_Official%3AScripted_Agent_Policy&type=revision&diff=1213838&oldid=1213822

It is commended with "Removed a confusing reference to bots and traffic", which was indeed confusing people.

Ya, I was more concerned with what they had changed in this page. which, after reading both in full I didn't see anything changed since it was put there..

People are thinking this page is a new policy when it's not.. It was put there from an already existing policy..

https://wiki.secondlife.com/wiki/Linden_Lab_Official:Using_Personal_Data

[benchthis]

49 minutes ago, Paul Hexem said:

That's not actually the case. Viewers on the TPV list self certify. LL takes their word for it.

you're kidding..