Jump to content

Blogs

Our community blogs

  1. Xiola Linden
    Latest Entry

    By Xiola Linden,

    martrix.jpg

    Today's Second Life pic of the day is "Escape Virtual Reality And enter the Matrix." by Colton Vond.

    To submit your image for Second Life Pic of the Day consideration, login to Second Life, snap some pics and add them to the Official Second Life Flickr Group.

    Be sure to check us out on social:
    Instagram
    Facebook
    Twitter
    Tumblr
    Pinterest
    Plurk

  2. The Hair Fair has been an annual staple of the Second Life event scene for several years now. Residents look forward each year to the opportunity to shop for new hair for their avatars and do so for a good cause.

    Sasy Scarborough, Mel Vanbeeck, and Whimsy Winx have organized another Hair Fair this year (now through September 1st) with a wealth of options for even the most discerning and selective of hair shoppers. Three Regions and Cam Shopping areas are sure to provide a rich shopping experience to those who visit.

    Exclusive items are marked with percentages of proceeds that are given to the non-profit organization Wigs for Kids  - and Hair Fair has raised tens of thousands of USD in donations made from inworld sales and purchases by Second Life Residents. That’s an incredible feat and one that Sasy, Whimsy and Mel are grateful for. 

    You can visit the Hair Fair through September at any of the following destinations:

    Hair Regions

    Hair Fair 2019 - Redhead Region
    Hair Fair 2019 - Noirette Region
    Hair Fair 2019 - Blonde Region

    Cam Shopping Regions

    Hair Fair 2019 - Streaks
    Hair Fair 2019 - Brunette (aka Perm)
    Hair Fair 2019 - Foils

    Be sure to allow yourself time to explore all three Regions so as not to miss anything.

    This week’s Destination Video gives some further insight into the event, its purpose, and its creators - watch the video below or on our official YouTube Channel.

  3.  

    Hello Residents of Second Life!
     
    Hi, Tommy Linden here, one of your friendly Supervisors from the Support Department. I’m sorry to bring you this news, but we are temporarily unable to offer Region transfers using USD. At the present time all Region transfers between Residents will be required to use L$ for the transaction amount, agreed upon between the buyer and seller. You will, however, still be able to pay any associated fees in USD.
     
    Not all is lost! The good news is, I have already spoken with our engineers, and we're working on re-introducing this functionality as quickly as possible.  We apologize for any inconvenience this may cause and are moving quickly to make things work as seamlessly as possible again in the near future. 
     
    Best, 
    Tommy Linden
     

  4. Today (Aug. 1) Tilia, Linden Lab’s wholly-owned subsidiary, assumes responsibility for handling process credit requests and payments made from accounts with a USD-denominated balance in Second Life.  

    Due to this change, as originally announced on July 1, Residents who have a USD balance on their account will be prompted to accept the Tilia Terms of Service when they log in to their account on the web.  Residents who request to process credit out of Second Life may also need to supply information for ID verification.

    Tilia is a registered money services business and fully licensed money transmitter which helps Linden Lab comply with U.S. laws and regulations.  You can learn more about Tilia’s work to better protect your privacy and security in this blog post from our Information Security Manager, Soft Linden. 

    We want to be clear that most people should not see any disruptions or changes to their Second Life experience due to the introduction of Tilia. However, for those who maintain a USD balance (usually through the sale of L$ on the LindeX), it is important that you review and accept the Tilia Terms of Service. You’ll see a prompt to do so when you next login to Secondlife.com. If you have a USD balance on August 1 and do not accept the Terms of Service, you will have until October 31, 2019 to do so. If you do not, you will not be able to utilize the USD Balance or request a process credit until you have accepted the TOS and Privacy Policy, after which you will once again be able to use the USD balance and process credit. For those who do not accept the Terms of Service, you will still be able to login to Second Life and use your payment method on file (such as a credit card) to pay for items and services, but you will no longer have the ability to request a process credit transaction, sell L$ on the LindeX, or make payments for Second Life services from your balance. 

    We know that you may have additional questions about Tilia and these changes. We encourage you to visit our Tilia FAQ and/or contact our Support team if you have any specific concerns. We’ve also addressed many community questions at a recent Tilia Town Hall in-world, which can be viewed on YouTube.

  5. Some of you know me as Soft Linden. I’m the information security manager at Linden Lab.

    A large number of you attended the Tilia Town Hall  last week. Aside from the many questions you had about how Tilia affects Second Life L$ and monetary activity, privacy was a common concern. Grumpity asked if I would answer a few of the questions about Tilia privacy and security which surfaced in the town hall and in our forums. This has been a busy time for everybody who has worked on Tilia, but I’m glad I can take a few moments to share some information.
     

    Where did the Tilia team come from? And why should I trust Tilia with my personal information?
     

    The Tilia team is made up of people you previously knew as Linden Lab employees. We’re part of this team because we are passionate about privacy and security. Tilia includes employees who use Second Life alts in our free time. We know many of you as friends and creators in Second Life. So not only are our practices aimed at complying with an ever expanding list of U.S. regulations and laws, but we strive to go above and beyond. We want to protect the best interests of ourselves, our friends, and the countless Residents who support the world we love. We fully believe that Second Life wouldn’t be possible without working to earn your trust.

    For example, we don’t like the way many other companies resell customer information. Because we disagree with those practices, the information you store with Tilia is never provided to third parties for purposes such as marketing. We want you to feel confident that you can play, experiment, and explore in Second Life without outside strangers learning anything about you which you have not shared under your own initiative.

    We won’t even provide that information to the US government unless we are compelled to do so through a legal process such as a subpoena or a search warrant. 

    But the privacy and security story goes much, much further.


    Does Tilia change how my information is secured?
     

    Yes! This project began years ago. Quite a bit of the work we do to improve Second Life is "behind the scenes" - things that users cannot directly interact with. Often it's not even possible for users to detect that something has changed. This is one such case.

    A few years ago, we looked at Second Life, and how information security has evolved in the time since Second Life was created. We asked ourselves how we could better protect our most sensitive customer information.

    Our engineers created a new “personal information vault” project. This vault uses modern algorithms to encrypt sensitive information in a way that would require both enormous computing power and an enormous amount of memory for an attacker to crack… if they could even get a copy of the encrypted data. These algorithms are specifically tuned to defeat expensive decryption acceleration hardware. And all of this new encryption is wrapped around the encryption we already used - encryption which was the industry standard at the time. These are entire new layers using encryption technologies which didn’t exist when Second Life was new.

    Even after all of these changes, the old protection remains in place at the bottom of that stack. Figuratively speaking, we locked the old vault inside a bigger, stronger vault. We chose an approach where we didn’t need to decrypt information in order to enhance your protection.

    There is another key part of this project: Our storage mechanisms for sensitive customer information are now isolated from Second Life. The information isn’t stored at the same physical location anymore, and hasn’t been for a while. But the difference is more than physical.

    Second Life’s servers do not have direct access to Tilia information that isn’t required for daily Second Life usage. Even developers who have worked at the company for a dozen years - developers who have full access to every last Second Life server - do not have access to the servers that store and protect the most sensitive information. A policy of least privilege means fewer opportunities for mistakes.

    Even within Tilia, key information is further segmented. This means that compromising one database inside of Tilia is insufficient to decrypt and correlate sensitive data without compromising a different service. We have deployed numerous commercial products which help monitor for access, abuse, or data copying attempts for data that is made available to Tillia employees. This means that even an attacker with all employee access credentials, access to employee multifactor authentication tokens, and all Tilia access permissions would still face some challenges in avoiding early detection.

    That was a lot to explain. But it is all important, because this is the technical foundation of Tilia. It’s a core piece of the Tilia story, and it is something we have worked on for years. Tilia was created in large part because we saw an opportunity to share these technologies with other businesses.

    These technologies are in place today for all of the information you entrust Tilia to handle. 

    I am proud of what our engineers have accomplished. These same technologies are only in the planning stages at other companies and institutions. Many of the bigger businesses who already handle sensitive data like credit reports and medical records are working to complete similar projects. But we have it today.
     

    It sounds like a lot has changed at once. Aren’t large changes risky?
     

    Tilia was designed with security and privacy as its primary considerations. These considerations apply not only to what we create, but how we create it, and how we validate ongoing changes to what we create.                                

    For Tillia, we chose a newer security-focused programming language over Python and C++, the older languages which make up much of Second Life. It’s more difficult to make security errors in modern security-focused languages, but it’s not impossible. This is why we have created thousands of automated tests which exercise nearly every aspect of Tilia. Every change to Tilia triggers the execution of these tests, and the change is rejected if it causes nonconformant behavior.

    The Tillia team also pays a security testing company to attempt to hack Tilila and perform routine vulnerability assessments. Any Tilia service that is exposed to Second Life users is also exposed to outside security testers. These testers evaluate changes in a staging environment before they are ever presented to Second Life users.

    We enlisted outside specialists to review some of our key privacy and security practices and procedures. We then invited a team from Amazon Web Services to sit in our offices with us and review every aspect of our service deployment and hosting infrastructure.

    Every step we have taken has been cautious. When it comes to privacy and security, the Tilia engineering team believes that the tortoise wins the race.
     

    What does Tilia mean for Second Life privacy and security in the future?
     

    We have many plans for Tilia. Additional work is already under way.

    While we have already moved regulated information out of Second Life and into Tilia, we are actively migrating additional forms of information. Now that we have a new privacy and security foundation, we can extend the amount of information that enjoys this level of protection. If it pertains to your real life identity, we believe in leveraging Tilia protection wherever possible.

    Tilia will enable future Second Life projects as well. We designed Tilia to support additional business customers, so we are able to justify larger privacy and security projects to benefit new business customers and existing Second Life Residents alike.

    Aside from ensuring compliance with upcoming privacy and security regulations, our early goals are largely driven by Second Life. These goals include the option for users to select stronger authentication mechanisms, better mechanisms for our team to identify callers who request account help, and additional tools which support our fraud protection team.

    As to Second Life itself, by relieving the team of many of the heaviest privacy and security burdens, we believe we can help them be even more effective in developing the virtual world we all love.

    Stay tuned to see what we can do.

    Soft Linden

  6.  

    Hello Residents of Second Life!  

    Over the last few days, Residents using certain email providers may have noticed that they are not receiving all email notifications for events such as Marketplace purchases and Offline Messages.  

    Email has come a long way since it was first introduced to the world in the 1960s. There are many factors that affect the deliver-ability of a message, and algorithms which affect it are constantly being updated.  Sometimes things go awry despite best intentions - such as certain phrases being flagged as indicative of spam, or the volume of messages sent in a certain time frame.

    Second Life is a complex beast and not all our email sending practices are as good as they could be. We are re-examining these practices and we’re going to do better to make sure our Residents are able to get the information they need.

    There are some things you, as the recipient, can also do to better ensure deliver-ability, such as having email filters, white-listing certain contacts, checking your spam folder and marking legitimate messages “Not Spam,” and even contacting your email providers about certain emails.

    If you are experiencing issues receiving emails from us, you may also want to consider updating your email temporarily to a different provider (for example if @yahoo emails are failing, try a @gmail account), verifying your email address with us (offline IMs, friendship offers, auctions, etc all require a verified address), and white-listing (add sender to contacts) Second Life messages to ensure you receive them in the future. It’s always best to use an email account that is only accessible by you.  

    We sincerely apologize for the inconvenience caused and will provide updates once available.

×
×
  • Create New...