The most compelling story tearing its way through the forums, in-world groups, and internet blogs of Second Life users these days is the tale of the “anti-griefer” and “anti-copybot” tool Redzone.
It’s a riveting tale indeed, fraught with drama, rhetorical flourish, and passion. It has villains and heroes (although the identity of these depends upon one’s perspective) and holds forth the promise of a potentially apocalyptic conclusion.
It is also a story founded upon the social dynamics of fear: fear of griefers and of content pirates, working hand-in-hand with a fear of our own vulnerability to public exposure. Despite it's undoubted entertainment value, it is not in fact a very gratifying tale, speaking as it does to this most base and basic of human emotions, and to the willingness of those who value profit above all else to exploit this. But it is also a most instructive little fable, for what we see exposed herein, in perfectly formed miniature, is the model of an unfettered free market capitalism in full throttle.
Redzone is a scripted spyware product created and marketed by the content creator zFire Xue at the not-unsubstantial cost of L$3,999. It is on offer to the content creators and public sim owners of Second Life as a means of 1) detecting “copybot” viewers that can illegally copy content in SL, and 2) identifying “griefers” who may appear in stores, clubs, or other public places to be disruptive. Redzone is classic case of marketing on fear; it first feeds on legitimate worries about content theft and griefing, inflating these concerns into something like panic, and then offering apparent “peace of mind” to those willing to shell out the purchasing price. As the SL Marketplace ad for the product (since removed by its maker) put it:
You may or may not worry about copybots with nothing rezzed for them to steal.
You may not care about griefers with Build or scripts disabled on your land.
What about that social sabotage confidence artist you banned that came back across your ban lines with an alt? (RedZone would have killed them!)
A dramatic little machinima is part of this marketing campaign: it shows a sim overrun by a small army of griefers and copybotters, and demonstrates their detection and rather messy elimination (the banned avatars are replaced by an animation showing “screaming, shattering bones” and bloodstains when the miscreants are “killed”) by means of the device:
http://www.youtube.com/watch?v=NEOEc9rzLlA
This marketing has proven astonishingly successful: according to the manufacturer, there are now over 20,000 copies of Redzone operating within Second Life, which have collectively scanned over 9,000,000 avatars, resulting in parcel bans for over 70,000 residents.
This all sounds very impressive, and would seem to suggest that the device is doing precisely what it claims to do. In fact, however, the claims made about Redzone’s efficacy and accuracy are highly dubious: even Redzone itself claims to have a “hit” rate for copybotters of only 0.024% (i.e., one twenty-fourth of one percent).
Its method of identifying alts may be even less effective and reliable. What Redzone actually does is harvest IP (Internet Protocol) addresses from anyone who comes within scanning range of the device, and who has enabled media and music in her or his viewer preferences. The IP address is the supposedly “unique” number associated with the internet connection that one uses to access Second Life: log in to SL from the same computer using different accounts, and the IP address theoretically remains the same. What this should mean is that one can associate different accounts by identifying their common IP address, thereby proving them to be “alts” of the same user. If Redzone discovers that the avatar being scanned has an IP address matching that of other previously scanned avatars, or has been previously associated with other avatars, it alerts the device owner, who can take appropriate action, normally by banning the resident.
The flaw in this procedure is that IP addresses are by no means stable, nor need any given address be associated with one unique individual. Many internet connections use “dynamic” IPs that change regularly, and it is also not difficult to “spoof” a fake IP. At the same time, users employing a common internet connection may find themselves falsely associated with other users. If you are logging on from work, from a university dorm, or from a Starbucks, you may be sharing an IP with anyone who has done the same. The result is, of course, “false positives” and a very, very questionable degree of accuracy.
But why should the sim owner ban an avatar who is associated with other alts anyway? Well, the reasoning runs something like this: most griefers employ freebie one-off disposable accounts to wreak their havoc, and therefore will generally have many alts associated with their IP address. Ergo, it can be assumed, through a fallacious and deeply troubling abuse of logic, that there is a good chance that any avatar with alts is a griefer. It’s a shoot-first-ask-questions-later response to dealing with a legitimate problem, a fear-driven approach that is based on the reasoning that griefers are scary enough to warrant the collateral damage, consisting of all of those non-griefing avatars who are caught in the shotgun blast. It’s a little like targeting an apartment building with an air-to-surface missile because it shelters a terrorist leader: the broken, maimed, and bleeding bodies of the innocent sifted out through the wreckage afterwards are (of course) merely collateral damage, a “regrettable, but necessary” price that is part of the cost of the vital “war against terror.”
Redzone’s marketing, and the rhetoric of its boosters similarly slides quietly over the potential costs incurred in the use of this device, but an increasingly large body of critics of the device have begun to highlight these in a public campaign against Redzone that has been gathering speed and strength over the past few weeks. No less than three JIRA features have been opened, demanding that Linden Lab disable the device (here, here, and, most imporantly, here); the last of these has attracted a near record number of votes. At the same time, the anti-Redzone movement has spawned dozens of blogs and blog posts, and an exhausting number of threads on the official SL forums (as for example this), as well as other off-world forums. Even within the manufacturer’s own forum, an increasingly vocal opposition has been mounting.
What this opposition highlights is the fact that, while Redzone has marketed itself as an antidote for fear, it has itself generated an enormous amount of panic and alarm. This has much less to do with concern over being banned from sims that employ Redzone (many opponents of the system are actually asking to be banned from such locales, or calling for boycotts of them) as it does with concerns over the existence of Redzone’s enormous and growing database of “alts.” While there are, of course, many people who are quite open about their alts in Second Life, there are a great many more who prefer to keep their various “identities” within Second Life separate. Here is what the new Rod Humble, CEO of Linden Lab, had to say on the subject of avatars and identity in an interview with Dusan Writer:
See, there’s the me who goes to school meetings with my kids and that’s a very well established identity. And there’s the me who plays shooter games online and I don’t want those separate identities to mix up. It’s not appropriate.Now imagine the case of a resident whose “main” is publicly linked, for whatever reason, to her real life identity. Perhaps she is an IT professional, a college or university teacher, or just someone who is normally open about who she is. Imagine what happens when that “main” becomes linked – correctly or, just as plausibly, falsely – to an avatar “alt” whose groups and picks include, say, a number of sex or BDSM groups. What if our straight and conventionally married “main” is associated with an avatar who is experimenting with LGBT? And what if these associations – which, again, may well be false -- become public knowledge in real life?
It is not hard to understand how this obvious threat to privacy within Second Life has generated a great deal of fear and concern: one needn’t be actually involved in “unsavoury” activities to be concerned about the possible ramifications. The fact is that this enormous and potentially damaging database is in private hands, on a web site that is completely outside of the jurisdiction of Linden Lab. How might it potentially be used? Indeed, any Redzone owner is given immediate access to the names of all the putative alts of anyone scanned by their device. Redzone also comes with an optional HUD that can be worn outside of one’s own sim or parcel: it is possible to roam freely anywhere in Second Life and scan anyone within range. The potential for abuse is enormous, and a number of instances of this have begun to come to light, of which this is but one example:
Earlier in this thread, I mentioned a few times that the person whose land I live(d) on has a Redzone on his parcel, for reasons of attempting to keep an old stalker from coming back. He has already outed one alt of mine(for an adult roleplay, at the time I had a child avatar that I used to speak to him), and when I told him it was a creepy and stalkerish thing to do, he said that it was his right to know. This bothered me, but I moved on, since he was still my friend.
Yesterday, he told me that he had been going to sexually themed SIMs with the Redzone hud and scanning the people around him for alts. If he found people with alternately gendered alts, he would out them. In local.
I told him, again, that it was a creepy thing to do and I asked him why he wanted to know these things about total strangers. He said it was just a game to him. I told him some of what I've learned about Redzone, and I linked him to this thread. He became angry when I insisted that what he was doing was wrong. He said that he has his opinions, and I have mine, and not even all the people speaking out against it would make a difference to him.
Meanwhile, criticism of Redzone is liable to evoke threats designed to ratchet up the level of fear: a warning on the Redzone forum notes that one should “Keep in mind most everyone on this channel could be mean enough to ban you, your alts, and your unborn alts forever from somewhere you may later wish you could visit.” Be careful what you say about Redzone, or you could find your Second Life ruined forever.
The escalating level of fear and paranoia among Redzone users themselves is reinforcing this. While Redzone can only effectively scan an avatar who has enabled media or music streaming, the device includes an option allowing one to identify and ban those who have disabled these options, under the assumption that they must, of course, have something to “hide.”
One might think that the growing opposition to Redzone would have the maker of Redzone worried. In point of fact, the fear and loathing generated by his product plays right into his hands, because those who purchase the product can choose to hide their own alts on the database! So, what then is the best and surest way to protect oneself from being victimized by Redzone? Why, to drop L$3,999, and buy one’s own copy of the device!
It will be interesting to see how this intense little drama plays out in the next few weeks or months. One thing is certain: zFire Xue will have made a tidy little fortune from his product, whatever the outcome. Not only has he profited from sales of Redzone to both those interested in identifying, and those wishing to conceal alts, but he also finds himself in possession of an enormous, and potentially very lucrative database. One way of viewing Redzone, in fact, is as the most successful instance of datascraping in the history of Second Life.
What interests me most about all of this, however, is the way in which the dynamics of both the success of Redzone and the growing opposition to it have revealed some of the hidden pulleys and chains behind the Second Life’s paradigmatic free market system. And what strikes me most when I consider this is the relationship between fear and financial success for the enterprising capitalist. Redzone brilliantly leveraged a real concern – about intellectual property rights and griefers – into something like a panic that has convinced thousands of Second Life residents to not merely buy the product, but to accept, apparently without moral qualm, its extremist shotgun approach to those problems. And faced with a wave of apprehension and concern over the effects of his own product, zFire has been able to further exploit the climate of fear, by making Redzone the only effective “antidote” to its own egregious trampling of privacy rights.
The question remains: how did fear become such an effective marketing tool in Second Life? The answer to that question lies in the very nature of the laissez-faire capitalism that characterizes the Second Life economy. Now, it is true (as some have noted) that the Second Life economy is not truly an unfettered free market system: Linden Lab retains control of a number of levers, as for instance the supply of Linden dollars, that allow it to tweak the economy as needed. Overall, however, Linden Lab pursues a largely hands-off attitude to commerce in-world. Its Terms of Service are vague and unprescriptive, and there are few mechanisms by which an individual resident may appeal for “official” redress from scams and rip-offs. It was this hands-off attitude that permitted, for some time before the Lab took action, in-world “banks” to operate what were, in essence, ponzi schemes.
Most significant is Linden Lab’s refusal to intervene in the case of “disputes” between residents, even where these involve significant amounts of cash. Here is the key provision with the Linden Lab ToS that spells this out:
10.1 Linden Lab is NOT liable for its users' actions, and you release Linden Lab from any claims relating to other users.
You agree not to hold Linden Lab liable for the Content, actions, or inactions of other users. As a condition of access to the Service, you release Linden Lab (and its officers, directors, shareholders, agents, subsidiaries, and employees) from claims, demands, losses, liabilities and damages (actual and consequential) of every kind and nature, known and unknown, arising out of or in any way connected with any dispute you have or claim to have with one or more users, including whether or not Linden Lab becomes involved in any resolution or attempted resolution of the dispute.
In effect then, while Linden Lab will intervene in cases of copyright infringement and intellectual property or content theft, it declines to regulate, or be held responsible for, the financial conduct of entrepreneurs, landowners, and content creators with regards to their customers. The motto of anyone doing business in Second Life should always be caveat emptor – buyer beware! At the same time, the Lab’s measures against content theft have been so lackadaisical and ineffective that no one has any faith in the ability of the system to protect them against copybotters.
And it is this failure to regulate or police the economic system within Second Life that is the primary root of the fear into which clever capitalists like zFire Xue have tapped. The failure of the system to protect content produced the vacuum into which zFire inserted Redzone, while the utter lack of faith that most residents have in Linden Lab’s willingness or ability to regulate or disable a product that so clearly infringes upon privacy rights is the cause of the rising opposition to the product, as well as further sales of it. All of these are owing to the nature of the unfettered free market system that Linden Lab has not merely permitted, but encouraged, to grow in Second Life.
Of course, to some proponents of free capitalism, this all seems rather wonderful. Prokofy Neva’s response to my suggestion that Redzone and the moral panic that it has generated is the result of the atmosphere of unfettered capitalism in SL is particularly telling, as she lauds a world in which “products are made and sold freely in the marketplace; where other people make and sell other products to counteract them; and where we have a free press to report on all this.” Capitalism, Prok seems to concede, may have created the “crisis,” but that’s actually a good thing, as we have other capitalists who are more than willing to ride to our rescue by creating “products to counteract them” – at a substantial profit, of course. Crisis? What crisis? It’s really just a glorious business opportunity! And in this way, the “system” need not rely on the natural mechanics of demand: it can generate its own demand by artificially creating a panic from which others, in turn, may profit! Think how much healthier the Second Life economy would be with even more assaults upon privacy!
In her song “The Whore’s Hustle and the Hustler’s Whore,” PJ Harvey speaks of a world of unbridled greed, competition, and fear:
Speak to me of Universal laws
The whore’s hustle and the hustler’s whore
All around me, people bleed
Speak to me your song of greed
Well, we know who the “hustlers” are. And the whores? Well, that would be us, our electronic identities harvested, collected, bought and sold. And what most truly makes us “whores” is that we are willing accomplices to the hustle: we are the ones, after all, who are buying Redzone and its putative remedy, Greenzone, and who are zFire Xue’s active if perhaps unknowing agents in the field, building for him his database of avatars and alts, herding ourselves and our fellows into electronic pens buried somewhere deep in a basement hard drive.
Speak to me of your inner charm,
Of how you'll keep me safe from harm.
I don't think so, I don't see . . .
So, who will keep us “safe from harm”? zFire and his Redzone? The next coder to capitalize upon our fear through the marketing of yet another lucrative scripted gadget, enabled by the very system from which it promises to protect us? Will these save us from our fear?
I don’t think so.
14 comments:
Good article. Perhaps those who feel this kind of capitalism is fine should think of pumping cyanide into the air and then charging for gas masks?
I find this particularly scarey as I do have a dynamic IP address (my UK provider works in that way) and last year my account in SL was frozen, along with another account we use to hold group money. I was told that my ban had been to do with "age concerns" by a SL telephone operator I seemed to have caught off message (because on subsequent calls to LL, the operators told me they could not give out that information). After WEEKS of calls and numerous letters and TWO photocopies of my passport sent across the Atlantic to the United States (I am in Europe), my account was returned without any word from LL on the whys etc. This was a traumatic experience - the "accusation" and then the return with no explanation as to what had happened and why I had suddenly been allowed back. And subsequent requests for them to destroy my passport photocopies have went unanswered.
Of course none of these experiences matter to those making money until it happens to them. This is how unfettered markets work.Those who have the dosh and control of a profitable business will also have power and will use that £/$ power to ensure their cashcow is protected. And why in RL, the bankers and venture capitalists making the millions because of the economic crash will push to ensure unfettered markets drive the majority of us to the brink while they toast "freedom" from their walled houses and satellite/ missile protected private yachts (they do exist!)
Given that Second Life has been used as a meeting place for political action, I find it very distressing to think that anyone in possession of this gadget can gather IP addresses. It seems we are being asked to live in a police state in the name of "security" even in SL.
There is simply too much room for abuse with this. The simple truth is that anyone that really wants to cause trouble is likely already using a proxy or hiding their IP address. Maybe that's just what everyone should start doing. Here's a link you might want to distribute to anyone with privacy concerns. http://www.hidemyip.com/
Thanks for a great post. I had no idea this was happening.
Great write-up of the issue and analysis! I roughly estimate he or they made $300,000+ based on your numbers. Real $, not L$.
I would think software that works on exploiting a security gap (IP revealed) would be a violation of a TOS. But what do I know?
Is there some reason LL is not acting against this guy? Cronyism? Negligence? Misguided techno-hippie libertarian ideology? Sometimes I think LL is being used as a testbed by large corporations-foundations-big gov weirdos as some sort of futuristic test-bed.
@Plot
I think your travails are symptomatic of the problem. There is a vacuum in SL, not merely of "power," but of responsibility. So long as there are no real models for responsible and representative governance, and we are ruled only by the libertarian laissez-faire model of Linden Lab's "benevolent dictatorship," we are at the mercy of anyone who wishes to exploit that vacuum. And because most of the mechanisms within SL that would permit that are economic (through Premium Membership, content creation, land ownership, and so forth), we will be tossed to-and-fro, caught between a lazy and mostly uncaring Linden Lab, and the predators who see an opportunity for exploitation within SL.
As a coda, too, one point I forgot to make: the entire free market system, and the panic about copybotting, is founded upon what is arguably a very outdated understanding of and approach to content creation and intellectual property rights. Culturally, SL is in the dark ages of the Robber Barons in this regard, as in others.
@Siri
Yep, the potential for abuse is massive. And what in some ways makes this *worse* than a police state is that means of control are held not by a "government" that is at least nominally responsible to, or even for, the residents, but by predatory capitalist adventurers.
A police state is bad enough. Worse is a kind of libertarian plutocracy where one's security is put at risk by any number of arbitrary and profit-driven entrepeneurs, all competing to see who can wring the most profitability out of us.
@Sawyer
There are certainly those who argue that Redforce is a violation of the ToS. The counterargument is that IPs are not truly "private" on the internet. Indeed, anyone handling a music or media stream in SL has access to IPs: what makes Redzone so sinister is that it is using IPs explicitly to detect "alts." That and the fact that Redzone is so pervasive on the grid now that it has constructed a massive and probably very comprehensive database.
Some are predicting that the groundswell of opposition to Redzone (which has actually been around for a couple of years) will force LL's hand, and necessitate some kind of official response. I'm not so sure, myself. I suspect that the real dollar value of this business is going to make LL very very cautious about how they approach it.
Possibly, they will produce a face-saving compromise that shows that they "care" about privacy concerns, but not enough to completely shut down the operation. Such a compromise might restrict public access to the list of alts, while leaving the datascraping operation intact.
My own feeling is that Redzone will finally collapse in the face of opposition and boycotts of sims using it, alongside the fact that wholesale bans by IP are going to eventually rob users of a sizable proportion of their market.
But we'll see.
Scylla, great post. Thanks.
Thanks for this and all else you've done, S.
Very good article.
I've been following the debate and exposure of redzone/zFire through various blogs and forums and I have to comment about one error that's been carried through most of them.
The amount of actual copybotters is actually a lot less than everyone is interpreting.
.024% is not one quarter of a percent (as reported on some blogs/forums) nor is it one twenty-fourth of a percent.
It is a lot less.
It is approximately one fortieth of a percent.
Incorrectly using .24%
70000 * .0024 = 168 people
Using the correct figure:
70000 * .00024 = 11.76 people caught
While 168 out of 70000 AVs is bad, 11.76 people is an even worse record and gives much more credence to the idea that it is a griefing tool and nothing more.
I tried to leave my name for my comment about the math and amount of people it's actually purported to have caught but it wouldn't let me do anything but anonymous.
Camille Serpentine.
Thanks Camille!
AN UPDATE
It appears that LL has indeed moved against Redzone. They have, without formal announcement, changed the "Disclosure" portion of the Community Standards to restrict the outing of alt accounts. The new bits are bolded below.
Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about your fellow Residents without their consent -- including gender, religion, age, marital status, race, sexual preference, alternate account names, and real-world location beyond what is provided by them in their Resident profile -- is not allowed. Remotely monitoring conversations in Second Life, posting conversation logs, or sharing conversation logs without the participants' consent are all prohibited.
As a result, Redzone has apparently been forced to implement a new procedure whereby your permission must be obtained before your alts are revealed to the Redzone owner who has scanned you, likely by means of a pop-up like that used by Bloodlines to obtain permission for a "vampire bite."
Effectively, this should kill Redzone in-world. Unfortunately, however, the huge off-world database still exists . . .
Well, Redzone now asks if you consent to any datamining. Hands up who trusts zFire that a "No I do NOT consent" actually stops the scanning of your IP? Also he makes this question for consent only once per IP, so maybe you are not asked, because the person logging in with your shared / dynamic IP "consented".
And finally, zFire has named a number of "admins" who still can see the alt list, and o surprise, all his trusty fanboys are now "admins"...
Huntress, you are absolutely right. The issue of "consent" applies merely to access to the names of your putative "alts." Your consent is still not required to scan your IP info and enter this into the database.
What is more -- although exactly how this is going to work is still very unclear -- zFire is claiming that if a user bans your avatar, all other associated "alts" are automatically banned as well. If the names of the automatically banned "alts" are added to the parcel ban list (and it's not clear that they are), this will in effect publish the names of those "alts" anyway.
Much of what the changes to the CS really mean is still highly speculative: the new Zedzone system only goes into effect today. What is clear is that it still very represents a threat to privacy, and a data scraping operation.
Keep in mind, only the HUD asks consent.
The scanning devices on land don't.
Camille Serpentine
as someone said the potential for abuse is massive...and i wonder that we suppose capitalists like profits and alts do consume more, so they are not concerned with profits- it seems to me that they want to ban those who type things they do not like, for example, in a discussion i typed that Assange was a hero of the free press, and i immediatelly was disconnected from SL, so this story of copyboots is a veil to hide another issues, especially after WikiLeaks.
Thanks for the article.Hasta la victoria!
YOu do know, ZFire Xue's Red Zone is still out there being used by people even though ZFire is no longer inworld. Last I heard, he was using an alt to contact people and still selling his product. And he has made all his customers admins. The LLs need to pick through the inventory of the Red Zone users just like they did with all the copybotted items in everyone's inventory.
Meredyth Littlething
Post a Comment