Spidey Linden: 10-4

Spidey Linden please check with your legal departement to add legal conformity to European RGPD i-e opted in + TOS + list of people / company external use + a sticker to clearly see that it is opened to Discord

PS: As of today LL is already in total non conformity with European RGPD and privacy protection due to bots redirection and data flooding outside via HTTP with no control at all.

Woolfyy Resident Nothing passed to discord would be considered real life information, so not understanding how those eu laws would come into play with what I'm asking. Notices/marketplace sales info. no real life info is in that...

DaniSkunk Resident A post is too short to elaborate, but let's give an example easy to understand :

If you are part of the LGBTQ+ community you can "freely" act on SL and live your "second life" without quite nobody annoying you. What happens if outed ? ... SL is too small to be interesting for hackers (though there are scammers, spammers etc), which is not the case of Discord (which is much bigger and visible), knowing that bots and so on are a huge "open bar" on SL ...

From the legal point, the marketplace is covered by LL's TOS and LL bears the legal responsibility about it, including the fact to comply with international laws, security and privacy concerns. The one who ultimately legally and personally bears it in any company is the CEO as he is the mandate.

As a group owner do you have a lawyer to manage it ? NO Do you have your own TOS including the fact to be able to mention who could use your own data ? NO Do you have a compliance departement ? NO Can you according to law comply with opt-in restrictions ? etc. NO

I could elaborate on pages of legal points, as for tech any dev can explain you how easy it is to grab data in a non compliant way and i'm not here to explain how to do forbidden things though they are easy for an hacker.

As for LL and as i already mentioned, http servers grabing SL users data is already a breach (and as far as i remember forbidden though LL let's it happen), bots are easy to use to extract unauthorized data, copybots have already been the illustration of security holes within regions (look at how many paid objects are free on opensim), etc etc etc If you have any doubt just imagine that most HTTP requests work in non protected mode and like this site http://name2key.haxworx.net/ i-e 0 security ...

Let's be devil's advocate (and here we all love SL and try to make it be even better) ... if you want to break LL, simply scrap it and reveal users real identity on the usual TOR files ... as i said it not really happened till now as LL is too small to be interesting but it is easy to do as any developer on alternative viewers could tell you. As one day a friend (former Linden) demoed me, he could take full control of my ava just because we were in the same region and he had a viewer of his own (i-e not using Linden's "god mode" features) ... Then maybe this makes you understand too why some people are advocating for the ability to get rid of bots ?

BTW and in case you didn't read it yet : https://www.wired.com/story/second-life-plagued-security-flaws-ex-employee-says/ (and sorry LL to mention it but it is in open access on the web).

Woolfyy Resident when it's challenged in court than I'll reconsider, but as of now, this is a function that would be useful. until than, I guess thanks for the info?

DaniSkunk Resident already challenged and lost by GAFAM costing them billions ... at the level of LL, being blind enough to challenge it means RIP and those old enough there know how complex it has already been in the past with FBI about some other subjetcs ...

Woolfyy Resident five years later — what was the veredict on that case? I'm just curious...

That said, as @DaniSkunk already explained, whatever data is out in public is — statistics based on anonymised data will not violate any privacy laws, rather the contrary, there is no link between people's real-world data and their avatars, and this is guaranteed by LL, there is no problem whatsoever.

It's just if someone hacks into LL's servers that you have an issue :)

To be more precise, the only place where the "real world" data is stored — is on Tilia. And even there I'm not sure if you have any data. There might just be an ID ( the avatar's key, mind you!). Tilia, as a payment processor, naturally needs to know our real data but... they don't need to know what our avatar is. And, conversely, LL doesn't need that data at all — all they need is to request a payment from Tilia for a "token", and once that "token" is paid, you get your L$ (or whatever you have bought, i.e. paying region tier, or Premium, or something). Double-blind transactions!

Granted, this be hacked into, and if that happens, aye, our privacy would be compromised (as well as our credit card), and, sure, you could theoretically start having fun doxing people.

But... has that really happened?

Now that Tilia was sold, things are even more interesting, because I would claim that, in the very near future, not even LL will be able to figure out who is who in real life, since Tilia employees will not have the privilege to chat as freely with LL's employees (assuming that they did, obviously).

Gwyneth Llewelyn A public forum is not an area to explain how to violate privacy on SL, but let's say that there are already tons of easy ways to do it that those concerned already know ...

As for hooks to Discord and similar i am not the only one to be against having my group chats and so on on it, and according to European law it must be at minimum opted-in to let users refuse to be on it. Otherwise LL is violating the European law and any lawyer doing a legal action against LL would be 100% sure to win it.

Dura lex sed lex ...

PS: TILIA got created among other things because LL needed to be compliant with financial legal constraints / anti laundering laws etc. due to the mass of money managed, not only US but internationally.

Woolfyy Resident:

> "there are already tons of easy ways to do it" [how to violate privacy on SL]

Extraordinary claims require extraordinary evidence ☺️

What exactly are you talking about? If you're saying that it's easy to grab a user's IP address (and thus their approximate location) and/or avatar key (UUID) and correlate both, sure, that is possible.

It will mean that you can know accurately that "a person living in this city on that country has been around SL today, for four hours, visited two shops and then teleported to Zindra to a popular bar where 'escorts' are available".

It's not "trivial" but it be done.

But that's not a "privacy" issue in terms of your real-life privacy. Whoever is processing all that data will surely know exactly what your is doing — but they have no way of telling the real person behind the keyboard is.

If you can prove otherwise, feel free to send that proof directly to the LL security team. But you really need to show compelling evidence. I remain skeptic. I believe that someone could crack into Tilia's database and access all the user information there — which would be a serious crime — but has that really ever happened? As explained, the hackers would not even have access to the avatar's key, so they would be unable to correlate one thing with the other anyway. They get a rough idea, though, if Tilia records the IP addresses from their customers (I would think so), and that information would get hacked into as well (if someone can so easily crack Tilia's database open, I'm sure that reading Web logs would be easy-peasy...). Having the list of IP addresses from logged-in avatars the IP addresses for accesses via the Tilia web browser, you correlate both, and at least in some cases, have a rough idea of who's who.

But all the above is a hypothetical attack by professional hackers with clear goals and objectives in mind, and having access to sophisticated tools. We're talking about "Mr. Robot"-class of black hat hackers, most certainly not "tons of easy ways". It's rather "a few ways which can be exploited by sophisticated hackers".

Unless you're talking about "the enemy within", so to speak — social engineering. Get a Linden with enough permissions to look things up for you, and pay them a bribe. Sure, that works, and is "an easy way". Again, if you have proof that this actually happened, and you know who has participated in such a crime, denounce them. First, of course, to Linden Lab's security team. Then to a few other figureheads at LL. If they don't respond, threaten to dump all the documentation on WikiLeaks (or any other such place) and alert the NY Times, The Guardian, or another serious international news media, and let LL know what is going to happen they respond.

Regarding "a public forum is not an area to explain how to violate privacy [in SL]" — I suggest that you do a few searches around GitHub, probably one of the largest archives of open-source (and not only open-source) software these days. The nastiest pieces of hacking software are posted there. Publicly — for everyone to see how it's done — often with on how the tool works (i.e., what methods it uses to penetrate a system's defences). Whole communities analyse these tools in detail — in public! — and discuss them openly.

One might wonder why Microsoft (GitHub's current owners) allow all that to happen — freely, openly. And I asked. Their official stance is actually very simple: they prefer that those tools are out there in the open, . That is true for companies doing security tools (including Microsoft as well), academic researchers, and cybercrime combat teams. all that wealth of information was only available via Tor in the Dark Web, then we — the public, but also the operating system and application vendors — might have no clue about what's going on. That way, everybody learns to protect themselves .

One might argue... but surely that means that there is a wealth of "script kiddies" out there, who just download the tools, without even knowing they work, and install it on their own computers to hack at their friends (or enemies)? Isn't anybody assuming the responsibility of these script kiddies actually causing some serious damage? Like giving fireguns to pre-teens?

The argument is that this is the "lesser evil". Sure, if your system is not really up to date with the latest security patches and protections, it might be vulnerable to some (or all!) these publicly available tools, to the delight of all those script kiddies. And obviously there are many corporations and organisations that never really bother with basic security issues and are therefore wide open to potential attacks.

But have a certain degree of responsibility, as well. Nowadays, almost all software being sold will include a few clauses saying that some security patches are "mandatory" — in the sense that you to install them in order to keep benefitting from the entitlements of your license (such as basic tech support by phone, for instance). If you neglect to do your part — keeping your system up to date — then you have failed to comply with the contract, and the company which sold you a license is not liable to be sued for damages.

It's like "forgetting" to put your seat belt when driving. You might try to file a claim with your insurance company, but they will pay you anything if you don't even bother with a seat belt, which is the barest minimum in terms of complying with the insurance policy (also, driving without a seat belt on might be forbidden in many jurisdictions — but insurance companies don't worry about , they only worry if you're paying the correct premium for the amount of risk that is acceptable to ).

That said...

Sure, I can believe that there are script kiddies out there who have searched for the best possible tool to penetrate LL's and Tilia's security. I can even go as far as to believe that this might have happened once or twice in the past, and LL and the script kiddies have entered an agreement to keep the news from spreading out. There is nothing "impossible" in such a scenario — but in order for me to it, I require . Just "claiming" that "it is possible to do X", doesn't mean that "X" been done — only that it's .

In LL's and Tilia's case, there are at least some adequate measures of protection from attacks. I cannot say anything about attacks, though, and, as mentioned, everybody has a price, and all that takes is to bribe a Linden employee with full access to their databases and "make them an offer they cannot refuse". As said, this a scenario, too. But... has it actually happened? Or are just speculating about such a possibility?

Sorry, I don't really subscribe to conspiracy theories of any way, except when these have substantiated data to support their claims — and data that can be (publicly) retrieved in some way or form. For instance, if you can provide my real name & address, as well as that of a handful of my close SL friends (several of which I have met personally over the years), I'll be a little less skeptic.

With Tilia getting sold, the above experiment will be harder to replicate, since LL employees will lose whatever access they might have had to the Tilia's databases.

Gwyneth Llewelyn Sorry but i m not here to explain how easy it can be especially if you are in the same region as a user, even to take full control of an avatar as far as you have a custom viewer, which any viewer dev can show you and also the reason why viewers need to be "agreed" .. though you can easily fork one and make LL think that it is still the official one. FYI explaining how ends up being banned.

Moreover, basically as far as you have an IP (which you can get thru an http request or a medial url) ... it is already open bar.

Anyway, this has nothing to do with Tilia and the insistence that you get about it shows that you have no idea about what is hacking.

As for the initial post about Discord, if not opted-in it is simply not compliant with the European law. So, it is not even a technical problem but a LEGAL problem, where the LL's owner is legally in first place bearing the responsibility if not respecting law. Dura lex sed lex ... Read Google or Apple phone marketplace TOS if you want to understand why they systematically add which type of information is grabbed from their app stores and systematically ask you to confirm that you agree on XYZ each time your download an app.

UPDATE: An internet site that you should look at to get a better overview of privacy concerns https://restoreprivacy.com/

Woolfyy Resident all I wanted from this was the ability to keep track of notices in a manner where they would not vanish after 2 weeks and then sales from the market place and you've went ahead and totally made this about something it was not. I'll never recommend another idea.

DaniSkunk Resident No reason to stop posting ... Things are not just techy or ideas. There are also legal points as well as privacy concerns. And comments are also here to make users understand it as well as to bring new ideas.

On my side i have decades of tech as well as international law practice. You can also have a look at another post that Beq (Firestom dev head) did pointing out concerns with Discord.

Two other techy weaknesses could also be pointed out : a technique named "fingerprinting" and the fact that the browser inside LL is super basic with no real protection for users .. and i don't even talk about creators linking to non HTTPS sites of their own.

The only reason why SL till now has been quite away from problems (though LL got many in the past) is that it is too small to be interesting for real hackers. Nevertheless once the mobile viewer is going to be launched it could attract a new generation of hackers, so better anticipate problems ...