Linden Lab to Create De Facto Tiered Service
As we wrote about earlier on 3pointD, Linden Lab, creators of the virtual world of Second Life, has been met with an outcry over recent changes to their registration system, which no longer requires billing information or real-world identifying data of any kind. Now, to mollify residents’ concerns over unchecked griefing, LL is planning to scrape users’ hardware for identifying information, and to install tools that would let users ban non-paying members from their land, according to a blog post from LL’s VP for community and support Robin Harper. This is perilously close to jumping the shark, if you ask me, and certainly steers Second Life away from the open platform that LL CEO Philip Rosedale has said he wants it to become.
The open registration model has had benefits for LL already, increasing the number of new members and opening the doors for members from countries outside the U.S. who had not been able to join because of conflicting payment systems. “After opening registration the ratio of international to US registrants changed from 25/75 to 50/50,” Harper writes. That’s an excellent result. But the effects of the coming change may not be so salutary.
From tomorrow, as the company’s updated Privacy Policy will reflect, LL will begin scraping users’ hardware for identifying information. Harper: “The Privacy Policy now points out that if you install Second Life software we’ll be collecting information about your computer. The point here is to allow us to verify a unique identity and therefore better contain griefing by multiple accounts from one system. This information will not be available to non-Linden employees, and will only be available to Linden employees in an encrypted (”hashed”) format.”
It would be nice to know exactly what this information is. I’ve fired off an email to LL, but they’re not awake yet out in California, so I’ll let you know if I hear anything. No matter what it is, though, this will be perceived as spyware. And in many ways, it is. The Internet is still a fairly insecure place, both technologically and legally, and it makes sense to collect as little of this kind of information as possible, if it needs to be collected at all.
The other change taking place is to the software tools available to users, though this one won’t come in tomorrow’s patch: “Future releases of Second Life will allow Residents to decide if they want to allow accounts which are essentially anonymous (no payment information given to us at registration except email address) to access their parcel.”
While I realize this is something LL sees as putting more control in the hands of users, I’d argue it actually serves to steer Second Life toward the kind of functionality offered by a Web site, rather than a more metaversal model similar to what’s offered by the Web itself.
Allowing only paying users to access one’s content is somewhat unusual even for the Web. The practice of filtering who may and may not see your Web page or other Web-based profile or content, though, is hardly rare. This is a service that’s offered by any number of sites. The difference, though, is that the service is offered by the people who own the sites, and not by the platform itself. The platform (i.e., the Internet and World Wide Web) doesn’t even provide the tools, but only a way to access the necessary data and communicate it to the right places. That allows far more robust and varied applications to be built, applications that in many cases hadn’t been widely envisioned before they were launched.
Linden Lab, it seems, isn’t willing to go this far. They are happy to make payment status (not payment information) publicly available in users’ profiles, but they aren’t willing (at least not yet) to provide hooks to this data so that users can write their own apps to take advantage of the information. This radically chokes back what it’s possible to do in this area. The tools being introduced will allow users to control access to their land based on a member’s payment status — in effect creating a tiered service in many parts of the Grid (though I actually doubt many people will take full advantage of this) — but will allow little or nothing else. How much more interesting a world would it be if users were given the ability to use that status information as they saw fit?
LL’s slogan is “Your World, Your Imagination.” But that seems to include only the surface of the world. If Second Life is ever to become the platform it has the potential to be, LL will have to realize that its members’ imaginations are capable of reaching much further down into the mechanics of their world.
Feeds
It is not uncommon for software companies to identify you by your computer hardware these days. Microsoft does it with XP, Apple does it with iTunes and there are a lot of other examples that relate to piracy and griefing. I don’t see this in anyway as jumping the shark. Giving people the tools to keep out anonymous users however… well that’s a different story.
It’s not really a shark-jump, and I’m not necessarily arguing that the hardware-scraping is a bad thing. But it does start to point in that direction. The choices a company makes early on wrt how to deal with problems that come up often have a lot to do with how they continue. “Start as you mean to go on,” as the saying goes. Is this the first step down the road to water skis and toothy fishy things? I’m not sure, but just wanted to sound a word of warning.
We have Cristiano Midnight and others who launched the birthday celebration protests to thank for this new, more highly stratified society that serves their interests by creating a PIC — a payment inner core — that is part of keeping their commerce circles in particular and commerce in general under their control.
Chris Carella, XP isn’t a virtual world, it’s just a computer application functioning in 2-D that doesn’t *itself* constitute an environment in which business, non-profit work, and social and fun activities take place. So it’s different. If you had to be carded to engage in all these activities in RL, you’d find it intrusive and you’d be the first one howling about the over-zealous security state. Why is it ok in a virtual world?
Mark, there’s no end of tekkies in that thread on Robin’s blog, like Aliasi, telling us heartily that hashmarks are just normal things that are always picked up all the time on the Internet and we should take off our tinfoil hats.
But…we haven’t gotten a clear answer on the IP address issue, as distinct from the hashmark of the computer itself. Now, we all know, as the Lindens themselves have stated, and as the Internet’s vast experience already dictates to us, that IP addresses are routinely grabbed. The question then is whether they will *use* this information, and harass needlessly families or friends who just happen to use the same computer.
They appear to be reserving the use of such *matching* functions (as distinct from the grabbing and harvesting functions) for griefing incidents. So if they find a *griefing* account then they might tend to look around and see what other accounts have the same IP or hardware and possibly shut them all down.
What if a teen is found griefing on the TG — does that lock down his parent from the MG too? What if a chance friend uses a computer and griefs, possibly by just doing something stupid (like a simple case of swearing in PG, which I know from my own experience, even on a first-time offense, and even if it is specious and a frivolous and vindictive case, can land you a 3-day banning). The Lindens just aren’t commenting on any of these scenarious because they want to keep their options open.
>Start as you mean to go on,” as the saying goes. Is this the first step down the road to water skis and toothy fishy things? I’m not sure, but just wanted to sound a word of warning.
They’re moving in the direction of having a certified, feted, hard inner core of creators/designers/programmers who are the verified content-providers, their trusted partners who rule the world, and making everyone else the chum, yes.
Also, such a system as hashmark-grabbing wasn’t invented in a day — could they really have only *just now* thought this up because of the noise of protests? Or did they always have this in waiting, just trying to put it over on us?
LL need to make it easier for people to join. They have investors with expectations and any existing user with commercial ambitions shares with them the need to expand the user base as rapidly as possible.
The idea that this is creating a two tier community with an ‘inner core’ of priviledged creators who run the place is hard to accomodate.
On the one hand, having to hand over my credit card details just to get a look is a big ask. But if I’m in already as a bottom tier user there is nothing to stop me upgrading as soon as I want to.
Just one thing that might be important to the discussion. You said:
“Allowing only paying users to access one’s content is somewhat unusual even for the Web.”
I think the correct term would be “credit-card verified” instead of “paying users”. I joined three weeks ago for a Basic free account. A week later I introduced payment information (can’t remembar the reason I did it, but I did) but didn’t upgrade to a Premium account. You can do that.
That way, I suppose (I will verify later) I won’t be an anonymous resident. My profle should reflect that. That way I won’t be banned when that comes.
Harper’s wording, “if you install Second Life software we’ll be collecting information about your computer. The point here is to allow us to verify a unique identity and therefore better contain griefing by multiple accounts from one system. This information will not be available to non-Linden employees, and will only be available to Linden employees in an encrypted (”hashed”) format.”
The corresponding changes to libSecondLife seem to indicate that this information (MAC address) was collected previously as well, but was transmitted plaintext. As John Hurliman explains, “What’s interesting to note is a hash of the mac address is now sent, instead of the plaintext MAC, so I’d say this release is actually a net gain in privacy for the end user.”
From a strictly technical standpoint — which is to say, without speaking to the privacy concerns — this is a preventative measure. Given that one can specify a login server to use when authenticating, dedicated griefers need only establish proxies through which their sessions would be sent, rendering LL’s ability to deny service to IP addresses or subnets ineffective. As far as id0 — this information will get out anyway, I expect — the field remains optional, at least for the time being…
Cw
[…] Bryan Los at The Scripted Lizard has found a workaround to Linden Labs’ recent announcement that they will ban flagrant asshats from the game through use of the creepy spy-on-your-hardware software installed as part of the Second Life package. […]