Before I start, let me show transparency by saying that I am not a personal fan of third party viewers. They are a giant pain in the ass for me personally. Some users have found ways to circumvent aspects of our hockey game and cheat to their advantage over the years and while this has fortunately been only a limited number of people, it requires work and new rules and essentially is a pain in my hiney. It makes the "playing field" not level. Might sound like small bananas to TPV diehards, but it's a big personal deal.
Cementing my dislike of TPVs was the Emerald scandal in 2010. The Emerald Viewer had been using their login page to perform a Denial of Service Attack on iheartanime.com. A attack like this results in the target page to become unresponsive, and have massive amounts of bandwidth and cpu cycles wasted. This is a crime in the United States and many other countries. Emerald users logged in the Emerald viewer and became an unsuspecting vector of attack towards another website, which happened to be owned by an enemy of one of the programmers.
Scandal ensued. The Emerald Team (Fractured Crystal, Arabella Steadham, Jessica Lyon etc) offered this explanation on their website:
Two weeks ago, amid an atmosphere of pride and boasting about Emerald traffic, a silly idea was hatched. This idea was to target a blog owned by a creator of a malicious viewer, and boast of the traffic Emerald has captured. The method for doing this was to add links to the Emerald log in page linked to said blog. Each time anyone logged in, our page loaded up and also the other page loaded up – simply to show off our volume of traffic. This was not a DDoS. This was a poor attempt at boasting that failed miserably. Once we discovered this, these links were deleted and the dev concerned was disciplined. The entire Emerald Team offers it’s sincere apologies for concern, panic, worry, mistrust and disappointment felt by our users because of this. I can most strongly assure you that this will not happen again.
Sincerely,
The Emerald Dev Team http://arabellasteadham.wordpress.com/2010/08/21/emerald-shennanigans/
A "silly" idea? Talk about downplay. It's a CRIME.
The victim of the attack, Hazim Gazov, posted on SLU:
They've also tried to spam my email, which I didn't notice until I checked my spam folder. Then they messed with Vivox's servers to get my voice account disabled, and stalked me to gloat about it when I hadn't even noticed until they kept bugging me to talk on voice. Then they allegedly got my ISP account to cut off my internet, which I found out about from people telling me Phox (another Emerald developer aka Lonely Bluebird) was gloating about it. I'm still using my internet, so I'm assuming someone else's was disabled.
http://alphavilleherald.com/2010/08/emerald-viewer-mutiny-fractured-crystal-thrown-to-sharks.html
Long story short (kinda), Linden Lab revoked Emerald's third party viewer approval and permanently banned several of Emerald's developers.
As of 10am PT Wednesday, September 8, the Emerald Viewer will be blocked from logging in to Second Life as a result of violations of our Policy on Third Party Viewers. Residents who have been using any version of the Emerald Viewer will need to use a different Viewer to access Second Life. You can download the official Second Life Viewer, developed by Linden Lab, here. Or you can learn more about alternative Viewers, developed by third parties, here. There are several new Viewers listed in the TPV Directory, so there are many alternatives available to you.
We take Residents’ privacy, safety, and security very seriously and will take action to enforce the policies that help protect it. As our CEO, Philip Rosedale, has blogged about, we recently removed the Emerald Viewer from our Third-Party Viewer Directory due to violations of our Policy on Third-Party Viewers.Since then, we have been in communication with the Emerald development team and have requested several changes in order to remedy violations of our policy, including changes necessary to meet our privacy requirements, and to address GPL license violations. Unfortunately, the team was unable to comply within a stipulated time frame. As a result, we have decided to block logins from the Emerald Viewer in order to protect our Residents. All versions of the Emerald Viewer will be blocked from logging in to Second Life as of tomorrow at 10am. Please be aware that attempting to circumvent our blocking to access Second Life with a banned Viewer is a violation of the Policy on Third-Party Viewers and may result in the loss of one's account.
Many Emerald developers left to work on a new viewer project, Phoenix, which is essentially the same as Emerald. Phoenix is headed by Jessica Lyon.During the Emerald scandal, Jessica was deeply involved (though always deep in denial). Audio tapes surfaced of conversations between her, Arabella, Lonely Bluebird and Fractured Crystal in which they poked fun at SL, made light of the situation, and worked together on contrived stories to release on their website about what really happened.
http://www.youtube.com/watch?v=rwmVj9u7C3U&feature=related
http://www.youtube.com/watch?v=3iB9g6O9NEo
http://www.youtube.com/watch?v=tNB1uDc6CBw&feature=related
So this is all old history. Now, this week, Linden Lab releases information on TPV policy changes in the works.
http://community.secondlife.com/t5/Second-Life-Viewer/Third-Party-Viewer-Policy-Changes/m-p/1399141/message-uid/1399141
02-24-2012 02:06 PM
Protecting Second Life users’ privacy and security is a priority, and today, we’ve made some changes to our Policy on Third Party Viewers to strengthen those protections for all users (Section 2.a.iii, 2.i, 2.j). We’ve also updated the policy to be clearer about the sorts of innovations that developers should work on for their particular Viewers (Section 2.k), and which they should work on in partnership with Linden Lab for all of Second Life. This is so that we can avoid the problems that result when a Viewer changes the way elements of Second Life are defined or how they behave, in such a way that users on other Viewers don't experience the same virtual reality. Here are the new sections of the policy:
2.a.iii : You must not provide any feature that circumvents any privacy protection option made available through a Linden Lab viewer or any Second Life service.
2.i : You must not display any information regarding the computer system, software, or network connection of any other Second Life user.
2.j : You must not include any information regarding the computer system, software, or network connection of the user in any messages sent to other viewers, except when explicitly elected by the user of your viewer.
2.k : You must not provide any feature that alters the shared experience of the virtual world in any way not provided by or accessible to users of the latest released Linden Lab viewer.
We encourage Third Party Developers to continue innovating with unique user interfaces, niche features, and ways of interacting with the virtual world, and we look forward to working in partnership with developers on ideas they have for new or improved shared experiences for all of Second Life. We want to incorporate more innovative new features into Second Life to improve the experience for all users, and we encourage TPV developers to submit proposals through our standard process.
To someone like me, who for whatever reason has issues with TPVs and how they allow exploits, this is great news. The important part: "
This is so that we can avoid the problems that result when a Viewer changes the way elements of Second Life are defined or how they behave, in such a way that users on other Viewers don't experience the same virtual reality."
To the diehard, rabid users of TPV's (and let me say not all users are rabid--it's that percentage that gets in your face) this is akin to hearing the world is about to end. Panic and drama ensues. Most interestingly, Jessica Lyon has inserted herself into a conversation on SLU about the changes. Naturally, the thread had gotten derailed (in numerous directions) and she winds up there once again defending herself about her involvement with Emerald. Not so surprisingly, she has "new details" and is once again attempting to rewrite the history of what happened.
Jessica Lyon: "Hazim discovered that fractured and phox had injected code into the KDU file which broadcasted viewer information that only the Onyx viewer (Owned by frac and phox) could see. Drama ensued internally on the emerald team, some members quit. The code was removed but none the less Fractured was upset he got caught. Out of revenge Fractured used the Emerald login page to perform a DDOS against Hazims blog. It failed miserably... When we found out about the DDOS Fractured was kicked off the team, although it was stated publicly that he voluntarily stepped down to save him the humiliation. More drama ensued, more developers left. [Correction.. as the memory comes back to me.. he was given an ultimatum. Quit or be kicked off.. and he quit...Apologies. ] LL gave us their conditions, which were that we did not use KDU, Fractured, Phox, Skills and Discrete leave the team. Frac was already gone, Discrete and Skills stepped down gracefully (I respect them both for that). Server control was handed over to Arabella, or so I thought. Arabella and I went on Treet.tv to which I read an official statement that we will be complying with the requirements, as I was lead to believe that was the plan. Note: I had just had two molars pulled the day before, could barely speak and was stoned out of my mind on pain killers. Then I found out Phox was not going to step down, so I tried to organize a take over. I created a new dev chat, invited the good devs left and Arabella and we began planning. Until I found out Arabella was actually feeding all this information back to phox. More drama ensued. Then they decided they would release emerald 2600 which would spoof the viewer channel in order to circumvent the block. Arabella was in favor of this, I realized all was lost. I stepped down and began the creation of the Phoenix team and phoenix viewer. I was considered a traitor by many for doing so. Up until this point no one had been banned. Phox with Arabella's help then released Emerald 2600, which got Phox, Frac, Arabella hardware banned from the SL grid. Phoenix viewer was released, and emerald viewer was then blocked by LL. Fractured in fact came back into SL, and for many months he was hell bent on destroying the phoenix project however I think he's gotten distracted by minecraft now. As far as I know Phox never made any attempts at returning to SL, nor has Arabella. For a while I know Arabella moved to InWorldz, no idea if she's still there now. The KDU Drama. Fractured and Phox had coded into the KDU.exe file some work that would broadcast encrypted information about the folder location of the viewer installation. If you had the encryption key you could see the folder structure leading to the installation. Onyx viewer was able to see this info. What was bad about it, aside from it sending information without users consent was that it would display the users computer name. Example. C:\Users\Computer Name\Program Files\Emerald viewer\. The reason they did this was so that they could see who was using the emerald KDU in some other viewers installation. So if it said C:\Users\Computer Name\Program Files\SomeOtherViewer\ they would know.The DDOS was done through an iFrame on the login page, so that everytime a user launched the viewer and the login page displayed, it would send requests to Hazims blog. The intent was to take Hazims blog offline. Hazims blog was hosted by a major blog provider.. so it had no effect. Now you know."
Well, what we know. Jessica was deeply involved with Emerald, yet claims she knew nothing of what was going on (
Lonely Bluebird: I mean the closest person here to me is Jess..and I don't think she's going to call the cops.). Jessica claims she is doing everything out of the goodness of her heart. She's now rewritten the history of how Phoenix viewer started and what her intentions are, and naturally, we're supposed to believe her, trust that she actually knows what's going on, and feel comfortable with allowing the viewer access to our computers. Anything that went wrong we can merely blame on her being stoned out of her mind on post-extraction pain killers. Someone call the Waaahmbulance.
I suspect LL is moving carefully towards a point where TPVs will no longer be allowed. After the scandal of Emerald and other rabid TPV dramas, I suspect they are sorry the viewer code was ever made open source anyway.
If you're using Phoenix and weren't aware of this history, well, "now you know." It's nuts, all the denial aspects from the former Emerald, now Phoenix team. It's akin to how you'd feel if some politician kept getting caught in scandal after scandal from his political team and his only excuse was "I didn't know." Ok, so you're either really dumb and blind, or you're lying, Mr Politician. Either way, don't expect my vote.
No comments:
Post a Comment