Tag Archives: RedZone

Re-entering the RedZone: the JLU

6 Replies

Controversy has recently been growing (yet again) around the so-called Justice League Unlimited within SL. This is a group of self-styled “law-enforcers” that has long been active in-world, supposedly protecting the innocent against dirty wrong-doers, with their avatars garbed in comic book superhero outfits.

Leaving aside their implicit violation of a certain comic book publisher’s IP rights – this group has long had a less than stellar reputation, and is not above overlooking inconveniences to their “duty” such as the Second Life Terms of Service. Evidence is now emerging that the JLU are (again / continuing to be) involved in RedZone-like data-gathering – and going a lot further in the process by attempting to put together dossiers on anyone in-world they consider a “threat”.

Avril Korman has written an excellent piece on the JLU’s activities, and it is a recommended read. For those that feel the same level of concern for the JLU’s activities as they did with RedZone, there is also an on-line petition aimed at Linden Lab to have the JLU’s activities properly scrutinised. You may also wish to consider adding your own e-signature.

Additional Reading

Update – 2nd September

Redzone: closure of a sort

Leave a reply

As headlined by Tateru Nino, the RedZone farrago both returns and gains a measure of closure.

Michael Stefan Prime (Aka TheBoris Gothly and Zfire Xue) – identified as the man behind the RedZone tool by other SL users – has been remanded into the care of US Marshalls and a four-month prison sentence after pleading guilty to four out of seven charges of parole violation, specifically:

  • Associating with Shawn Cahill, a three-time convicted felon, in violation of standard condition 9 that he not associate with any person convicted of a felony.
  • Failing to allow the U.S. Probation Officer to inspect any personal computer owned or operated by the defendant in violation of the special condition directing him to do so.
  • Failing to notify the U.S. Probation Officer of all computer software owned or operated by the defendant in violation of the special condition directing him to do so.
  • Beginning employment without prior approval by the U.S. Probation Officer, working for cash, and engaging in employment that did not provide regular pay stubs in violation of the special condition directing him to do so.

Interestingly, as recorded in court documentation, the prosecution moved to dismiss three other violations when Prime pleaded guilty and waived his right to any evidentiary hearing relating to the four charges above. The three additional charges comprised:

  • Committing the criminal offence of Possession of Stolen Property 1st degree on or before March 23, 2011, in violation of the general condition that he not commit another federal, state, or local crime.
  • Committing the criminal offence of Trafficking in Stolen Property 2nd degree on or before March 23, 2011, in violation of the general condition that he not commit another federal, state, or local crime.
  • Associating with Shana Bobo, a three-time convicted felon, in violation of standard condition 9 that he not associate with any person convicted of a felony.

The first two of these charges relate to earlier convictions against Prime, although it is the third charge, relating to one Shana Bobo, that is liable to generate further speculation among SL users who have followed this case and the entire RedZone situation, given Prime’s involvement with a female SL user at the time of RedZone.

Details of the original case against Prime, which lead to his imprisonment and eventually the violation of the terms and conditions of his parole as a part of the entire RedZone affair, can be read on-line.

There are still issues surrounding this entire sorry affair – not the least of which are vulnerabilities within the Second Life software environment and the fact that four months down the road, Linden Lab still have yet to incorporate the Media Filter code that is readily available in all responsible TPVs, which can warn users of a potential threat to their privacy.

However, as far as RedZone itself is concerned, this will hopefully see closure brought to that particular sorry affair without people feeling the need to dig further into this individual’s past and engage in trial-by-forum, which came to undermine much of the good work carried out to try and stop such exploits and identify in-world sims where people could find themselves open to data-scraping by the RedZone tool.

zFire Xue gone

4 Replies

The account belonging to zFire Xue, creator of RedZone, together with at least one of his alts, “theBoris Gothly”, has gone from Second Life.

So to have the contents of zFire’s store. The news came at around midnight, UK time with posts appearing both in the ever-Epic SLU Thread and people Tweeting on the matter as well.

As the news spread, people started heading for the sim where zFire had his shop – and sure enough, the place was empty.

So – is this a cause for celebration? Is the great hoo-haw over and done with?

Well…sadly, no.

Sure, there is some reason to celebrate; RedZone has been the focus of a lot of effort, and deserves a moment of celebration; but the fact remains that at the time of writing:

  • Certain locations across the grid were apparently still running RedZone
  • RedZone remained available on SL Marketplace
  • Others whom seem to be involved with zFire Xue remain active in Second Life – indeed, one such individual ejected the 30-or-so people checking over zFire’s shop…

That the product is still on the Marketplace could be down to nothing more than a delay in getting things sorted over at LL. That those associated with him have not gone could be down to just that – they are associated with him and his device, rather than clearly and unequivocally part and parcel of its creation or a part of selling it directly in-world or via the Marketplace (where zFire Xue used his “TheBoris Gothly” alt). That RedZone devices are still appear to be functioning in-world is again a little confusing: unless purging them from the LL servers is taking time as well.

Assuming that zFire has gone, and that RedZone is to be removed from the Grid and the Marketplace, than there is cause for celebration to a point. However, the media exploit still exists, there are other devices still out there, and so there is still more work to be done.

Addendum 16th March 16:45

A further quick tour of sims known to be using / hiding RedZone showed that none of them caused a media filter alert of any kind that pointed towards the RedZone URL, or anything of suspicious concern.

Elsewhere it is reported that RedZone devices have had scripts pulled from them. Given that RedZone users were previously instructed by zFire to move the scripts from his own device to prims of their own making, this would seem entirely logical: zapping the scripts would be more effective that simply pulling devices tagged with zFire Xue as the creator.

zFire Zue himself went on the warpath prior to his ban from SL (the interview took place on the Saturday prior to him being banned, but was published – ironically – on the day of his ban), and indicated a potential link between himself and the Knights of Mars, a vigilante group that can allegedly  - and for a fee – get any user banned from SL. Given his companions are still involved in world, some are speculating on whether this matter has entirely closed with regards to RedZone.

Restoring confidence

2 Replies

Just how widely known is the RedZone issue?

One could argue that it is constrained to a few hundred people – the Greenzone group, those that blog about the situation and those that participate in or watch the SLU Epic Thread. Many are involved in all three, making the count apparently smaller.

However, go in-world, and it is clear that a lot of people are aware of the issue. Talk comes up in Groups, Notecards are being distributed, advice given, and so on. CouldBe Yue, a long-time resident is spearheading a Twitter / Facebook campaign to make sure the word on issues of privacy is spread outside of Second Life itself – and is in full view of Linden Lab employees – including Rod Humble. Whether this is advisable or not, given the aggressive tone, is hard to say. It could so easily backfire, if one is honest.

That said, Rod Humble actually took time out to make a couple of appearances of at SLU: the first to publish a couple of comments in a thread designed to poke gentle fun at him; the second to make it clear he is aware of the levels of concern by sitting in on the Epic Thread itself – not contributing, just quietly watching.

Many are getting decidedly upset that despite all that has happened, RedZone remains available in Second Life. As such, innocents unaware of all that has happened may well be getting sucked into the scam. Some are already writing Rod Humble off as a CEO; others are demonstrating more patience.

But…one thing is clear. Confidence is being hit. Privacy issues cannot be ignored. Not only do they impact individual users in terms of their enjoyment of the platform, they threaten to destabilise one of its major selling points: – the ability to enjoy rich media content and performances by live artists all over the world.

If people simply shut down their Viewer’s ability to deliver media, or repeatedly keep hitting DENY on their Media Filter, than music of any kind in SL is going to be a major casualty. As it is, determining what may be a genuine music stream and what may not, isn’t particularly easy for the non-technical. Ergo, unless some positive action is taken, there is a risk more and more people are simply not going to risk accepting unknown media streams – and could well stop going to venues and shows.

As I’ve already commented, it is time for LL to stop playing whack-a-mole in these matters.

But, what, precisely can they do? Viewer 2.x doesn’t have the Media Filter, so any public statement could, at the very least, result in people stampeding away from it to third-party viewers. At worst it could result in panic in general, a further loss of confidence and very negative tabloid headlines (“Linden Lab admits Second Life wide open to hackers and fraudsters!”).

Some have said the lack of action on RedZone specifically is due to an on-going Federal investigation. Well, this may be so; but I can hardly see the Feds saying to LL, “No, you can’t protect your users from this scam, because we need to do X, Y and Z.” Let’s face it, LL can block and ban any item or individual howsoever they like, without having to give a specific reason – and removing the items from in-world is hardly going to bring any Federal (or other) investigation screaming to a halt.

It’s far more likely that RedZone is still there because, despite all his faffing around in the past, the creator has, technically, made the device compliant with the revised Community Standards. But really, this is no longer reason to allow the device to continue in-world.

It has been established the database has been hacked; the exact status of the database is unclear data has been shared – not intentionally, perhaps, but that just makes things worse, whatever the reason for the hack.

Therefore, anyone still using the product is putting their own details and information relating to anyone else entering their land without the benefit of the Media Filter potentially at risk. Therefore, it is simply in the best interests of all concerned to ensure RedZone is removed from all in-world locations.

Right now, the longer it remains, the longer people are going to stay focused on it, and the greater are the chances that SL’s – and LL’s – reputation is going to suffer greater damage, be it through tabloid reporting or through Twitter and Facebook campaigns.

I still have faith in Rod Humble. He walked into the middle of this mess, and so it’s going to hit him hard. I would also like to believe that he genuinely believes his own comments on matters of privacy. As such, and in order to start rebuilding confidence, I’d strongly urge Rod to:

  • Have RedZone removed from the grid. Now. Whether or not it is in violation of the ToS and / or the Community Standards is no longer relevant.  The database behind it has been compromised; it is no longer clear if the database is up or down, or even under the control of the individual who created it. As such, the risk to those both using the device and those being unwittingly scanned has potentially increased exponentially
  • Made sure adoption of the Media Filter in Viewer 2.x is accelerated. Make it a priority. Get a Viewer updated out into the world with the Filter included. People can wait a little longer on things like VWR-1037, but the Filter is a must
  • Made sure the release of the Media Filter with the patch is fully and properly covered: go out and blog yourself. Explain some of the issues – no need to be alarmist – describe what steps have been taken; get Torley to give a short tutorial on the Filter
  • If you’re comfortable with it, give an indication of what, internally, LL are looking at doing in the future to further strengthen the platform.

Beyond this: make sure that you address issues around the matter of data collection. Looking at the sharing of data simply isn’t enough. Sure, there are circumstances where you’d like third-party organisations to be able to collect demographics and other information; there are also user-run services that you doubtless find valuable – as we do – such as Tyche Shepherd’s Grid Survey that need to be allowed to continue. But such cases can be ring-fenced. Checks and balances can be defined.

You have a ToS and a set of Community Standards and a Privacy Policy that stand as a triumvirate guarding the entry portals of Second Life – but they are either somewhat contradictory in terms (ToS 4.3 and ToS 8.3 being the clearest examples of this), or they simply take on a one-sided approach of safeguarding Linden Lab.

If you truly care about your users, take the time to overall the ToS the CS and the Privacy Policy and make them a cohesive set of documents that protect Linden Lab and offer your users a reasonable expectation of security and privacy as they go about their Second Lives. Be transparent. People will trust you more for doing so.