A Question Of Trust

So the big news of the day, Hamlet Au of  New World Notes tells us on Twitter:

“OMFG I just narrowly survived certain death from a 6 inch stiletto heel flung at Mach 2 speeds by a half naked club girl off 6th st!”

I did titter when I read this, but really, that could have been a very nasty incident and it sounds like a very nasty girl was involved, and I don’t mean nasty in a good way. Ok Ok the real talking point of the weekend, the Redzone hacking issue and the Video. Let’s start with the Video. A Video posted to YouTube had a person appearing to tell someone how they logged wrong passwords because people often type passwords for other services when logging into other sites, this could be a way of cracking people’s accounts, the product that was apparently logging these mistyped passwords, was allegedly Redzone.

I haven’t commented on the video here, first of all it still isn’t clear who posted the video, although the claims that someone has hacked YouTube, edited a timestamp on a video so it looks like it was posted in August 2010 and the act carried out by Greenzoners looking to undermine Redzone, are absurd. However, someone did post a video to YouTube, you can see details of this allegation at Tateru Nino’s blog.

The Video was promptly removed but other copies exist and links have been circulated. This raised red flags right away, not because of whom allegedly posted the video, but because it does explain why we should be careful with our logins and why account security is important, it also points out in glaring fashion why we should be careful whom we trust, trust is a key issue in the Redzone saga, Redzone users don’t trust Linden Lab to do enough to protect them and people who are angry about Redzone don’t trust Redzone’s database or creator to be ethical with their data, and really, when he threatened to take his database private and sell it, that really did prove the point of those who were concerned about what happens with their data.

However an even more serious picture is emerging, The Alphaville Herald have a very disturbing article about the Redzone database being hacked and screenshots that the hackers claim are from the Redzone database that show fields for possible SL passwords that have been logged by the system. This is an extremely worrying development for Redzone users and whereas some people might like to laugh at them, I personally find it worrying that they themselves could have been put in a position where the security of their Second Life account was at risk, indeed if this story is true or not, they should be changing their passwords just to give themselves some peace of mind.

There are issues emerging here that are going to require some deep thought by Linden Lab, I remain opposed to preventing the sale of items by non verified customers, although this is partially because of the daft system of each avatar being an individual account, when all of my accounts should be tied to one account. I’m not a fan of discouraging people from entering Second Life, or engaging with the marketplace.

However it might be time to try and encourage people to share their RL details with LL, maybe some new flags need to be created to show whether someone is a Premium Member, Concierge Level customer or payment info used customer, bright clear flags at that, ones that clearly make it visible. This won’t stop scammers right away, but it does introduce another level of trust into the equation in general. People can turn rogue when they get miffed or leave Second Life, but having a clear breadcrumb trail right back to their home address does go some way to making people behave more ethically.

Something needs to change here, the stench of all of this is starting to get overwhelming, the security issues need to be at the forefront of Second Life communications over the next week or so, good advice on password security, and really, using special characters and non dictionary words makes your password harder to guess, but far from infallible, but users of Second Life and especially those who use third party websites, need to be extremely careful of what they do and whom they trust, this is getting serious now.