Is spyware the root cause of this data leak?

Linden Lab published this yesterday to remind people about basic internet security.   In a roundabout way it is very forcefully reaffirming Linden Lab’s position that these spam emails are as a result of user machines being compromised.  Unfortunately it ignores what is being said by those who have been affected.  The thread where this is still being discussed is here.

Once I am convinced that this was due to spyware I’ll remove these posts and replace them with a background piece and the actual cause.  At the moment I’m not at a level of comfort to be able to accept the Linden Lab position.

Without knowing how local payments work, what data is required and if you need to access the Dragonfish site to do this rather than via the Second Life web pages (and there’s no way I’m going to test it out), my problems with blindly accepting Linden Lab’s position are:

  • If an email address is used for Second Life only, the last time it was probably entered anywhere was when the email account on the Second Life website was updated – assuming people pull their emails down to an email client or it will be used to log into the mail provider if accessed via the web.  Although, web access does increase the chance that spyware could capture it.
  • Those who have identified the spam emails claim their machines are spyware free.  Although none have yet said if they run scheduled checks and if they’ve reviewed the logs down the last few months to see if anything has been picked up.
  • If it is spyware, then I would expect their non Second Life accounts to be receiving spam as well, I doubt there is anyone who only uses their second life email address, yet I’ve not seen any reports of this.
  • Whilst there is a chance that somehow this spyware is clever and targetted enough to only recognise second life accounts and wait until it has the card holder name from a transaction against a Second Life account to send the data to the data collector to enable the email to be sent out, I wouldn’t consider it likely.

I’m still not convinced this can be brushed aside as user carelessness and I would certainly be asking Dragonfish to explain. As Linden Lab are so publicly committed to protecting our data, I would have expected them to contact those who are currently claiming that spyware is not the cause of this to ask them for the emails, to check their logs to see if any spyware has been removed in the last few months and to ask them where they use the email addresses in question. Just brushing this aside as user carelessness without even going through the motions of due diligence doesn’t impress me. Just saying “contact us” in what looks like a peripherally relevant post isn’t what I would expect of a company who is so committed to protecting our data and believes in good customer relations but of course the only recent Linden Lab employee who publicly demonstrated that commitment and understanding of the basics recently ceased working for the company.

Linden Lab are extremely lucky with their user base, the user base is extremely tolerant of errors, it’s extremely rare that people ever exercise their right to complain to external authorities and they’re easily distracted.  Given another week this will have passed from most memories and this will have been just another blip on the horizon.

However, since I’m not feeling enough confidence in the Lab over this, I’ll stick to avoiding local payments and keep these posts here.

How I saved money in Second Life.

At the end of last year I spent some time away from Second Life – almost 4 glorious months in fact.  I did have to go in at least once a week to deal with the store but apart from that nothing.  I discovered that the longer I spent away from it the harder it was to force myself to log in, I was fine once I was in but eager to leave.  During that time I stopped caring about most sl things; search, the marketplace migration, the instability of the platform – even the closure of the business I used for my network vendors had a care factor of virtually zero.   It truly was a beautiful time.  I do enjoy being a virtual goods retailer but Second Life being what it is, everyone needs to come up for air and get some perspective sometimes.

Then just before Christmas I realised just how much I was neglecting it and I thought I should get back into it, so I went back to the workroom and started building.  Since then I’ve surveyed my *cough* empire and was shocked at the reality of how Linden Lab are implementing their objective of streamlining their world.

  • I’ve discovered that search inworld has been optimised once more, in fact they’ve optimised it so much that some of my smaller stores can never be returned in search.  So I’ve taken them out of search, cancelled the classifieds and am in the process of removing them and selling the land.
  • I’ve rediscovered that one of my larger parcels still doesn’t appear in search.  That classified is quite expensive but I’m almost at the stage of pulling the plug on both the parcel listing and the classified. The parcel listing drives traffic more than the classified.  LL won’t refund me for all the money wasted so far and I got tired of live chat telling me to tweak it/wait for the latest update/give it a few more days. 9 months is more than enough time to fix it and they haven’t so I can only assume they don’t want that business.
  • I’m on a version of the rc server code and I’m tired of people IMing me to say that they have an account stuck on the region/haven’t received their purchase from one of my vendors.  I’m also tired of the rolling restarts that seem to be endemic at the moment on that poxy rc.  Do you think I can find out how to get off it?  live help could only suggest I put a ticket in to ask, which of course Linden Lab have promptly ignored.
  • Inworld search is so poorly built that it isn’t even capable of keeping the returns filtered by maturity rating, add that to their inability to get some listings to actually show in search at all and to apply their relevance weightings in a manner that a reasonable person would consider logical. The only thing you can say is that it ticks the fail box.
  • Then there’s the marketplace.  The merchant back end is still at fag packet prototype level and the relevance function is once more embarrassingly bad.  I finally relisted all the items that were corrupted by the migration but now each time I make a change they lose their relevance position and of course don’t have the old xsl data which looks like it is used in the relevance calculation.  

Despite this I spent the last week considering expanding as I’ve run out of prims at the mainstore and need a new full prim region and a couple of homesteads. 

So I did some pros and cons – here’s the list:

Pros

  • I can keep releasing items. 
  • I can make the store more visually attractive and easier for shoppers to find what they are looking for.

Cons

  • I’ll be paying an extra $545 per month on top of the purchase price and there’s no guarantee I’ll see a commensurate increase in sales.  
  • I can’t divide the regions into parcels as smaller regions are penalised in search, so it makes it pointless to try to cleanly target different markets
  • There’s no guarantee Linden Lab won’t stop tinkering with inworld search or the marketplace.  Last year I found out how much of my sales depend on visibility in search and in the marketplace.  I was pretty shocked at the percentage.  The risk of a recurrence of search failing to deliver relevant results is high and the amount of effort required to keep on top of their latest changes via reverse engineering (because God forbid they ever tell us what they’ve done) and then adapt to the change before they change it again is too time consuming for no real return.
  • Concurrency and demand for Lindens is reducing.  Less money and less people means less opportunity for sales.
  • I can’t even be assured that I’ll appear in search.

Now, I really do want to expand, despite the list.  So I went to the land page and there was a button that offered me a human to chat to about it.  

Want Help?

Land specialists can answer
your questions.*

*(Available Wed-Friday 8am-6pm Pacific Time)

As you can see, they’re only available a few days a week but my luck was in as I was looking at the page as these humans were supposedly there.  So I clicked the link, thinking that just maybe the human would say something that might give me the confidence to go ahead and buy – a discount would have been nice but I’ve in SL so long that I know better than that – but I wanted to try – even if they would offer something like actual attention to my tickets and resolution to the search issues I may encounter would have been enough.

Anyway, I clicked on the link and it came back “page not found”.

Sums it up really

So, here’s what I’ve done.

  • I’ve cancelled the parcel listings and the classifieds for the smaller plots that are no longer returned in search. 
  • I’m going to close them and sell the land. I toyed with buying a 1/4 sim on mainland as a sop but the fact they’re all RC is enough to put me off that.
  • I’m not going to expand – Once I can no longer remove prims to make way for the new releases that will be it.

Which means..

  • LL have lost at least $6540 usd plus sinks per year (I was planning on converting the new homesteads to full prims later in the year as part of the growth plan, which would have uppped the overall take – assuming they could do something as simple as upgrading them)
  • I’ve gained many hours in my day as I don’t have to spend all that time setting up the new regions
  • and soon I won’t have to worry about creating anything as there’ll be no room to put it

Pretty well any other B2C outfit would have been all over me at the thought of generating that kind of income, then there’s Linden Lab.  I suppose Linden Lab think they’re creating the new paradigm for self-confessed successful online businesses that in reality are struggling –  Don’t provide service, look amateur, deliver  a shoddy product, pretend the customer doesn’t exist when they ask for help via the support they supposedly pay for and better still, ignore the key drivers for your business and make it as hard as possible for your users to use your service.

Why do they do this?  Are they really so ignorant of the underlying drivers for their world?

What price to recommend Second Life to others?

Linden Lab have begun their (extremely) low key advertising in an attempt to increase their userbase.  In the last 24 hours I’ve seen the new YouTube ad

and now I’ve just seen the Winterfest push.

Want to win 100,000L?  That’s around $400USD.  They’re giving that away each week during December. There’s a catch though, you have to find some poor soul who has never had an account and get them to not only sign up but log in..  

Between November 25th and December 31st, for each new person you successfully invite into Second Life using the form below, you’ll earn one chance to win the weekly drawing for a L$100,000 prize.

and the fine print (which they conveniently forget to mention in the blurb above) is that you don’t even get the Lindens.  It’s to be spent on Xstreet SL..  Which means that they manage to claw at least 5% back in commissions paid by the merchants that you bought from.

Very clever indeed.

Even if they were going to deposit the money straight into paypal I wouldn’t recommend SL to anyone.  I stopped bringing people in 18 months ago because of my disenchantment with the poor quality of SL and the behaviour of LL.  These days I don’t even admit to using Second Life to anyone I meet.  It’s become my shameful secret.

I’m sure there are others who will recommend, either because they still have that dewy eyed feeling or because $400 USD is a lot of money.  However, I value my credibility more. If I won’t recommend it for free then I certainly won’t recommend it for money.

Early Adopters? My F#^%ing A#%se

These people are the early adopters of Second Life:

not those who came in anytime before today.. The platform is almost legacy FFS!

But then Linden Lab have never been good at understanding things like the importance of credibility.  M said it* and the minions are parroting it.  It still doesn’t make it true.

Either the employees really are fantastically stupid or they don’t bother to make an effort to understand the concepts they spin. From the Long Tail, to their supposed SCRUM methodology and now this. The shallowness of their understanding is boggling, they plainly have no idea, they just parrot keywords and hope no one else notices the inappropriate use.

Just remember people, this organisation is selling its wares to governments and educators.  God help us.

*it doesn’t give a running time but the statement is around 40% in from the beginning

and for those of you who want to become familliar with the concept he’s talking about read this for a potted summary.

Making a profit from charity Linden Research style

Linden Lab are once again asking the content creators in second life to give their time and creativity to support their Public Relations marketing and bottom line.  The majority of which have just been told they’re to pay more for the same substandard marketing/sales service offered by XstreetSL.

https://blogs.secondlife.com/community/commerce/blog/2009/11/17/a-helpful-hand-makes-a-world-of-difference#cf


Kiva is a very worthwhile cause.  Microfinance in the developing world has been proven time and time again to be an extremely positive benefit to those who use it.  Here’s a bit of reading to give you an idea of how it works and the benefits.

However:

Are Linden Lab going to match the money raised from the efforts of their creators?  No

Are Linden Lab going to waive the fee they’ll charge to transfer the money raised out of Second Life and into the real world where it will be used?  No.

So, Kiva won’t get the full amount donated and Linden Research gets lots of good publicity and makes some money.  Clever huh?

You can support the work of Kiva directly – right down to chosing the type of microbusiness you wish to invest in. 

Do that instead.

Thanks to eloheliot for this.

 

Update: The latest data security breach in Second Life

orignal post here: https://theriseofthesurreal.wordpress.com/2009/11/19/you-think-your-real-life-data-is-kept-safe-by-linden-lab-think-again/

In a nutshell:  No substantial action from LL and they claim that someone being able to log in as someone else isn’t a security breach.

The two people who were involved in it talk about it here: http://www.sluniverse.com/php/vb/general-sl-discussion/37048-new-linden-lab-account-security.html

Two things of interest.

1. Linden Research are not treating it as a security breach (they closed the bug report that was lodged in the security section).  

2. Linden Research have a reputation for a lack of attention to detail and sloppy processing of customer issues with no reason given for their actions and no recourse.  So much so that people are reluctant to ever give names of someone if they are only peripherally involved as a spectator- simply because LL is likely to take punutive action against the name by cancelling the account.

This second element is remarkable.  Despite the quite amazing sums of money people pay to Linden Research for the use of their services there is no guarantee of fair dealing by the company.  They have a ToS that effectively states they can do what they want, when they want and you have no recourse.  If they decide to close your account they feel they have no obligation to telly you why they have cancelled it, refund you any moneys in the account (they say it’s not real, despite it having been procured with real money) or allow you access to the account to remove any intellectual property you may own.

Apparently they used to have a habit of double billing people and not refunding the account when notified.  If you had the temerity to ask your credit card to reverse the second payment Linden Research would suspend or cancel your account until you withdrew the request from the card company.

These days as I understand it they still double bill on occassions and may or may not refund.  Unsurprisingly most people don’t go to their credit card providers and complain anymore – despite these double billings sometimes being anything up to 295USD.

Now of course those companies that choose to deal with Linden Research with their new standalone system will possibly not have these problems.  I would hope Linden Research are at least smart enough to behave as a professional company does rather than the way they show their distain for their entertainment platform userbase.  Sadly companies rarely make their reasons for their dissatisfaction with a company known. I suppose we’ll find out when Linden Lab stop providing statistics to support their claims of success.  Which, coincidentaly, they’ve just done with the entertainment platform statistics feed, which can be found here: http://secondlife.com/statistics/economy-data.php  note the date on the web page.  I must say I found it amusing on many levels..

Where are they now?: Second Life

Even the BBC can’t muster any enthusiasm for Second Life anymore: http://news.bbc.co.uk/1/hi/magazine/8367957.stm

Some of the comments explain the lack of retention rate…

Second Life is boring! You can’t do anything without spending money, so for the person casually checking it out, there’s absolutely nothing to attract them. And despite the comment in the article about “talking to weirdos”, it’s actually quite difficult to find anyone in there to talk to at all.

~~~~~

I joined SL but it was absolutely impossible to navigate. I could barely get out of the intro area and once you did, there was no help or guidance left. I wandered round and round in circles for a couple of days and then gave up. It was a great idea but just didn’t work in practice. Shame, really.

~~~~~

Updates; that was what killed it for me. Every time you revisited you were compelled to upload more and more updates, which seemed really cool at first, until you realised that you were inflating the spec. Eventually, the technological improvements outstripped the natural upgrading budget of the average PC owner – there were a lot of stay-at-home moms, kids and freelancers online when I was there – and the experience became like wading through buggy sludge until it crashed on you. Not pleasant.

 

Linden Research have always been too busy to do any of this so far..  A couple of days ago they announced they’re getting rid of their volunteers they use to help those who are new and pushing it out to community groups to self manage and they also announced they were going to start charging people for using their shopping website to give away things free to the community.

Apparently though things are ok..  they’ve had a 23% increase in repeat visitors in the last year.  Which still means no real growth just people coming back.  It’s an interesting thought that they have accepted that there’s only 1.3 million people (approximately) who can be bothered to log at least twice every couple of months out of the 17+ million who have set up accounts.

This is the second of these “where are they now?” stories  I’ve seen on Second Life in the last few months.  This is despite them recently managing to get an article in both the Wall Street Journal and in the New York Times. 

Interesting times ahead.