Tuesday, May 25, 2010

Emerald Releases Statement about Emerald Bug

After nearly two weeks of speculation, the Emerald Development team released a statement today regarding the so called "emerald bug" datamine release.

The Alphaville Hearald first reported a leaked database gathered by the Emerald development team on May 5, 2010, with limited screen shots of the database. They again reported on the story on May 17, 2010, this time with a full list of the avatar names listed in the database, but without the rest of the data associated with the database. The full database is, at this writing, still available on at least one data sharing site.

What is the Emerald Bug?
The Emerald Bug is a database of 16,000 Secondlife User names gathered by the Emerald Development team. As something of an inside joke, the Emerald team named the database "datamine", in reference to the act of data mining (this data was mined) and their ownership of the data (this data is mine).

How did they Gather the Data?
Emerald put listening devices on the land they own in Secondlife. There was some speculation that the data was gathered from other locations, including welcome areas, but this does not appear to be the case. If you never visited an Emerald owned parcel or region, then your name is not on the list.

Emerald used the media function of Secondlife to gather the data. It's the same function that allows users to hear music, see video and now read web pages within Secondlife. It's the same sort of information gathered by many web developers, including Google who gathered similar information about you (excluding your SecondLife user name) simply by reading this article.

Emerald apparantly DID NOT use any function of the emerald viewer to gather this data.

What information is in the Database?
Included in the leaked emerald database, known as "datamine" is SecondLife user names and their location in secondlife when the data was gathered, IP addresses, and time and date information.

What informaton IS NOT in the Database?
Very sensitive information like your Secondlife password, real name and address and other sites you've visited in Secondlife WAS NOT gathered by datamine, and cannot be determined from the information included in datamine, so even if your name does appear in the database, there is virtually no cause for concern for your privacy or security.

Why did Emerald Gather this Information?
Like many "white hat" organizations in Secondlife, Emerald occasionally suffers griefing attacks. The datamine operation was an attempt to link repeat griefers to a specific IP address, even if they change account name, so they can ban them from their in-world locations by IP and prevent griefing on their land.

Datamine apparently was not part of the Emerald Onyx project which seeks to gather information about malicious Secondlife viewers, as was suspected by many. There is no information in the datamine database with regards to viewer type which would make it part of the Onyx project.

How did the Information Get Out?
A member of the Emerald development team leaked the information. They apparently know who it was and have ousted him from the Emerald organization and tightened security within the rest of the organization. They have not said who it was.

How is all this Related to Woodbury?
Woodbury University is a Secondlife group often associated with griefing. The Alphaville Herald speculated repeatedly that Linden Labs shut down the Woodbury sim and banned many of their users in retaliation for any part Woodbury members might have had in the data leak from Emerald.

While it appears there may be some connection between the two, I suspect the recent actions against Woodbury has more to do with a general house-cleaning and security tightening by Linden Labs, including a recent (and nearly identical) slap-down of W-Hat, another group associated with griefing, and changes in the approved viewer policy.

Should I be Worried?
Whether your name appeared in the datamine database or not, there appears to be almost no cause for concern. None of the information in the datamine database can damage your home computer or your Secondlife account, nor can anyone use this information to discover any of your real life data. At this time it is very safe to use the emerald viewer. They maintain (and I believe) they DO NOT retain your Secondlife password information, nor any data about what you do or where you go within Secondlife.

Was the Alphaville Herald Biased in Favor of Griefers in reporting this story?
This is an old allegation. The Herald focuses on the misuse of the Secondlife platform as part of their journalistic mission. This includes griefing.

While they do occasionally express concerns over the rights of people associated with griefing, I have yet to see them say anything to encourage the activity or teach anyone how to do it.

The editorial policy and position of the Herald is what it is, and like it or not, what they report about Secondlife is news in Secondlife, and they're the only ones doing it. As with any writer or group of writers (including this one), we can only encourage the individual Alphaville Herald reader to use their own judgment and discernment on these issues before taking the writer's position as your own.

No comments:

Post a Comment

Vendors and Creators