Posted in General, Opinion, Privacy & identity, Second Life, Viewer 2.x

Display Names – what could go wrong?

There’s a lot of buzz about the new Display Names feature that will allow you to appear to change your avatar’s name.

I’ve heard a lot of people remark that this sounds wonderful, because they’ll be able to call themselves “Sensible Name” rather than  “SomeStupidNameBigBoobies69 Sillyname” (which was funny right up until the point they realised they couldn’t change it).

Well, yes. But unfortunately they’ll also be able to call themselves “Jackie Graves”, “Stiletto Moody” or “Truth Hawks”. But not “Torley Linden”.

Why not “Torley Linden”? Because the Lindens recognise that could lead to confusion. That’s right, they are not going to put any safeguard in to prevent impersonation, Phishing, character assassination, smear campaigns or trashing someone’s reputation unless it’s one of them.

This just seems totally insane to me. If there is no issue with impersonation, as the Lindens want us to believe, then why stop people using the name “Linden” in a Display Name? Or, if is more obviously the case, there *is* an issue then why are they not taking steps to protect *our* identities as well as their own?

The response Linden Lab are making is that these are only Display Names and people can drill down into the profile to see the username. That’s all well and good, but in the Real World we know that email-based Phishing attacks are successful. Do ordinary users look at email headers to see what the actual email account is when the display name is “PayPal” or “Amazon” or <insert the name of your bank here>
Of course they don’t. Nor do they check the actual URL on a link that looks like www.paypal.com but which actually points to www.somedodgyphishingsite.com
So why on earth do the Lindens think users will be any different in Second Life? They’ll just file an Abuse Report against the person that they *think* is griefing them. Or buy dodgy counterfeit or malicious objects from someone they *think* is a legitimate seller.

There are several JIRA entries open on this subject, and as usual a lot of well thought out and well-explained comments and suggestions made by SL residents on them that will almost certainly be ignored by LL and ridden roughshod over.
http://jira.secondlife.com/browse/SVC-6194
http://jira.secondlife.com/browse/VWR-21053
(you may need to log in with your SL username and password to view those. It’s part of the Second Life website so safe to do so)

Likewise, there are a load of intelligent comments, suggestions and concerns in the feedback on the recent Second Life blog announcement on Display Names:
http://blogs.secondlife.com/community/features/blog/2010/08/31/display-names-project-viewer-now-available…

Personally I think the down sides of Display Names in their current form massively outnumber the up sides. However, I am depressively resigned to the fact that all reasonable debate will be ignored by the Lindens and they will press on regardless.

Posted in Opinion, Privacy & identity, Second Life, Viewer 2.x

Privacy concerns with Viewer 2.0

[First posted 09-Mar-2010 here]

If you care about your privacy and identity then be sure to read and vote on this JIRA issue

In short, any Shared Media prim has the potential to get all sorts of information about you – IP Address, Operating System & version, language (gives a good idea of country), Client & version, all sorts.
Possible exploits are linking alts to mains, griefing, stalking, RL harassment, phishing, malware and viruses.

The JIRA entry and the subsequent comments have a lot more information. And this blog is also worth reading.

I’m kind of surprised how few people seem bothered by this.

Update: This blog comment highlights a very scarily plausible scenario for how a phishing attack could successfully compromise your SL account.