In addition to Linden Lab’s official viewer, users can access the virtual world of Second Life through a number of customized third party viewers. This has created much debate throughout the Second Life community as to whether these third party viewers are safe to use.
While Linden Lab does provide a Viewer Directory that highlights viewers that have self-certified their compliance with the Lab’s Policy on Third Party Viewers (TPV), they have also stated that it is the responsibility of the user to take reasonable precautions, before installing or using a third-party viewer as it is the user (as well as the developer) who is accountable for all risks, expenses, and actions while using a third party viewer.
While these rules and risks apply to all third party viewers, the Emerald viewer has been surrounded in far more controversy and concern than all the viewers put together. However, it is also believed to be the most popular third party viewer. While we don’t know for sure the number of users who access Second Life using the Emerald Viewer, most estimates place the figures around 20-30% of all users.
For those who are unfamiliar, the controversy around Emerald begins with the actions of a number of the developers behind the viewer.
Initial apprehension stemmed from the fact that several of the developers were well known griefers and had previous accounts permanently banned from Second Life. These concern were then followed by a slew of others such as:
- privacy concerns
- reports that developers were data mining and had compiled a database of avatar names, IP addresses, and geo-location information for SL users
- controversy over Onyx and the Client Detection System (CDS)
In addition, last week, (now former) Emerald developer LordGregGreg published a sharp-tongued post questioning Emerald’s integrity and the moral compass of it’s developers, citing issues such hidden code “that braodcasted your viewers title bar and executable path in a obfuscated manner” and stating ”To the people who have took my word on emerald’s credibility, I apologize deeply for my claims.”
Denial of Service and the TPV
As if that wasn’t enough over the weekend news came to light that Emerald lead developer Fractured Crystal, committed a crime by launching a distributed denial of service attack (DDOS) and used the computers, bandwidth, and (blind faith) trust of every Emerald user to do so.
Emerald PR representative Arabella Steadham denied the attack stating that is was just a prank or “shenanigans” as she called it.
“This idea was to target a blog owned by a creator of a malicious viewer, and boast of the traffic Emerald has captured. The method for doing this was to add links to the Emerald log in page linked to said blog. Each time anyone logged in, our page loaded up and also the other page loaded up – simply to show off our volume of traffic.
This was not a DDoS. This was a poor attempt at boasting that failed miserably. Once we discovered this, these links were deleted and the dev concerned was disciplined.
The entire Emerald Team offers it’s sincere apologies for concern, panic, worry, mistrust and disappointment felt by our users because of this. I can most strongly assure you that this will not happen again.”
As news spread on Twitter under the hashtag #EmeraldGate, Linden Lab began to take notice. The Security Technical Lead for Lab, Brian McGroarty (aka Soft Linden) responded by stating:
“’Crosslinking’ drops the context of hiding gibberish requests to a critic’s website in a hidden frame that will never be revealed to the user. This isn’t a mere hyperlink to another page or naively stealing someone else’s image hosting.
My read (but I’m no lawyer) is that this looks like 2.d.iii of http://secondlife.com/corporate/tpv.php and we’re already having that discussion. If anyone can come up with specific reasons why this might have had legitimate reason to be there, or how this one could be yet another oversight or mistake, that would be helpful. I sure haven’t heard any to date.”
The TPV policy section referred to states:
“d. iii. You must not launch Denial of Service (“DoS”) attacks, engage in griefing, or distribute other functionality that Linden Lab considers harmful or disruptive to Second Life or the Second Life community.”
Some time later, the Emerald Viewer was silently removed from the viewer directory by Linden Lab.
Eventually Fractured Crystal admitted the DDOS, removed himself from the project, and transferred control of the project and the web server to Arabella Steadham.
A New Emerald
New owner Arabella Steadham and Emerald Quality Assurance officer Jessica Lyons appeared on the Tonight Show with Paisley Beebe to discuss the entire cluster of events as well as to announce that the Emerald team had undergone a massive restructuring and would be applying again to the viewer directory.
Today the new Emerald site went live.
While the appearance on Tonight Live was reassuring to some users, many are still questioning whether the Emerald team can be trusted.
As of this date, the Emerald viewer has not be re-included in the viewer directory, despite the fact that it advertises the listing on the About page of the new site.
Is the Emerald Viewer compliant with the Second Life Terms of Service? Yes, Emerald is compliant with the ToS, the Community Standards, and the Third Party Viewer Policy. We are also listed in Linden Lab’s Viewer Directory.
In addition, while it was announced that the development team was restructured the new site’s team list includes previously scandal-plagued members Skills Hax and Lonely Bluebird (aka Phox).
New owner Arabella Steadham has now also come into question. During her appearance on Tonight Live she told host Paisley Beebe that she did not lie when she called the DDOS a prank. She states that she herself was lied to about the attack. Her lack of technical knowledge has led many to question how she can ensure Emerald’s integrity. Ms. Beebe also asked her if she would now be accountable to users by providing real world contact information. She declined stating that she was accountable to Linden Lab and “they know who she is”.
In fact all that Arabella Steadham could offer Emerald users was her apology and her word.
But is that enough?
Third Party Viewers aren’t the only ones who receive criticism. While users of official Second Life viewer have no concerns about security, privacy, or ethics, they do have trust issues. Many users anxiously waited for the new elusive Viewer 2 while Linden Lab worked on it behind closed doors. When it debuted many were not only disappointed, but annoyed by the changes. In fact, it was these changes that led many to download a third party viewer.
At this year’s Second Life Community Convention (SLCC) Linden Lab announced several significant changes including Project Snowstorm. Project Snowstorm hopes not only to improve the viewer, but CEO Philip Rosedale says that the Lab wants to “win back the lead”, and have the best viewer overall. With Emerald users wary of the Emerald viewer, Linden Lab is positioned to do just that, but first they will also have to regain user’s trust.
Project Snowstorm is prepared to begin rebuilding that trust by promising transparency and allowing users to participate in the process. It sounds like a good plan, but many users are still skeptical that the Lab will follow through with what they say.
It seems like both Emerald and Linden Lab have a lot of work to do if they want to gain back their users trust.
- “Acta, non verba” - I borrowed this phrase from Crap Mariner who applied it to both Emerald and Linden Lab. Declaring trust does not create trust. It’s not what you say, it’s what you do that counts. If you want your users to trust you, show them by your actions. You are what you do.
- Lead the debate, don’t hide from it – In our new culture of social media, we now have the ability to identify and address potential crises as they surface. Users are listening to what you have to say and are eager to hear your response. Defensive posture implies that you have something to hide. However, when you are silent, others can create the truths about you.
- Be Accountable – Trustworthy messages must come from a trustworthy source. Say what you mean and mean what you say. If you were wrong, or made a mistake, admit it. Give users a way to communicate. Robert Scoble is the perfect example of this. Here’s a guy who is an internet celebrity, worked at Microsoft, has just as many haters as followers, and was willing to put his cell phone number on his website.
Update 2:20pm - This afternoon at I received an email from Linden Lab CEO Philip Rosedale that informed Second Life users of the denial-of-service attack and that Emerald had been removed from the viewer directory. Philip explained that the Lab takes take privacy, safety, and security very seriously and work to protect it. You can read the for email on (which has been posted on the official blog as well) here. I applaud Linden Lab for their action throughout this manner.
As users the ball is back in our court.