“In Emerald City we got rules, got a lot more rules than anywhere else in Oz.” ~ Edie Falco as Diane Wittlesey, Oz (via Tom Fontana).
Traditionally, the emerald is the birthstone for May. I suppose, then, it’s fitting that the current ongoing drama over the Emerald Viewer fall at this point in the year. I’ve been a bit indifferent about most of the controversy, but it strikes me that there are points to be made that I’ve not yet read elsewhere. Which is, you know, just the way it seems to work these days. After the crazy cat lady and company “rabble rabble rabble” routine of “addressing” the issue, there follows the predictable “in defense of” posts. Neither side provides much in the way of answering the hard questions or providing readers with impartial information. Thus spins the SL blogoshpere.
For my part, I stopped using the Emerald viewer a while back, for mundane reasons — I had to uninstall most of my programs due to HDD and OS issues. There are many features about it I like (built-in A/O being one of the highest), and many I’m not very keen on. I’m well aware, however, that the things I don’t like are just flaws of the Linden Lab basic product. Emerald viewer could not, for example, have all those nifty features that help negate the thin veil of basic user privacy, if Linden Lab didn’t allow it. But, I also have other concerns about the Emerald development team that linger enough to keep me from re-installing it, and some of those concerns touch on the recent public bru-ha-ha.
Recently Modular Systems (Emerald’s parent company) has engaged in a crusade-like effort to expose stolen content with the ominously named “Onyx Project.” At least, that’s what they claim to be doing. As we, naturally, don’t have anything more than their word and some vague information, it’s hard to know what the scope is of all those bots scouring the grid. I have grave concerns about a third-party trying to police stolen content in SL without any stated oversight from Linden Lab, and even graver concerns about them sending out bots to scan the grid (including, private islands). I would like a lot more information about the project and I think someone in a position of authority should be asking the Emerald and Onyx teams for more information.
Among the things I’d like to see asked are the following:
1. I’d like to know what credentials Onyx feels they have to establish themselves as an ombudsmen between content creators, their consumers, and those potentially accused of theft.
2. I’d like to know if they’re able to determine the authenticity of prim-based objects only, or if they are also claiming to be able to scan for stolen textures.
3. I’d like to know if their scans are limited to those items placed for sale, or all rezzed content.
4. I’d like to know what type of lag Onyx bots cause to SIMs and what kind of burden such bots place on the stability of private regions in general.
5. I’d like to know how Onyx is differentiating between illegally copied content and content that’s been legally altered from full perm or modify-permitted items.
6. I’d like to know if Onyx is able to discern between the producers/distributors of stolen content and people who may have come into the possession of such items unwittingly before they hand over names to paranoid creators.
7. I’d like to know if Modular Systems realizes the statement: “If content was somehow incorrectly detected it would be obvious to the creator who submitted it,” is completely meaningless, considering that we’ve all witnessed lots of cases where content creators have screamed bloody murder about theft that never happened simply because they felt something looked similar to one of their products.
8. Given that many content creators buy their sculpts from third parties who may be reselling them to others, I’d like to know how Onyx plans to track who a sculpt artist sells to in order to avoid accusing people of theft who simply purchased from the same source.
9. Finally, I’d like to know what Onyx plans to do (if anything) with the information it collects other than just providing it to content creators, and if those content creators they provide information to have to agree to any sort of discretion upon receiving information. The potential for lists being distributed for public consumption based on questionably gathered data could have repercussions.
The whole thing just feels reactionary and reckless, but I would be very interested to hear a reasoned, professional answer to the above concerns. These are just the questions I can think of off the top of my head that no one is asking and Onyx isn’t providing transparency about. I’m sure people with more coding experience than me would have other questions.
Of course, these are all directed toward the Onyx Project which is separate from the Emerald Viewer team, or so we’re told in a recent post on the Modular Systems Blog. Except the names of the Onyx team are behind a password-protected interface, so we cannot discern crossover between Emerald and Onyx team names. Not that avatar names give us any insight into which avatars are alts and which aren’t. It’s safe to assume, however, that even if the project teams are separate, they will be sharing information whenever they like and crossover between the two is a reasonable assumption. Modular Systems’ privacy policies openly allow for this kind of sharing with the simple clause: “…trusted third parties who assist us in operating our website, conducting our business, or servicing you.” There is nothing wrong with that, and there is nothing outside the norm in this type of privacy policy, especially for in-house work.
Except that Emerald seems to want to try and encourage consumers to separate Emerald from Onyx in their minds. Why exactly do they want that and why make a statement drawing lines between the different departments that omit a clear statement proclaiming that nothing in the Emerald viewer has or will contribute to the Onyx Project. Anything less is a dodge and serves only to re-enforce a link between the two rather than separate them. This can still be remedied, and should be. It’s easy to assure Emerald users that they are not contributing to the Onyx project by stating so. If, however, the Emerald viewer is being used to assist the Onyx Project, then users should be told how and why in as clear terms as possible without divulging any proprietary information.
My final concern about Emerald is directly related to the credibility of Modular Systems — and this has been the central focus of most of the he-said-she-said back and forth recently on the subject. Obviously, the hacking of one of their databases was enough to give many users concerns over the security of their systems. The IP tracking of users and their log-ins is potentially damaging to those who use both business accounts and private alts for entertainment reasons. The public brandishing of such stolen information was a huge black eye for Modular, and one they should be striving to mend in every way possible. To their credit, they have been open about the information that was gathered, why it was collected, what it was intended for and how it was abused. That’s all good, even if they had little choice considering it was out there on display. However, the same post that clarifies this, also contains the following passage:
“This situation was the result of a failure on our part to take into consideration that there are really malicious individuals out there, and while the fault is on them for the distribution of semi-sensitive information about other residents without taking into account the effect it could have on those people, the fault is also on us for allowing our security to be compromised.”
Now, this is the point where I actually start to get a little pissed off in addition to harboring misgivings relating to credibility. You see, most of us understand that regardless of SL-affiliations, given the level of coding going on to create a third party viewer, some (if not all) of the Emerald team must be intimately acquainted with hacking, griefing, and the types of people who engage in that “malicious” type of behavior. The fact that Modular named their server “Datamine” (which looks bad no matter what angle you view it from) means they’re acquainted with the dark side of the force. So why complicate matters by playing the wide-eyed innocent falling under the harsh reality of the cruel hackers? Why not just say “we screwed up and didn’t expect one of our own to go rogue against us.” It’s far more honest than trying to pass yourselves off as a bunch of rubes that got taken by the guy shilling magic beans at the carnival. You can professionally and responsibly address this kind of situation without insulting the intelligence of the community. Honesty bolsters credibility and gives those of us who would like to support you far more solid footing than the plausible deniability two-step. It would also help from pissing us off.
It should be said by me and others (because Modular can’t) that the fact that some of the Emerald coders may have been on the wrong side of a hacking now and then is not necessarily a problem for consumers and it shouldn’t be a screaming issue for anyone with a common sense understanding of how the world works. If you are exposed to the type of gifted coders it takes to bring together a sophisticated project like Emerald, you’re also familiar with the mischievous nature that comes with that level of skill. Creativity, curiosity, and the talent to take things apart or break them down, married to the occasional desire to play pirate exists in every gifted code monkey I’ve ever known. And it’s not industry-specific. The same can be said of other creative science types in professional fields. If you ever want to bear witness to a terrifying conversation, sit around with a bunch of PHD-carrying chemists working at R&D for any pharmaceutical company and listen to them compare notes on how they almost destroyed their chem labs and/or dorms in college with pranks and experiments. It’s the same with coders, only they use 1′s and 0′s instead of chemical compounds. None of us are grown-ups 24/7/365(.2).
I can understand why Modular’s company line must avoid this reality the same way I understand why Eli Lily would never willingly reveal the college pranks of the people who give us our Prozac. But there are ways to address things without being disingenuous and feigning ignorance. You can say “we abhor this act” without the whole “we didn’t realize there were bad people in the world” stupidity. On this, Modular may simply be a little awkward with their PR and I’d like to give them the benefit of the doubt. But between the secret nature of the Onyx Project and the duck and dodge nature of their other statements, I’m not quite sure they’ve earned my benefit of the doubt yet — which is a crying shame because I’d dearly love to use their viewer more than the useless waste that is the LL official viewer.
More importantly than this single issue is how the issue is being addressed by the community. The SL blogosphere needs to start asking reasonable questions that can unite consumer concerns instead of fanning useless flame wars that benefit no one except those charging by the page view. That’s the only thing that will put pressure on content creators and third-party companies to provide the answers consumers need to make educated choices about the products we want to buy and use. So, will the grown-ups please stand up and start acting like citizen journalists, instead of just play acting?
