your money or your life
I missed it until today, but Linden Labs made an official announcement of its September 6th discovery that “an intruder was able to access the Second Life database through the web servers.” What was compromised? “Second Life account names, real life names and contact information, along with encrypted account passwords and encrypted payment information.” (emphasis mine)
It was difficult for me to read the Linden announcement without thinking about Jason Fortuny’s “Craigslist Experiment” – and I found my perspective on the whole incident a bit skewed.
I was lead to a few questions: If you’re a Second Life GOR roleplayer, or involved in any kind of adult-oriented activity within SL, what are you more concerned about? Your financial data winding up in the hands of some Latvian credit card scammer? Or someone like Fortuny simply posting your Second Life account name alongside your actual name on Craigslist?
Services like Second Life and Craiglist allow users who are consenting adults to act like such. Bad Actors who seek to expose users’ identities, for profit or sociopathic entertainment, are potentially greater threats to these services than those whose goals are strictly financial. With the potential for the exposure of their dual identities, and with them their in-world behaviors, users of both Craigslist and Second Life face a crisis of confidence – both in the service and in the members of their community. That sudden deficit of faith is a threat to the utility (existence, even?) of these services.
Linden Labs can secure itself, let the crisis pass, and try to let users know it is safe to come back. It will have its work cut out, certainly, but the more difficult task may be in convincing users to have confidence in the privacy of their identities and behaviors. I’d posit that once user privacy is called into question, the potential for a chilling effect on behavior is quite real.