Emerald, Onyx and the Client Detection System

There has been a heated debate recently about the most popular of all Second Life Third Party Viewers, especially regarding the integrity of its development team. While it is quite hard to distinguish rumour from fact, what happened is, to my very own conviction, this:

Early this year, Gemini Cybernetics released their ‘Client Detection System‘ (CDS). The system detects the use of certain ‘blacklisted’ viewers with griefing and copybot abilities. Once detected, the person who used the viewer will be stored in an external database and users of the CDS can ban all those listed in said database from accessing their land. It is being sold mainly as a tool for shop owners to fight copybotting (the copying of inworld assets). Representative and main merchant of Gemini Cybernetics is Skills Hak, who is also a developer of the Emerald Viewer (Screenshot). While the Emerald team states no involvement with the developing of the CDS, it is featured on Arabella Steadham’s developer blog and recommended by LordGregGreg Back (link broken, no cache available), another Emerald developer.

On March 4th 2010, Fractured Crystal went public (cache: screenshot 1, screenshot 2) with Onyx (access currently password protected) (link broken, no cache available, screenshot here), a project several Emerald developers (among them Skills Hak, Fractured Crystal and Lonely Bluebird) are involved in, and which deals with identifying and testing the exploits of ‘blacklisted’ copybot / griefing viewers. 2 months later, on May 7th 2010, Fractured Crystal admitted the Onyx project made use of bots (cache: screenshot), that scanned avatars all throughout Second Life for ‘stolen attachments’ (i.e. attachments, whose specifications have been registered by the creator, but show a different creator name on the wearer).

Finally, on May 11th 2010, the Alphaville Herald reported that a ‘secret’ database had been leaked from Modular Systems (who is hosting the Emerald project, along with Onyx), and soon thereafter published the names of all avatars the database contained. According to Lonely Bluebird (a.k.a. Phox Modularsystems) and Fractured Crystal, the database was used for testing purposes in order to track down griefers that attacked their Second Life regions, and contained the names of avatars who registered through the API on modularsystems.sl or visited their regions. Both the CDS database, as well as the leaked database, link Second Life accounts to the according IP adress and possible geolocation data, and store this information. Also, in the comments of the Alphaville Herald article, the source code and revision notes of an ‘Onyx’ client have been leaked. Subsequently, Phox admitted the Onyx team had been working on vLife (a copybot / griefing viewer originally made by Fractured Crystal) (screenshot 1, screenshot 2, just in case) besides Emerald, which later became the Onyx viewer.

While it is true that almost everything someone visits on the internet will record and store the IP adress, these databases are linking IPs with other information they gathered, apparently in order do make single accounts traceable, and they are doing so without informing anyone about it, and thus especially without the consent of the person whose data is being stored. It is a safe bet to say this is a violation of data protection laws in many countries. In addition to that, the fact that a large number of Second Life residents is randomly being scanned without any provocation puts the whole population under a general suspicion of doing something wrong and needing to be watched. There is also a certain strange twist to the fact that people, who have been creating copybot viewers and thus enabled copybotting, are now working on systems, which, for a regular fee, are supposed to protect people from the very same viewers their protectors made. In addition to that, they are still working on a viewer with copybot abilities.

So far, no official statement from both Linden Labs, or Modular Systems, about the implications of these events, and the future of Emerald and Onyx has been made.

[EDIT 13th June 2010: Obviously at least Phox ModularSystems is involved with the Gemini CDS as well, as I witnessed him today having access to the CDS database.]

[EDIT 28th July 2010: ModularSystems changed their website a while ago, so most of the links in the above article aren't working. All the developer blogs are gone, as well as all the blogposts regarding these events. I found a few of them in google cache and provide them as screenshots here.]