Update: 2011-3-2 – RedZone removed from market place. Quickware detector disappears. CDS remains but the product description is gone.

Update: See JIRA SVC-6793 vote and watch.

More people are becoming aware of what RedZone (RZ) is and what it means for their privacy. From June 2010 to February 2011 people have changed from ‘wus zat?’ to ‘WTF is being done about RedZone?’ Alphaville Herald has been reporting the state of RedZone and resident reaction along with the Labs actions. I am getting more curious about RedZone (L$3,999 in Market Place) and decided I needed to review the product and state of drama around it.

The SLUniverse thread on RedZone, ZF Redzone, Disclosure of Second Life Alts, is now 141 pages and growing. The opening post by Helena points out what are supposed to be some of the pros and cons of RedZone. One of those ‘good things’ is detecting copybot thieves, which others have pointed out is RedZone’s weakest ability… it does a really poor job of that. I’ve already seen posts appearing where people are asking why they have been banded from some shops. So, false positives seem to be a reality.

CDS, Client Detection System, is another RedZone like Second Life tool. This tool is… rented or the service is provided on a monthly basis costing L$700 per month.  It is via CDS that we start to see some of the drama from days of the Emerald Scandal. Prad Prathivi wrote, Gemini Cybernetic CDS: Second Life’s Orwellism? in February 2010. The ties are in the relationships between CDC, Emerald, and Onyx and the people involved. Some of the same names are coming up.

Also, there are connections between what the Emerald viewer was revealing and what tools like CDS and RZ were using to detect copybot capable viewers. The Emerald viewer was providing hidden information about the viewer and supposedly by accident the user. One really has to wonder as more pieces come together.

It is even more interesting to look up RedZone on The Market Place (TMP or SMP). Along with RedZone are the tools to block RedZone.

According to the recent Alphaville Herald article, RedZone HUD Forced To Ask to Reveal Alt Accounts, the Lab has forced the RedZone makers to change how the names of Alt’s are displayed. It is the idea used with vampire bites. One must ask permission from the scan target before it will work. But, this seems to apply only to RedZone HUD and other detectors. Nothing keeps them form scanning and adding information to the database.

We’ve seen people snow the Linden folks before, so I don’t have a warm fuzzy feeling about this new development. Justine Babii tells us in the article that RedZone works by detecting the HTTP requests one’s viewer sends out to get parcel music and media information. I suspect you picked up on the point that RedZone detectors are collecting data and adding it to a database. One must supposedly ask your permission to look up your alt in the database. Right. But, you are still added to the database.

It is unclear exactly how this is too work. Some say once anyone on an IP Address consents to being scanned, the consent is recorded and anyone using that IP Address is considered to have given consent. So, if you use a wifi access point at a popular Starbucks, you could be considered to have given consent. I’m not at all sure that is true. But, we have no solid evidence either way. Nor is it clear whether it actually will prevent the scan or just refuse to let the user display your alternates’ names.

If all this had been about detectors in stores, this would not have become the controversy it is. RedZone released a HUD version of the detector that scanned the nearby area and used the database to provide a list of avatar names using the same Internet IP Address, supposedly your alternate avatars. People used this to out alternates.

Justine also reports that Melita Magic started a movement on the SL Forums to boycott any shop owner using RedZone. I would link to the thread, but with the forum changing I don’t know how long it will work.

JIRA entry VWR-24746 about RedZone violating the Linden ToS is on the road to having the most votes ever (1,442 today).

Blocking RedZone,CDS, Quickware

Boy Lane in How to block zF RedZone points out the easy fixes needed to block RedZone. I think all Second Life Residents should immediately make the change. More on that below.

There is a blog about RedZone: no2redzone. Reading the no2redzone blog will give you techie information about how the SL Viewers work to levels I have not seen revealed elsewhere. Also, there is a list of links of other anti-RedZone blogs.

How to Block zF RedZone

GreenZone is advertised as a counter to RedZone. Its purpose is to warn you that you are in range of a RedZone scanner. However, this is a race between scanners and you. It is possible GreenZone can warn you before you are scanned, if timing and lag are in your favor. It is unlikely you can get away from the RedZone scanner before it completes its scan. So, you are not protected, you are advised you’ve been done. It does tell you the stores using RedZone. Someone is probably publishing a list of those stores and promoting a boycott of them. There will be lots of drama around that.

Actual Blocking

I’m not happy with the blocking process described on Boy Lane’s blog. The essentials are there. But, if one uses Spybot, SuperAntiSpyware (there is a similarly named Trojan knockoff) and other malware blockers, it is not that simple.

Part of the networking system for operating systems is a file that contains a list of domain names with associated IP addresses, named hosts. People use domain names. Computers use IP addresses. The DNS (Domain Naming System) thing is all about getting from a people friendly name to and IP address. The file is used by system administrators for various purposes. In business networks it is often necessary to provide DNS (Domain Naming System) support not available on public DNS servers or to override information on those servers. Anti-spyware software uses the file to block the bad guys.

The original hosts file is about 1k in size or may not even exist. The file can be found here:

WinXP – Win7: C:\WINDOWS\system32\drivers\etc\
Linux: /etc/
MacOS: /private/etc/

My hosts file is about 260k now. On Windows there are issues with making changes to the file. Trojans and viruses love to make entries in the file to misdirect one’s computer. So, the file is usually owned by and changes restricted to the computers’ administrator. So, if you find you do not have permission to make changes to the file, log on as the computers’ administrator.

You may also have to open the hosts file’s properties and change the read-only attribute. Navigate to the file: Start->Computer and drill down to the location. Right click on hosts and select Properties. At the bottom of the panel is the Read-Only attribute. Uncheck it. Make the changes. Come back and turn it back on.

The change you need to make is to add these lines to the file.

# — RedZone Blocking
127.0.0.1 isellsl.ath.cx
127.0.0.1 isellsl.com
127.0.0.1 zfire.isellsl.com
127.0.0.1 girlsofthevip.com
127.0.0.1 hamlinpro.com
127.0.0.1 syscast.net
127.0.0.1 media.syscast.net
127.0.0.1 apache2-blow.port-au-prince.dreamhost.com
127.0.0.1 quickware.net
127.0.0.1 quickware.zapto.org
# — End RedZone

The ‘#’ denotes a comment and is optional. You probably should make a backup of the file. Save a copy using a different name, may be something novel like hostsbackup.

Copy and paste the text into the file. Where is not overly important. I suggest you paste it ahead of the Spybot or other malware entries. You may see comments and examples at the beginning of the file. If so, paste these lines after that. Do NOT paste these lines within a block of the malware entries. If you do, they may be overwritten in the malware software’s next update. Wherever you put them, they work.

Save the file after you make changes. Reset the Read-Only attribute.

This should protect one from both RedZone, Quickware, and CDS. Until they change their software and use other domain names. We have to rely on someone to check the outgoing communications on viewers to see what we are sending where. Or do it ourselves, which is way too geeky.

Settings Blocking

Another helpful block is to turn off media in your Preferences. In Me->Preferences->Sound & Media uncheck Streaming Music and Media.

I have these on in my primary avatar… which may not be that smart. But, I like music. But for my alternates I disable those. I use alternates when testing new viewers I don’t completely trust.

Additional Blocking

The IP Addresses for these domains can also be blocked. One can look up the addresses using NSLOOKUP on Windows. Open a command line, type nslookup and press enter. Type in the domain names to get the IP Addresses. Use the icon in the upper left (right-click) of the Windows command window to do copy/paste.

76.104.212.177  = isellsl.ath.cx
184.82.109.195  = isellsl.com
184.82.109.195  = zfire.isellsl.com
76.104.212.177  = girlsofthevip.com
76.104.212.177  = hamlinpro.com
?                            = syscast.net
69.163.231.197  = media.syscast.net
69.163.231.197 = apache2-blow.port-au-prince.dreamhost.com

One needs to enter these IP Addresses into their firewall settings. ESET Anti-virus users will find the list of HTTP addresses that can be excluded from virus checking and those to be blocked. Be sure you get the correct list.

To remain protected one would need to check these values every so often.

Summary

We are still seeing people miss using our world. We see that in all online applications. One of our problems is in thinking others are responsible for our safety and privacy. Governments, banks, games, and certainly Linden Lab are slow to respond to these issues. CDS/Onyx has been around since 2009 and one can still find it in the Market Place. Privacy and safety are our personal responsibilities.

It has taken the Lab some time to respond to RedZone. And the response is particularly weak. The RedZone scanners can still scan and collect information. The only change is in publishing the information. That action decreases the visibility and makes the RedZone blocker of less use to stalking griefers, but it does not protect your information nor address the ToS violations from collecting the information.

Linden Lab and others have yet to understand the problems of privacy. I suppose even more important is that most users seem to not understand privacy and how exposed they are. The hundreds of millions of Facebook users certainly do not seem to have figured it out. Criminals now use Facebook to case residences and businesses for robbery by using the geo-location data many cell phones put in images… and people happily posting they are going on holiday for a week.