Many SL Residents have asked why we opened registration to allow new accounts to be created without payment information, and now that we have, what we are doing to make sure that we enforce the Terms of Service. Especially, there has been much concern about making sure teens are limited to the teen grid and adults remain exclusively on the main grid. In addition, there's the issue of account anonymity and related griefing potential. At Linden Lab, we have been wrestling with the complexity of these issues and are taking steps to address the concerns.
We opened registration because the requirement to add payment information was causing a substantial number of people to withdraw from the sign-up process without completing their registration. Some of these people probably just didn't want to give credit card information on a website where they didn't expect to be spending money (it's a free account, after all!). But there were also others who were stopped in their tracks even though they wanted to continue -- people outside the US, for example, who use debit or prepaid payment systems.
To understand the magnitude of this problem, consider that after opening registration the ratio of international to US registrants changed from 25/75 to 50/50. So it wasn't just a question of increasing numbers, but of making sure that Second LIfe is accessible to a broad range of diverse individuals. In other words, there are problems but also opportunities inherent in opening registration. So it makes sense to find a way to address the concerns rather than go back to registration as it was.
New Terms of Service and Privacy Policy
With the mandatory release now scheduled for tomorrow morning (1.10.5(1)) you'll be asked to agree to a new Terms of Service, which references revisions to the Privacy Policy. The changes include notification that we will be using various means of hardware identification when you install Second Life, and that we will be displaying information to others about your account. Here's the specifics of what this all means:
Hardware Identification
The Privacy Policy now points out that if you install Second Life software we'll be collecting information about your computer. The point here is to allow us to verify a unique identity and therefore better contain griefing by multiple accounts from one system. This information will not be available to non-Linden employees, and will only be available to Linden employees in an encrypted ("hashed") format.
Account Information in Profile
We currently include information about your account in your Second Life profile, including your account name, age, and type (e.g. Lifetime, Resident, Charter). Beginning with tomorrow's release (1.10.5(1)) we will also identify your account as being one of three types:
No Payment Info on File - account was created with no credit card or Paypal
Payment Info on File - account has provided a credit card or Paypal
Payment Info Used - credit card or Paypal on account has successfully been billed
This information is being provided so that other Residents will be able to see what degree of commitment you've made to the Second Life community, at least as it's expressed in your willingness to provide us with payment information. Please be assured that we will not be releasing any real life identifying information such as name, address, credit card or bank account details.
Future releases of Second Life will allow Residents to decide if they want to allow accounts which are essentially anonymous (no payment information given to us at registration except email address) to access their parcel.
Changes to Teen Grid Registration
Anyone whose birthday indicates they are between the ages of 13 and 17 is invited into the Teen Grid. Although there is currently no perfect way to verify that someone is the age they give us, we want to make sure that the teens on Teen Second Life can be confident they are dealing with other teens, and not with adults who do not belong on the grid. Therefore we are reinstating the payment information requirement for anyone entering the teen grid. In addition, we will be posting a warning to anyone entering the teen grid who is in fact older than 18, and misrepresenting their age to us. That warning states:
"Warning to adults: Teen Second Life is a service offered to minors only. If you provide false birthdate information in order to access Teen Second Life, Linden Lab may provide your personal information to any law enforcement organization or private litigant investigating your activities."
These are initial steps we are implementing immediately to ensure that Second Life is as accessible as feasible world-wide and that Residents can be confident they won't be subjected to conditions that compromise the integrity, safety and decision-making integral to it being an enjoyable experience. Above all, we intend to continue to make the Teen Grid an exclusive teen world that is clearly demarcated and protected from inappropriate adult behavior.
Thanks for adressing these issue, I know that many people (including myself) have serious concerns about the open registration process but these help aleviate my conerns a little. Just a question though, is there a timeline for the implementation of parcel access maangement based on information status, and will that ever be extended to cover only people who pay the $9.99 monthly fee (which would be a big mistake I think) or not? thanks.
Posted by: Gordon Wendt | June 27, 2006 at 10:56 PM
Most of this sounds good, but what Oh! what reservations I have when reading the teen/main point: won't this see many, many teens now skip straight to the easier-to-register-for main grid instead of Teen SL? Lieing about your age for immediate anonymous fun seems so much of a better option than having to explain to your guardian why you want to feed their credit card number into a web site.
Posted by: Adam | June 28, 2006 at 12:30 AM
I understand your concerns to verify certian info. However relasing this info to the public however, not detailed invites hackers to azttempt to hack accounts to steal credit card info. labling these people as credit card holders makes them vulnerable to these issues. Only linden labs should be privy to such info.
Posted by: touchahoney Perhaps | June 28, 2006 at 12:33 AM
Pathetic. Call that a solution? Turning the client into spyware? It's amazing just how fucking dumb LL manage to be day in, day out.
Posted by: Kris | June 28, 2006 at 12:37 AM
It is not wise to let others know which accounts have credit card info. While the intention is good, it does identify viable targets and is not what the residents desired when they signed up for the service.
Perhaps the anonymous accounts can come with a 30-day "try it and add credit card info if you want to stay" method? That way, no one is identified by type and guests can see if they want to participate in the membership program, even at the free basic membership.
Posted by: Lyr | June 28, 2006 at 01:03 AM
Adam, I agree with you on that point.
Touchahoney: Before a few months ago, *everyone* on SL had to have a credit card, and any hacker could have targeted any account and gotten info. This change would only let them know who not to hack.
Kris: Sending hashed hardware signatures doesn't count as spyware - no personally identifying information is sent to LL, the only information they could tell from this is what accounts are being accessed from any given computer, which is really nice for linking griefer accounts, and doesn't negatively affect anyone else.
Posted by: Anonymous Coward | June 28, 2006 at 01:05 AM
Adam is absolutely correct....releasing credit card information, no matter HOW little detail, into your profile is an extremely ignorant move...._especially_ just "to show residents how much commitment a citizen has made to the SL community" ....WTF!
Posted by: Rich | June 28, 2006 at 01:09 AM
I think people are misreading what Robin said: you won't get any information on what credit card/PayPal account you used when registering, just that LL has that information on their files.
After all, we have currently 250,000 validated users, with exactly that type of validation (and perhaps 50,000 without any validation whatsoever). "Validation" does not mean "information"; no hacker will benefit from that "bit of information", since there is really nothing that is displayed!
Rich, I understand that you don't view "commitment to the SL community" equating with the willingness to pay for the service you use every day. Well, actually, I agree to a degree :) Commitment to the community is not the same thing as commitment to LL :) I personally have both types of commitment — in the sense that I recognise that there can't be a "SL" without a profitable LL to run it — and thus, on my 3rd day in SL, I've "upgraded" to a lowly Premium account with just a 512 m2, which I don't even use, since I only rent land. But I did it like I do with all software I like — contribute towards the running costs of the company, to encourage them to continue the development. But this is just an ethical/moral issue, not one "rule"; nobody is required to pay just because they feel they're helping out LL to improve their software; and actually, 85% or so of all SL users don't feel any moral urges to pay for a software they use. I'm all for creating mechanisms where people are encouraged to pay because they see some sort of benefit in it (where morals fail, setting a value to things is usually the best approach to getting payment :) ).
Robin, I'm glad LL is doing this change, specially, falling back on the need of providing a valid registration on the Teen Grid, although many will still feel uncomfortable with the idea that teens will continue to lie about their age to enter the Adult Grid, where no validation is required. At least, the Teen Grid will continue to be a safer place; the issue will remain unsolved on the Adult Grid, however.
Have you any plans of at least introducing the limitation that unvalidated accounts are unable to enter any Mature areas? While this won't be the "optimal" solution, at least it would allow two things:
- People would still be able to log in, and not all those people are interested in adult content (yes, how strange that might sound, many people are perfectly happy to stay on PG areas ;) ). Thus, that would not stop "hordes of users" logging in, like it's happening at the moment, and very likely it would encourage a lot of them to upgrade to Premium, which would finally get some real encouragement: getting access to *all* areas of SL for as little as US$6 a month.
- Minors lying about their age would at least be restricted to PG areas. While this is naturally not ideal — we all know how often people don't care about being on PG areas, but at least that is covered under ToS — it's a first step. Many minors log in to the Teen Grid and are disappointed in the lack of content there. By coming into the Adult Grid, they would see themselves locked to big part of the grid — and eventually go back to the Teen Grid, where they wouldn't have any restrictions. I assume, though, that having 1000+ PG sims to explore would still make many to stay at the Adult Grid...
Next question: are you planning to introduce additional forms of validation that do not require a credit card or a PayPal account? I've browsed a bit on the 'net just to see what is available, and there seem to be some systems similar to notary publics, where people would be able to provide IDs and get a digital certificate in return. Verisign and Thawte use a similar system for their digital signatures. If you go your own route of ID certification, you also create a "web of trust" — companies and individuals working on a "validation network", that would be certified by LL to accept IDs and provide a valid certificate to end-users according to some procedures established by you. Of course, this means getting rid of all anonymity in SL, which would be a shame, and if some people are reluctant to use their credit cards to provide identification, they will be even more reluctant to provide real IDs (even to 3rd parties in their own countries...), but it's another possible alternative for validation without a card.
Still, it's best to have something than nothing at all, I guess. I understand perfectly that you need to grow much faster — and beyond the US space as well — and that the registration process was indeed a stumbling block for many people, who simply didn't trust LL *not* to charge them anything when they presented their credit cards. I just wish that there were other ways.
FYI, I'm registered at many adult sites with highly mature content. None ever asked me for a credit card (except to access special services which I don't need) or any other means of validation. I don't have the slightest idea on how they keep minors away, but you should investigate their techniques. And rest assured that the content there is far more "dangerous" to minors than SL...
Posted by: Gwyneth Llewelyn | June 28, 2006 at 01:40 AM
i think ll is doing a great job and the modifications are a brilliant idea and those who think just displaying some info makes you more targetable then you are nuts your on the internet your all targetable dos not mater whether you hide it or show it if they want to find it they will no matter what you do you can only try you best to secure it and that's what they are doing as for spyware don't be daft two completely different things they are using a way to identify the user pc and user account not throw web pages and spam at you come on be serious. at the end of the day they can only try see how it works then pull it if it dos not work trial and error its how the world works learn from the past and all that stuff lol
Posted by: robert omegamu | June 28, 2006 at 01:41 AM
If the status of whether you have a CC (Credit Card) on file (even if you are using a "free", CC and free just do not go together, account), is going to be avaiable to all, then I can see that info being abused, and used as a form of discimination against non-US people, or any security concerned person (if you provide your CC to any "free" site, then I have a few web sites to show you, and a bridge or two ;-)
If the state of your CC info is going to be available, then it needs to be CLEARLY visible when it is used to discriminate, maybe a warning presented to the user that person X has looked up that info (same for banning on land). At least that way it is clear that the person is using the information in some way.
Posted by: Daniel | June 28, 2006 at 01:52 AM
Why not just put "Validated" or "not validated" as the info instead of "payment information on file"....I mean..validation is a little broader and could include basic accounts validated through a cellular phone (if LL still uses that method :P). It becomes less about payment and more about whether the user has taken steps to prove his or her identity.
Posted by: Nalirra | June 28, 2006 at 02:09 AM
Robin,
I realize this is off topic but a remark in your commentary reawakened an old question I had been asking for a long time. You stated "We currently include information about your account in your Second Life profile, including your account name, age, and type (e.g. Lifetime, Resident, Charter)." I am once again asking about the Lifetime designation in profile.
When we purchased the lifetime memberships it was promised that our profiles would state "Lifetime" membership in the account type. Unfortunately this was never actually done. Your memory is correct when you state the profile should include lifetime as an account type and I would really like to know why it was never actually done for the lifetime members. The only two account types listed in the profile now are Charter and Resident; the promised Lifetime account designation is missing.
I asked about this many times after purchasing my lifetime account in 2003, and then into 2004, and never received a reply. Would you mind looking into this and perhaps correcting this oversight for the longterm SL Lifetime members?
Thanks, katykiwi
Posted by: katykiwi Moonflower | June 28, 2006 at 02:13 AM
All the labeling of accounts just makes a type of class system that does nothing. Why not impliment a payment program that folks in Europe and Asia can use? Seems that every time LL makes a policy change it's drastic.
You guys (LL) really are exposing yourself to lawsuits. Kids have no place in SL, teen grid is a joke and should be closed down. Age verification needs to be implimented to protect LL and their long time residents.
Does LL have legal council?
Posted by: plexreticle | June 28, 2006 at 02:47 AM
I do not agree with the above changes at all.
While I understand that ANYONE who uses the internet is vulnerable to hackers etc I think anything that *flags* you so to speak, to the public as someone who specifically uses a Credit card or Pay pal isn't a smart thing to do.
Also, using hardware & other means to decide where an account or accounts are logging in from isn't necesarily the key to figuring out griefer accounts either.
Many INDIVIDUAL people use Shared PC's to log into SL. So if someone who lives with me, Visits, or works with me & uses the same pc and/or internet connection to log into their SL account & they do something they shouldn't does that mean MY account is at risk for being suspended or banned?
Just because multiple accounts possibly log in from the same places doesn't make them all the same person logging them in.
Also think LL should bare in mind how easy it now is to create an account using someone else's name & other information.
I really don't feel that either of these "solutions" resolves anything at all.
Posted by: Malana | June 28, 2006 at 02:56 AM
Just remembered something else. Since your web designers are tweaking the registration page, couldn't we have also a reminder on that to alert people that they cannot change their avatar name once they pick it, since it will be tied to their in-world identity forever? Many people don't have the slightest idea that their name will be "fixed" forever, and also, this would re-inforce the notion of "you're being tracked so make sure your registration data is correct".
Also, you should have a better way for people to be able to resubmit their identification data. I've changed my home address quite a while back, and the only information I had was that I should send an email to to request the change, but I don't know if that information was ever received — or changed! Perhaps an interesting possibility would be to show all that data on the account page, but have it read-only, and use a form-to-email thingy to alert that a request for changing this information is pending (10 minutes of web development time :) ).
Just some thoughts — marginally related — but I have yet failed to see a "social site" where people couldn't see the information they've submitted online to the company. Actually, European law mandates this, although a request to to get that data pasted back on an email would suffice for compliance. It's just an extra burden on your staff to do it manually :P
I'm eagerly awaiting resident #300,000 to log in today :)
Posted by: Gwyneth Llewelyn | June 28, 2006 at 03:47 AM
Oops. Seems that this blogging engine ate up the email address I wrote above to indicate where one should send requests for changing their registration. It's [email protected]. Sorry about that :)
After reading some more, I agree with all who have submitted the idea that the only information displayed on a profile should be simply "Unverified User", "Validated User", "Validated and Paid User" or whatever similar names your marketing team comes up with, without any reference to the way a user has been validated or paid for their account.
Posted by: Gwyneth Llewelyn | June 28, 2006 at 03:53 AM
Couple of comments. While the unique computer information collection may not be a form of spyware, I still struggle to understand the value of collecting this information. The stated benefit is "The point here is to allow us to verify a unique identity and therefore better contain griefing by multiple accounts from one system." This statement makes me wonder...is there a significant problem of people griefing with multiple accounts? Then of course what of the situations where several people share the same system (i.e. family computer, husband and wife, couples, etc)? Same computer, different accounts...will those accounts now be forced to grief with a single voice? I'm not convinced the intention of computer information collection is for "unique identification." The approach is flawed and will more than likely raise suspicious of SL residents.
As for the statement of CC information in your personal profile. I agree this statement does NOT make you any more vulnerable to attacks for CC information than you currently are. Only until recently everyone had a CC on file with SL. If someone wanted that informaion, then they only needed to target anyone in SL. Simply put, you will be no more vulnerable to attacks today than yesterday.
What will really happen by stating the CC status in the personal profile is just what a someone already mentioned here: discrimination. I'll admit it. If someone doesn't have a CC on file, then they won't be allowed on my parcel of land. Furthermore, I will be suspect of socializing with anyone that does not have a CC on file as I will immediately suspect that they are a minor or masquerading as someone or something that they are not. Now, don't freak out, I understand that even with CC on file today, people still could be minors and masquerading as someone or something they are not. Now, however, the lack of a CC on file makes it much easier to spot such people, which begs the question: "Will this actually create a lesser class of SL citizens?" I've made my intentions clear. I will be practicing a bit of discrimination based on this information. But I am only one of many. What will everyone else do?
Finally, I welcome the display of CC status in a personal profile; however, I just wonder if there wasn't a better way. Someone suggested a free 30 day trail membership. After time expired you would have to provide your CC information. Not a bad idea. Not perfect but not entirely bad. I'll admit, I came to SL because the initial account was FREE. I had wanted to try Everquest and WOW but stayed away because I didn't want to make a monthly subscription commitment. I tired SL and loved it and within a few weeks upgraded to the premium account. Basically, the idea of some sort of "try-before-you-buy" approach might address the CC status issue better. I don't have any answers, just throwing that out there.
Posted by: Jax | June 28, 2006 at 04:45 AM
I'm very concerned that you are creating a society that is further stratified and more tightly ruled by elites. By enabling the ability to mass-ban people merely on their class status of "unverified" or "semi-verified" and making only participation in commerce a qualification to prove "commitment to SL," LL is introducing a very rigid caste system. It's not a Better World, it's a Worse World.
You're also no doubt indicating that you will be more vigorous about grabbing the IP addresses. That means that family members or neighbours accessing the same computer could be harassed by Linden bureaucrats who will not ever answer support@ Instead of actual griefers being targeted, these types of accounts will be targeted merely because they're there to be targeted and some supervisor will be tasking staff to show "results".
I'm glad there are open accounts with less hurdle for foreigners. I don't understand why, if a teen signing up for the teen grid has to click "yes" that he understands the consequences of not really being 13-17, that people signing up on the adult grid don't also have a simple click-through to a "yes" that they acknowledge that they are at least 18 or over. It's odd. All the adult-type sites have this on the Internet.
You keep reaching for hardware and technical solutions to social problems. The incidents of griefing are definitely increased, and definitely target the same hardspots, but you need a wider variety of policies to deal with this.
One is to stop the celebration of guns and shooting that you're doing across SL constantly, even though this isn't a game, and it isn't set up to accommodate the desire for FPS type activity.
Another is to bolster the police blotter to show more incidents, keep a memory longer than a week, be searchable, and also have the names of perpetrators AND those who press charges against them and the Lindens prosecuting the case.
Posted by: Prokofy Neva | June 28, 2006 at 05:11 AM
No verification system is perfect, no matter what is put in place people will find a way to misuse it. My RL job involves keeping minors off our gaming services and also spotting fraudulent accounts and transactions is a daily thing.
Robin, thank you for your post, clarifies a lot of my questions as to how you were planning to implement these changes. I personally think something a bit less cumbersome as a rider (for instance Silver, Gold and Platinum) might be a little bit better from the Customer Service point of view :)
Posted by: Cherry Czervik | June 28, 2006 at 05:12 AM
btw, Datacollection of Hardware is in many Countrys here in Europe against the Law.
THIS means in all Manner...
Posted by: Lecina Enigma | June 28, 2006 at 05:12 AM
Thanks for the update. The addition of account verification to the profile in todays update is useless without the tools to make use f the information.
The problem of the free accounts is still there and causing me and my friends alot of grief. Every day for the past week we have had various new accounts walk in our houses and shoot us or ask for free items etc. This rarely happened before open registration.
We need the tools now, actually we needed them before LL made the changes.
Doing things in this order shows no consideratin is given to your paying client base. We are cnsidered a given and no need to worry about us first.
I am curious to see how long it will take before LL rolls out some usefull tool to help us deal with this screw up.
Posted by: Karmianna Hartunian | June 28, 2006 at 05:51 AM
Robin, can you tell us exactly what hardware information will be collected? Thanks!
Posted by: Mark Wallace | June 28, 2006 at 06:12 AM
Robin,
Thank you very much for this clarification. It would have been nice if this had been done before the account verification change was made, but better late than never. I'll give the changes a month or so to settle in, then I should be able to let my kids back in Teen SL.
Regarding privacy issues, folks, your IP addresses are collected everytime you browse a web page. There's a bit more info being collected here, but no more than is gathered when you download a free 30-day trial of a Macromedia product.
Regarding tiered citizenship, I don't plan to discriminate based on verified status, only on behavior. If you're worried about discrimination, don't practice it.
Best regards,
neko
Posted by: nekokami dragonfly | June 28, 2006 at 06:17 AM
Oh and Do not forget we have FLEX PRIMS now.
Posted by: Karmianna Hartunian | June 28, 2006 at 06:52 AM
I don't think many of you understand what it is they're doing. As Robin stated the hardware information they are collecting is coming to them in the form of an encryted hash, they will NOT be looking at your system information. This kind of protection is used all the time in music recording software. Basically they use your hardware configuration as a sort of fingerprint as the likelyhood that two computers are using identical hardware is small. In essence a griefer could make mulitple accounts but if he's using the same computer all his accounts will be flagged immediately. I think it's a very good solution.
As for the hacking argument....I don't see how it's any more difficult now to go to any plot of land on the grid and see who owns it. That person will obviously have their CC on file with LL.
Posted by: Maximillion | June 28, 2006 at 07:08 AM