Anatomy of a scandal
August 24, 2010 4 Comments
I know that the only thing sadder than blogging or tweeting about an inconsequential internet phenomenon is blogging about people who blog or tweet about an inconsequential internet phenomenon, especially one as five-minutes-ago as “Emeraldgate“, but this is exactly the sort of thing that we live for here at SLS, and I’m hardly going to pass up the chance get all pseudo-intellectual on the topic.
What was it about this issue that elevated it above the usual Second Life drama, and made it the talk of the virtual steamie for a day or two? I think it was down to a combination of the nature of the tale, and the characteristics of the audience.
The story itself was serious enough that people could be bothered commenting, but not so serious that they felt obliged to think much about their comments; the perfect recipe for a froth of instant opinion. The technical level was just right; the average reader understands enough about terms like emkdu and DDOS to grasp that something is amiss, but not enough to really quantify the risks involved, producing a haze of uncertain anxiety. Then there was the Woodbury sub-plot, and the allegations of Linden collusion, which added another layer of conspiracy theories (all that was missing was the JLU). Perhaps most importantly there were enough angles to allow people to use the story as a hook for their characteristic preoccupations; thus Pixeleen was able to reprise her Woodward & Bernstein act, and Prok could roll out another semi-coherent rant about… well, I’m not sure to be honest, the evils of opensource software I think. I of course am free to produce another batch of our trademark psychoanalytical posturing.
For the real secret of the story’s success lies buried in the collective unconscious of the Second Life blogosphere. We are suckers for this sort of paranoia-inducing narrative because it appeals to our narcissism, both on a personal level – how flattering to think that someone has gone to all this bother to track our virtual lives, or that the FBI will chase us for being accessories to cyber-terrorism – and in relation to Second Life itself, which we imagine is as important to the rest of the world as it is to us. The reality of the situation – that no one cares what our avatars get up to, or what our real-life identities are, and that this saga is of no interest to anyone outside of our obscure little garden – is rather less compelling.
Naming this episode “Emeraldgate” only emphasised the preposterousness. Most SL residents are probably too young to remember the Watergate scandal, which involved the President of the United States being forced to resign after being exposed as a crook who had subverted the Constitution, a notable affair by any standard. By contrast, these shenanigans have not, as far as I can tell, caused anyone anything more than mild inconvenience, and are unlikely to be the subject of an Oscar-winning film any time soon.
That said, the story has not been unamusing, and, as a piece of harmless entertainment, it has been quite diverting. Readers may recall that a couple of months ago I made the claim that, occasionally, the Second Life meta-narrative could “[come] together to produce an instant of dream-like clarity that makes the whole project seem worthwhile”. Well, the tale of the Emerald development team’s nefarious activities is just what I was thinking of. Only Second Life, with its unscripted nature and disparate cast, could produce a story like this, and if I were in charge of the Lab’s publicity department I would be using it as an example of the potential of the platform. Something tells me that’s not going to happen though, which is a shame, because without the storytelling element Second Life wouldn’t be half the fun it is.
Second Life Shrink 
Nice analysis of the psychology behind this recent affair.
Also, there’s actually a pretty rich history of scandals with the “-gate” suffix. See wikipedia: http://bit.ly/bplqfc
It’s an interesting theory that the application of “-gate” terminology to increasingly trivial scandals over the years is all part of an effort by the conservative media to rehabilitate Nixon, by suggesting that Watergate was just a minor indiscretion.
As a corrective to this I’d recommend reading Hunter S. Thompson’s obituary of Nixon He Was a Crook.
“The technical level was just right; the average reader understands enough about terms like emkdu and DDOS to grasp that something is amiss, but not enough to really quantify the risks involved, producing a haze of uncertain anxiety.”
Hmmm… that sounds kind of harsh to me. Why are you so annoyed? Oh, I understand, they must not teach you what a packet is in psychologist school, right? That’s ok, nothing to be ashamed of. [begin Austrian accent] It’s perfectly natural to not know what is going on when you have been used by people you trust. [end Austrian accent] Here, let me explain.
I calculate roughly 4.2 TB of stolen data transfer is involved, total, with potential damages of over $700 for the targeted blog owner. My numbers are here, if you want to check them: http://pastebin.com/m0cm0W0a
BTW, those numbers are technically theoretical. The only way to KNOW for certain how much transfer was involved would be to get the server records. This was the best I could do with publicly available information.
Emerald betrayed their entire user base, using them as pawns in some battle against an enemy whose only crime was that he revealed that the Emerald team was in violation of the TPV policy. Secretly publishing the file path on their skin for the world to see is illegal under the TPV policy. In the process of getting revenge for being exposed, Emerald stole bandwidth from their users and from Hazim. The attack went off every time Emerald was opened during that time period. Contrary to conventional wisdom, the iFrames actually loaded as soon as the background image loaded. It did not wait for a login to launch the attack on iheartanime.com
Bear in mind, these and a million other things the emerald team does constantly, every day, flies in the face of the TPV policy. Many devs went to great lengths to make their viewers TPV compliant, only to find out later on that all that work was for nothing, because LL is not enforcing their TPV policy. Some, like Boy Lane, quit development all together, only to find out that LL isn’t enforcing it anyway. Only Emerald seems to have had knowledge that LL would not be enforcing the new policy, and they have taken advantage of it to expand their market share.
So, yeah, it is a big deal, and no, I am not having any problems quantifying any of these risks. You are simply in denial.
If you do not think this is a risk, then think about how you would react if somebody did that to your blog. For one thing, Google would probably read such activity as click fraud and drop you from their listings.
Actually I went to medical school, but you’re right, coding wasn’t a big part of the curriculum. We did learn something about decision analysis though.
The dilemma facing an Emerald user is how to make a rational decision about whether or not gaining access to the features of the viewer is worth taking a chance on any potential downside.
I’m sure that your figures are accurate, but they are not entirely pertinent to the question in hand, which is not “Are the Emerald developers shady people who do bad things?” but “What are the chances that the Emerald developers will do bad things to me?”
Even if we conclude that the answer to the former question is “yes” it’s still likely that the answer to the latter is “not much”. The mere fact that they might be capable of linking my avatar to my IP or whatever doesn’t mean they are going to bother doing it, because they have no motivation to do so, because no one is particularly interested in my virtual activity.
The way the issue has been presented obscures this though, by focussing on the presence of risk without making any attempt to quantify it. In these circumstances people don’t have enough hard data – figures like the percentage of users who have been compromised, and their actual losses – to make an informed choice, and I would suggest, are liable to overestimate the risk they personally face, because of the natural human tendency to assume (usually erroneously) that one’s secrets are special enough to be worth stealing.
It will be interesting to see whether people do abandon Emerald, even though there doesn’t appear to be any rational reason to do so. My theory is that they will, because I think that Second Life residents are generally predisposed towards narcissism, but I may be wrong.