Feeds

Are you virtually safe in virtual worlds?

Should you care?

New hybrid storage solutions

Editor's blog We all know about the risk of identity theft in the real world, or we should know about it. But what about the virtual world?

Holger Wandt of Human Inference, a specialist in natural language processing to remove errors and duplicates from real world datasets, recently raised an interesting question concerning personal information in the virtual world.

"The average consumer feels their personal information should be stored correctly, securely, and reliably; but how does the same consumer feel about his or her data in community networks, such as the phenomenally popular Second Life?" Wandt asks. "Will we be recording 'virtual' information as well as ordinary personal data in future? And will we then proceed to link this data?"

There are many ways of using (or exploiting) data, some far from obvious.

Let's think about virtual communities such as Second Life. Could they perhaps compromise your identity? Would your Avatar leak information that could be used to steal your real world identity if asked for it by a particularly interesting – or sexy - virtual being? Are you, perhaps, less cautious in a virtual world?

Wandt takes this issue altogether more seriously than I might have done – and he may well have a good point. "What makes Second Life special is that this virtual world deals in real money," he says. "It has a completely integrated economy, in which craftsmanship, risks, and innovative ideas are rewarded. The inhabitants create their own virtual products and services and earn Linden Dollars, a virtual currency, which can be exchanged for American dollars through the LindeX currency exchange.

"In 2006, Second Life's gross national product was $64m. It is therefore not surprising that it is becoming increasingly attractive for companies to appear in Second Life. Philips, Reebok, Nike, Coca Cola, Toyota and Adidas have already created virtual sites where people can see and try out their new products. However, the interesting question is whether these will be limited to feedback for product innovation. How does Second Life [or these commercial companies] use the data from community members, and how safe is the data actually?"

Virtually Private

Screenshot of 2nd Life Privacy Policy.The first article in the Linden Lab Privacy Policy states: "We collect personal information and usage statistics to maintain high-quality customer experience and deliver superior customer service."

Wandt says this is a fairly generic statement, which can be interpreted in many ways. He goes on to say: "This is essential, because the company understands its commercial success extraordinarily well and explains to the potential participant what information will be used in what way, and how it could be made accessible to third parties.

"When registering the user decides on his/her first name and chooses a surname from a dropdown menu. The list of possible surnames is culturally very diverse. You can state your preference for names like Abdallah, Delgado, Gao, Ivanova, Izumi, Kovacs, Lehmann, Xingpeng, Young, and Zwiers. One can only speculate about the reasons for such a list, although it is likely that a user would tend to choose a name that resembles his/her own name and/or fits into his country of origin [so you might be able to obtain more information, in aggregate at least, than the user intends to give away].

"A date of birth (that is also used for verification if a user forgets his/her password - users are encouraged to use their own dates of birth) and an email address are also requested to complete the registration. Linked to the user behaviour in the community, this data provides a wealth of information for any company. The registration is also linked to an IP address, leading to speculation about the linking of virtual data with real personal data."

Of course, Wandt doesn't want to suggest that Linden Lab is involved in fraudulent, or even undesirable, practices, merely that the digital identity of consumers is closer to their real identity than they might think.

Big Brother or big reality?

Wandt then gave an example of the ease with which a real identity can be converted into a digital identity by someone you'd expect to be able to trust, and then misused - in the recent judgment against the owner of the New York company, Compulinx.

"When choosing his favourite victims this director stayed close to home and concentrated on his own employees. He used their identities to negotiate loans or make credit card applications. Together with his cousin, the fraudulent CEO made over one million loan requests in the names of the 50 employees in his company. The director was sentenced to 165 years in prison and given a fine of $5.5m. His cousin faces a possible 35 years in prison and a fine of $1.25m.

"This is certainly another of those notorious 'American cases'," Wandt admits, "but it does demonstrate that Big Brother (as in the concept described by George Orwell in his book 1984 and not the reality TV programme) is more of a reality than many might think. Personal information is indeed the most valuable information we have.

"Certainly, Second Life, and online communities more generally, raise the question of data quality in the virtual world," Wandt claims. "If 'virtual' data is tied closely to real data what are the risks? What protection should be put in place and how do organisations go about ensuring that data is correct? With identity theft a growing phenomenon in the 'real' world – how long before it becomes so in the virtual world, costing both real and virtual money to business and people alike?"

I don't have the answer – I certainly don't fancy the idea of a 'virtual police force' in cyberspace (I've read too many Judge Dredd comics; and suspect that many policemen – or home secretaries - might fancy the Dredd role).

But once Wandt has raised the issue, I'm rather more nervous than I was before. It seems to me that, in all forms of "social computing", the human issues around privacy, bullying, and the theft or manipulation of personal data are going to be far more important than the technology issues the vendors tend to bang on about. ®

Security for virtualized datacentres

More from The Register

next story
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.