Feeds

Are you virtually safe in virtual worlds?

Should you care?

Secure remote control for conventional and virtual desktops

Editor's blog We all know about the risk of identity theft in the real world, or we should know about it. But what about the virtual world?

Holger Wandt of Human Inference, a specialist in natural language processing to remove errors and duplicates from real world datasets, recently raised an interesting question concerning personal information in the virtual world.

"The average consumer feels their personal information should be stored correctly, securely, and reliably; but how does the same consumer feel about his or her data in community networks, such as the phenomenally popular Second Life?" Wandt asks. "Will we be recording 'virtual' information as well as ordinary personal data in future? And will we then proceed to link this data?"

There are many ways of using (or exploiting) data, some far from obvious.

Let's think about virtual communities such as Second Life. Could they perhaps compromise your identity? Would your Avatar leak information that could be used to steal your real world identity if asked for it by a particularly interesting – or sexy - virtual being? Are you, perhaps, less cautious in a virtual world?

Wandt takes this issue altogether more seriously than I might have done – and he may well have a good point. "What makes Second Life special is that this virtual world deals in real money," he says. "It has a completely integrated economy, in which craftsmanship, risks, and innovative ideas are rewarded. The inhabitants create their own virtual products and services and earn Linden Dollars, a virtual currency, which can be exchanged for American dollars through the LindeX currency exchange.

"In 2006, Second Life's gross national product was $64m. It is therefore not surprising that it is becoming increasingly attractive for companies to appear in Second Life. Philips, Reebok, Nike, Coca Cola, Toyota and Adidas have already created virtual sites where people can see and try out their new products. However, the interesting question is whether these will be limited to feedback for product innovation. How does Second Life [or these commercial companies] use the data from community members, and how safe is the data actually?"

Virtually Private

Screenshot of 2nd Life Privacy Policy.The first article in the Linden Lab Privacy Policy states: "We collect personal information and usage statistics to maintain high-quality customer experience and deliver superior customer service."

Wandt says this is a fairly generic statement, which can be interpreted in many ways. He goes on to say: "This is essential, because the company understands its commercial success extraordinarily well and explains to the potential participant what information will be used in what way, and how it could be made accessible to third parties.

"When registering the user decides on his/her first name and chooses a surname from a dropdown menu. The list of possible surnames is culturally very diverse. You can state your preference for names like Abdallah, Delgado, Gao, Ivanova, Izumi, Kovacs, Lehmann, Xingpeng, Young, and Zwiers. One can only speculate about the reasons for such a list, although it is likely that a user would tend to choose a name that resembles his/her own name and/or fits into his country of origin [so you might be able to obtain more information, in aggregate at least, than the user intends to give away].

"A date of birth (that is also used for verification if a user forgets his/her password - users are encouraged to use their own dates of birth) and an email address are also requested to complete the registration. Linked to the user behaviour in the community, this data provides a wealth of information for any company. The registration is also linked to an IP address, leading to speculation about the linking of virtual data with real personal data."

Of course, Wandt doesn't want to suggest that Linden Lab is involved in fraudulent, or even undesirable, practices, merely that the digital identity of consumers is closer to their real identity than they might think.

Big Brother or big reality?

Wandt then gave an example of the ease with which a real identity can be converted into a digital identity by someone you'd expect to be able to trust, and then misused - in the recent judgment against the owner of the New York company, Compulinx.

"When choosing his favourite victims this director stayed close to home and concentrated on his own employees. He used their identities to negotiate loans or make credit card applications. Together with his cousin, the fraudulent CEO made over one million loan requests in the names of the 50 employees in his company. The director was sentenced to 165 years in prison and given a fine of $5.5m. His cousin faces a possible 35 years in prison and a fine of $1.25m.

"This is certainly another of those notorious 'American cases'," Wandt admits, "but it does demonstrate that Big Brother (as in the concept described by George Orwell in his book 1984 and not the reality TV programme) is more of a reality than many might think. Personal information is indeed the most valuable information we have.

"Certainly, Second Life, and online communities more generally, raise the question of data quality in the virtual world," Wandt claims. "If 'virtual' data is tied closely to real data what are the risks? What protection should be put in place and how do organisations go about ensuring that data is correct? With identity theft a growing phenomenon in the 'real' world – how long before it becomes so in the virtual world, costing both real and virtual money to business and people alike?"

I don't have the answer – I certainly don't fancy the idea of a 'virtual police force' in cyberspace (I've read too many Judge Dredd comics; and suspect that many policemen – or home secretaries - might fancy the Dredd role).

But once Wandt has raised the issue, I'm rather more nervous than I was before. It seems to me that, in all forms of "social computing", the human issues around privacy, bullying, and the theft or manipulation of personal data are going to be far more important than the technology issues the vendors tend to bang on about. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
'People have forgotten just how late the first iPhone arrived ...'
Plus: 'Google's IDEALISM is an injudicious justification for inappropriate biz practices'
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.