Feeds

Are you virtually safe in virtual worlds?

Should you care?

The Power of One Brief: Top reasons to choose HP BladeSystem

Editor's blog We all know about the risk of identity theft in the real world, or we should know about it. But what about the virtual world?

Holger Wandt of Human Inference, a specialist in natural language processing to remove errors and duplicates from real world datasets, recently raised an interesting question concerning personal information in the virtual world.

"The average consumer feels their personal information should be stored correctly, securely, and reliably; but how does the same consumer feel about his or her data in community networks, such as the phenomenally popular Second Life?" Wandt asks. "Will we be recording 'virtual' information as well as ordinary personal data in future? And will we then proceed to link this data?"

There are many ways of using (or exploiting) data, some far from obvious.

Let's think about virtual communities such as Second Life. Could they perhaps compromise your identity? Would your Avatar leak information that could be used to steal your real world identity if asked for it by a particularly interesting – or sexy - virtual being? Are you, perhaps, less cautious in a virtual world?

Wandt takes this issue altogether more seriously than I might have done – and he may well have a good point. "What makes Second Life special is that this virtual world deals in real money," he says. "It has a completely integrated economy, in which craftsmanship, risks, and innovative ideas are rewarded. The inhabitants create their own virtual products and services and earn Linden Dollars, a virtual currency, which can be exchanged for American dollars through the LindeX currency exchange.

"In 2006, Second Life's gross national product was $64m. It is therefore not surprising that it is becoming increasingly attractive for companies to appear in Second Life. Philips, Reebok, Nike, Coca Cola, Toyota and Adidas have already created virtual sites where people can see and try out their new products. However, the interesting question is whether these will be limited to feedback for product innovation. How does Second Life [or these commercial companies] use the data from community members, and how safe is the data actually?"

Virtually Private

Screenshot of 2nd Life Privacy Policy.The first article in the Linden Lab Privacy Policy states: "We collect personal information and usage statistics to maintain high-quality customer experience and deliver superior customer service."

Wandt says this is a fairly generic statement, which can be interpreted in many ways. He goes on to say: "This is essential, because the company understands its commercial success extraordinarily well and explains to the potential participant what information will be used in what way, and how it could be made accessible to third parties.

"When registering the user decides on his/her first name and chooses a surname from a dropdown menu. The list of possible surnames is culturally very diverse. You can state your preference for names like Abdallah, Delgado, Gao, Ivanova, Izumi, Kovacs, Lehmann, Xingpeng, Young, and Zwiers. One can only speculate about the reasons for such a list, although it is likely that a user would tend to choose a name that resembles his/her own name and/or fits into his country of origin [so you might be able to obtain more information, in aggregate at least, than the user intends to give away].

"A date of birth (that is also used for verification if a user forgets his/her password - users are encouraged to use their own dates of birth) and an email address are also requested to complete the registration. Linked to the user behaviour in the community, this data provides a wealth of information for any company. The registration is also linked to an IP address, leading to speculation about the linking of virtual data with real personal data."

Of course, Wandt doesn't want to suggest that Linden Lab is involved in fraudulent, or even undesirable, practices, merely that the digital identity of consumers is closer to their real identity than they might think.

Big Brother or big reality?

Wandt then gave an example of the ease with which a real identity can be converted into a digital identity by someone you'd expect to be able to trust, and then misused - in the recent judgment against the owner of the New York company, Compulinx.

"When choosing his favourite victims this director stayed close to home and concentrated on his own employees. He used their identities to negotiate loans or make credit card applications. Together with his cousin, the fraudulent CEO made over one million loan requests in the names of the 50 employees in his company. The director was sentenced to 165 years in prison and given a fine of $5.5m. His cousin faces a possible 35 years in prison and a fine of $1.25m.

"This is certainly another of those notorious 'American cases'," Wandt admits, "but it does demonstrate that Big Brother (as in the concept described by George Orwell in his book 1984 and not the reality TV programme) is more of a reality than many might think. Personal information is indeed the most valuable information we have.

"Certainly, Second Life, and online communities more generally, raise the question of data quality in the virtual world," Wandt claims. "If 'virtual' data is tied closely to real data what are the risks? What protection should be put in place and how do organisations go about ensuring that data is correct? With identity theft a growing phenomenon in the 'real' world – how long before it becomes so in the virtual world, costing both real and virtual money to business and people alike?"

I don't have the answer – I certainly don't fancy the idea of a 'virtual police force' in cyberspace (I've read too many Judge Dredd comics; and suspect that many policemen – or home secretaries - might fancy the Dredd role).

But once Wandt has raised the issue, I'm rather more nervous than I was before. It seems to me that, in all forms of "social computing", the human issues around privacy, bullying, and the theft or manipulation of personal data are going to be far more important than the technology issues the vendors tend to bang on about. ®

Securing Web Applications Made Simple and Scalable

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.