Feeds

Are you virtually safe in virtual worlds?

Should you care?

High performance access to file storage

Editor's blog We all know about the risk of identity theft in the real world, or we should know about it. But what about the virtual world?

Holger Wandt of Human Inference, a specialist in natural language processing to remove errors and duplicates from real world datasets, recently raised an interesting question concerning personal information in the virtual world.

"The average consumer feels their personal information should be stored correctly, securely, and reliably; but how does the same consumer feel about his or her data in community networks, such as the phenomenally popular Second Life?" Wandt asks. "Will we be recording 'virtual' information as well as ordinary personal data in future? And will we then proceed to link this data?"

There are many ways of using (or exploiting) data, some far from obvious.

Let's think about virtual communities such as Second Life. Could they perhaps compromise your identity? Would your Avatar leak information that could be used to steal your real world identity if asked for it by a particularly interesting – or sexy - virtual being? Are you, perhaps, less cautious in a virtual world?

Wandt takes this issue altogether more seriously than I might have done – and he may well have a good point. "What makes Second Life special is that this virtual world deals in real money," he says. "It has a completely integrated economy, in which craftsmanship, risks, and innovative ideas are rewarded. The inhabitants create their own virtual products and services and earn Linden Dollars, a virtual currency, which can be exchanged for American dollars through the LindeX currency exchange.

"In 2006, Second Life's gross national product was $64m. It is therefore not surprising that it is becoming increasingly attractive for companies to appear in Second Life. Philips, Reebok, Nike, Coca Cola, Toyota and Adidas have already created virtual sites where people can see and try out their new products. However, the interesting question is whether these will be limited to feedback for product innovation. How does Second Life [or these commercial companies] use the data from community members, and how safe is the data actually?"

Virtually Private

Screenshot of 2nd Life Privacy Policy.The first article in the Linden Lab Privacy Policy states: "We collect personal information and usage statistics to maintain high-quality customer experience and deliver superior customer service."

Wandt says this is a fairly generic statement, which can be interpreted in many ways. He goes on to say: "This is essential, because the company understands its commercial success extraordinarily well and explains to the potential participant what information will be used in what way, and how it could be made accessible to third parties.

"When registering the user decides on his/her first name and chooses a surname from a dropdown menu. The list of possible surnames is culturally very diverse. You can state your preference for names like Abdallah, Delgado, Gao, Ivanova, Izumi, Kovacs, Lehmann, Xingpeng, Young, and Zwiers. One can only speculate about the reasons for such a list, although it is likely that a user would tend to choose a name that resembles his/her own name and/or fits into his country of origin [so you might be able to obtain more information, in aggregate at least, than the user intends to give away].

"A date of birth (that is also used for verification if a user forgets his/her password - users are encouraged to use their own dates of birth) and an email address are also requested to complete the registration. Linked to the user behaviour in the community, this data provides a wealth of information for any company. The registration is also linked to an IP address, leading to speculation about the linking of virtual data with real personal data."

Of course, Wandt doesn't want to suggest that Linden Lab is involved in fraudulent, or even undesirable, practices, merely that the digital identity of consumers is closer to their real identity than they might think.

Big Brother or big reality?

Wandt then gave an example of the ease with which a real identity can be converted into a digital identity by someone you'd expect to be able to trust, and then misused - in the recent judgment against the owner of the New York company, Compulinx.

"When choosing his favourite victims this director stayed close to home and concentrated on his own employees. He used their identities to negotiate loans or make credit card applications. Together with his cousin, the fraudulent CEO made over one million loan requests in the names of the 50 employees in his company. The director was sentenced to 165 years in prison and given a fine of $5.5m. His cousin faces a possible 35 years in prison and a fine of $1.25m.

"This is certainly another of those notorious 'American cases'," Wandt admits, "but it does demonstrate that Big Brother (as in the concept described by George Orwell in his book 1984 and not the reality TV programme) is more of a reality than many might think. Personal information is indeed the most valuable information we have.

"Certainly, Second Life, and online communities more generally, raise the question of data quality in the virtual world," Wandt claims. "If 'virtual' data is tied closely to real data what are the risks? What protection should be put in place and how do organisations go about ensuring that data is correct? With identity theft a growing phenomenon in the 'real' world – how long before it becomes so in the virtual world, costing both real and virtual money to business and people alike?"

I don't have the answer – I certainly don't fancy the idea of a 'virtual police force' in cyberspace (I've read too many Judge Dredd comics; and suspect that many policemen – or home secretaries - might fancy the Dredd role).

But once Wandt has raised the issue, I'm rather more nervous than I was before. It seems to me that, in all forms of "social computing", the human issues around privacy, bullying, and the theft or manipulation of personal data are going to be far more important than the technology issues the vendors tend to bang on about. ®

High performance access to file storage

More from The Register

next story
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.