Safarying

Monday, June 26, 2023

Patty Paranoid and the Failed TP

 It's an inconvenience that we have all experienced. 
G. de Digulleville: Pèlerinage de vie humaine, Pèlerinage de l'âme
National Library of France
You're all ready to hypergrid out of a place, ready to jump from here to there, and a little window shows up saying 'Teleport Failed' and asking you to go to the website of the destination grid, and the simple one click gesture suddenly takes on a positively Medieval flavor. 

Here's an example of the pop-up you'll see when trying to go to Kitely. You only have to do this once, on your first visit to each of the grids with this system set up. 
You may have heard people deride this event as a sort of authoritarian 'douane' or Checkpoint Charlie. Some may tell you it's an invasion of privacy, as you're asked to authenticate your avatar.
Before you - no, not you ! because you're not nuts ! - before your pal Patty Paranoia starts screaming conspiracies, let's answer a couple of questions: 
Why do you need to do accept ToS and acknowledge GDPR ? 
Why do you only have to do it on some grids?
Craft Grid will prompt you to  copy then open the Grid website and paste it in the box at the bottom.
It's all to do with European law on privacy. 
Huh? 
Discovery grid allows you to TP to the grid, then you accept the ToS by going to their website.
Here's a quick way to see the difference between Europe and, say, the US, regarding privacy: Think of a boy you knew when you were growing up. Try Googling him - first and last name, and the city where you know he lived at some time in his adult life. If the city you type in is located in the US, you'll quite easily find the following details about him like previous and current addresses, age, who he cohabits with, sometimes information on his employment, even salary, depending on the sector he works in - and not only all that info about your childhood pal, but everyone with the same name. In Europe, that can't be done in a simple search. Privacy laws prevent it, unless you go to some sort of specialized website like Linkedin where people choose what they share about themselves. 
That's the theory. If it works perfectly, or is a good idea, is irrelevant for this post.
Opensim grids - all of them - collect information about your avatar. This info makes it possible for you to be seen wearing clothes, to IM people, to make LMs, offer friendship, and to access parts of your inventory.  
 The ToS/GDPR window and acceptance page are frankly a pain in the butt for the grid owners to set up, they hate doing it, but they are DEFINITELY not doing it to annoy you or to somehow snoop into your private details.
Non-European grids are not obliged to tell you they are collecting this information, although, of course, they are doing so. But all European-located grids ought to do so, to be in compliance with the law, and some non-Euro grids choose to do so, for the sake of transparency. 
Yes. Some EU grids choose not to ask you to accept ToS. Totally their choice, but let's not pretend that this makes them more virtuous or less likely to store your data - they most certainly are storing your data.
Share these few simple facts with the next Patty Paranoid you meet. 

7 comments:

  1. Collect information about my avatar huh? Brunette hair, high heels, pink undies... lol

    ReplyDelete
  2. I have to disagree

    The only data opensim collects is avatar login, and it looks like this:

    2023-06-28 10:00:58,912 DEBUG [SCENE]: Region Atlas told of incoming child agent Jeff.Kelley @grid.pescadoo.net:9000 c16275b8-fede-4d89-9d96-64f481ec12d5 (circuit code 1454463313, IP 192.168.0.1, viewer Firestorm-Releasex64 6.3.9.58205, teleportflags (ViaLogin, ViaHGLogin), position <128, 128, 20>. From region Welcome (578d453b-37ba-46a7-9102-5ef2752900ac) @ http://grid.pescadoo.net:9000/

    The only personal data written is the ip address, like for every web server in the world. Nothing about clothes, IM, LM, friendships, clicks, etc.

    It is true that a grid operator may collect more data using a modified version of the software. *This* certainly needs to be announced and agreed to by the visitor, as it is not expected from a regular, truthful opensim server.

    Asking the visitor to sign a web form before entering makes you suspectable that you are doing so : using a modified version of opensim to collect more data.

    Highly counterproductive.

    ReplyDelete
    Replies
    1. I'm leaving this comment up, because it shows how uninformed many people are. That's a shame, but you can't fix those who want to believe the worst of others.

      Delete
    2. Thirza. I highly appreciate what you do for the Hypergrid. But this paragraph is plainly wrong, *except* if the grid owner resorts to deep, non-off-the-shelf data mining or code modification :

      « This info makes it possible for you to be seen wearing clothes, to IM people, to make LMs, offer friendship, and to access parts of your inventory. »

      At your disposal for a demonstration.

      Delete
  3. Jeff, I appreciate your interest in this post. I'm not saying that the tos allow grid owners to snoop. I'm saying that, while a certain amount of avi information has to be shared to make it possible for the hg to work effectively, it's baked into every hg jump, so grids making the choice to alert visitors to what they see as eu regulations are not up to no good. You're basically making my point for me, in a way, although I wonder if there's some sort of language gap preventing you from getting that. One of the virtues of opensim is living and let live, and discriminating against grids who ask for tos acceptance as if they're datamining or something smacks of paranoia.

    ReplyDelete
    Replies
    1. No further comment from my part. Let's meet on a grid I manage and I will show you what data opensim collects upon you.

      Delete