{"id":5358,"date":"2019-08-19T07:31:36","date_gmt":"2019-08-19T12:31:36","guid":{"rendered":"http:\/\/blog.zoha-islands.com\/?p=5358"},"modified":"2019-08-19T07:31:36","modified_gmt":"2019-08-19T12:31:36","slug":"second-life-is-plagued-by-security-flaws-ex-employee-says","status":"publish","type":"post","link":"https:\/\/zoha-islands.com\/blog\/second-life-is-plagued-by-security-flaws-ex-employee-says\/","title":{"rendered":"Second Life Is Plagued by Security Flaws, Ex-Employee Says"},"content":{"rendered":"
\n
\n

A former infosec director at Linden Lab alleges the company mishandled user data and turned a blind eye to simulated sex acts involving children.<\/p>\n<\/div>\n

\n
\n
\"A<\/picture><\/span><\/div>
Elena Lacey; Getty Images<\/span><\/figcaption><\/figure>\n<\/div>\n<\/div>\n
<\/div>\n
\n
\n
\n
\n

A lawsuit filed by the former information security director of Linden Lab\u2014the company behind the online virtual world Second Life, which, yes, is still a thing\u2014claims the company mishandled sensitive user data and turned a blind eye to simulated acts of child molestation and the potential for money laundering.<\/p>\n

\n
Paris Martineau<\/a> covers platforms, online influence, and social media manipulation for WIRED.<\/h5>\n<\/div>\n

In a lawsuit<\/a> filed in San Francisco County Superior Court on July 30 and served to Linden Lab on Tuesday, Kavyanjali Pearlman, a security researcher who joined Linden Lab from Facebook in 2017, says that she raised these issues during her tenure, and was met with hostility. The suit alleges company executives retaliated against her for flagging cybersecurity risks and potential violations of anti-money-laundering laws, child exploitation, and data misuse.<\/p>\n

\n
<\/div>\n<\/div>\n

Pearlman claims the company discriminated against her as a woman, an Indian immigrant, and a Muslim. \u201cAfter making her concerns known, [she] was treated worse than similarly situated employees who were not immigrant women of color, who were not religiously Muslim and wore a hijab,\u201d says the suit. \u201cInstead of looking into Pearlman\u2019s complaints, Linden Lab\u2019s senior officers led a campaign of retaliation against her, painting her as an inept employee who has issues with communication, and ultimately terminating her employment in March of 2019.\u201d<\/p>\n

\u201cWhile we will fight her alleged claims in court, we deny any allegations that the company has engaged in any illegal activity,\u201d said Linden Lab spokesperson Brett Atwood. \u201cMs. Pearlman left the company on March 15 only after she was given the opportunity to improve her work performance. We look forward to all the facts coming out in a court of law,\u201d he said, declining additional comment because of the lawsuit.<\/p>\n

Linden Lab is best known for Second Life, the massively multiplayer virtual world launched in 2003, which boasted around a million regular users at its peak, and an estimated<\/a> 800,000 active monthly users as of 2017. Those numbers are paltry compared with today\u2019s social media giants, but it\u2019s still a sizable chunk of people.<\/p>\n

A decade ago, Second Life was populated mostly by futurists, brands, and, for some reason, embassies<\/a>; today, the virtual world occupies a more niche space online<\/a>. Much of Second Life revolves around the Linden Dollar, a virtual currency with real cash value that is used to buy and sell in-game items, virtual land, and operate or play at virtual \u201cskill gaming\u201d casinos. In 2018, approximately $65 million was paid out to Second Life users for a variety of virtual goods and services. Gaming\u2014including both free-to-play games and \u201cskill\u201d games that offer payouts\u2014was the most popular activity among users, according to Linden Lab<\/a>.<\/p>\n

Last October, Pearlman says she raised concerns with Linden Lab executives that the company was not complying with anti-money-laundering rules, including not required information about the operators of skill games, according to the lawsuit. She says her concerns were dismissed, and that the issues had yet to be addressed by Linden Lab when she left the company in March.<\/p>\n

Atwood, of Linden Lab, declined to comment when asked about the accuracy of Pearlman\u2019s description of events. \u201cAll Second Life skill gaming operators must provide and verify their identification as part of a rigorous application process,\u201d Atwood told WIRED over email. \u201cWe are in compliance with all legal regulations and all skill gaming operators agree to our Terms & Conditions as part of the review and approval process for our Skill Gaming program.\u201d<\/p>\n

In the suit, Pearlman claims that the user payment information collected by Linden Lab and \u201cSecond Life customer data\u201d wasn\u2019t secure, and that her attempts to correct even the most glaring security issues were met with hostility. In September 2018, Pearlman says she alerted multiple members of the IT team and executive board that payment information was accessible by employees from other parts of the company, and that outside contractors were gaining access to support tools that gave them unfettered access to private user data, according to the lawsuit.<\/p>\n

Pearlman says even more serious issues received similar treatment. Sexual roleplay is a popular activity among Second Life users; the virtual world features many so-called adult regions where users\u2019 avatars can be nude, have sex, and engage in more niche sexual activities. Last fall, the suit alleges, Pearlman urged Linden Lab to review its age verification and consent review process, as she was worried the company could be erroneously collecting data on minors and enabling children to use the platform without the consent of a parent or guardian, which would violate the Children’s Online Privacy Protection Act and Europe\u2019s GDPR.<\/p>\n

Pearlman says that her concerns were only amplified by violations of Second Life\u2019s \u201cageplay\u201d rules, which prohibit users from engaging in virtual sex acts with users that present themselves as children. The lawsuit says that violations of Second Life\u2019s ageplay policies \u201ccould be called simulated child molestation\u201d as users\u2019 avatars can resemble children; in an email to the chief operating officer in the fall of 2018, the suit says, Pearlman raised concerns that the company\u2019s age-verification policies posed the \u201crisk of underage kids being involved,\u201d but was dismissed in favor of prioritizing the launch of a subsidiary company.<\/p>\n

According to the lawsuit, in 2018 the manager of Linden Lab\u2019s fraud team \u201cpresented information to Linden board members in quarterly fraud reports that acknowledged a high number of such Ageplay [sic] violations were actually occurring on a regular basis each quarter.\u201d The suit says Pearlman \u201cwas concerned that Linden Lab was apparently allowing the users to violate ageplay rules, by not implementing appropriate procedures to prevent violations from repeating at the same levels each quarter.\u201d<\/p>\n

The lawsuit claims that Scott Butler, Linden Lab\u2019s former chief compliance officer, wrote a memo to other executives in June 2018 \u201curging compliance with cybersecurity laws consistent with Pearlman\u2019s repeated concerns\u201d and recommending that she be appointed the company\u2019s Chief Information Security Officer. A former high-level Linden Lab employee confirmed the contents of the memo. The former employee said the memo \u201cindicated that there should be more scrutiny on the \u2018skill gaming program,\u2019\u201d and recommended Linden Lab adopt a suggestion from Pearlman to determine why it \u201chad not been able to prevent the seedy population of \u2018age-players\u2019 from returning to Second Life, time and again.\u201d<\/p>\n

When asked whether Pearlman\u2019s description of events regarding ageplay violations is accurate, Atwood, the Linden Lab spokesperson, declined to comment.<\/p>\n

\u201cIn accordance with Second Life\u2019s Community Standards and Content Guidelines, real-life images, avatar portrayals, and other depictions of sexual or lewd acts involving or appearing to involve children or minors are not allowed within Second Life,\u201d said Atwood. \u201cIf any such activity is detected, individuals or groups promoting or providing such content and activities will be subject to enforcement actions, which may include immediate termination of accounts (including all detectable alternate accounts), closure of related groups, removal of content, blacklisting of payment information and loss of land or access to virtual land.\u201d<\/p>\n

\n

This article was posted on 8\/16\/2019 and is public knowledge. We at Zoha Islands in no way share beliefs or supports alleged accusations we are just a messenger to our readers. Have a great week from all of us at ZI<\/strong><\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

A former infosec director at Linden Lab alleges the company mishandled user data and turned a blind eye to simulated sex acts involving children. Elena Lacey; Getty Images A lawsuit filed by the former information security director of Linden Lab\u2014the company behind the online virtual world Second Life, which, yes, is still a thing\u2014claims the … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":5370,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,3,4,5,6],"tags":[],"_links":{"self":[{"href":"https:\/\/zoha-islands.com\/blog\/wp-json\/wp\/v2\/posts\/5358"}],"collection":[{"href":"https:\/\/zoha-islands.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zoha-islands.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zoha-islands.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zoha-islands.com\/blog\/wp-json\/wp\/v2\/comments?post=5358"}],"version-history":[{"count":0,"href":"https:\/\/zoha-islands.com\/blog\/wp-json\/wp\/v2\/posts\/5358\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zoha-islands.com\/blog\/wp-json\/wp\/v2\/media\/5370"}],"wp:attachment":[{"href":"https:\/\/zoha-islands.com\/blog\/wp-json\/wp\/v2\/media?parent=5358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zoha-islands.com\/blog\/wp-json\/wp\/v2\/categories?post=5358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zoha-islands.com\/blog\/wp-json\/wp\/v2\/tags?post=5358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}