Emerald Project Team:
We have removed the Emerald viewer from our Third-Party Viewer Directory because of its multiple violations of our Policy on Third-Party Viewers.
Our Policy prohibits the intentional targeting of third-party sites as was done recently by the Emerald viewer’s login page. Specifically, the Policy prohibits the distribution of harmful functionality like denial of service attacks or griefing attacks. (TPVP section 2.d.iii)
Our Policy also requires a published privacy policy that specifically describes what user data the third-party viewer collects, stores, or uses, and how it uses, displays, or shares that data. (TPVP section 4.b.i).
The published privacy policy for the Emerald viewer does not disclose what user information the viewer collects. When it came to our attention that the Emerald viewer was collecting the installation path without stripping any user account names present in the path, and storing it in textures produced by the viewer’s graphics library wrapper, we asked that this code be altered to omit full directory paths. After assurances from Emerald developers (Lonely Bluebird) that the code would be altered, we were disappointed to learn that instead of stopping the practice of adding data to textures, the Emerald viewer code encrypted the data in order to obfuscate the data collection practices.
In addition to violating our Policy on Third-Party Viewers, these actions are significant breaches of the trust of the Second Life community. Please remedy these breaches immediately by taking the steps outlined below. Taking these steps is critical to providing transparency around Emerald’s viewer functionality and collection of user data, and to ensuring that the viewer complies with Linden Lab policies and the law. The steps alone do not, however, guarantee that the Emerald viewer will be readmitted to the Third-Party Viewer Directory.
- Provide transparency in your development efforts to both the Second Life community and Linden Lab, including:
- Use open mailing lists or forums for your developer communications.
- Provide a publicly viewable source code repository.
- Provide public code commit notices.
- Demand accountability from each and every Emerald developer, including:
- Require each committer to provide real-world identity information to Linden Lab as a signatory to the certification of compliance with the Third Party Viewer Policy.
- End the participation of any developer who has deliberately violated Linden Lab policy or the law.
- The Emerald viewer’s closed source emkdu library is not in compliance with the GPL. Bring all current and future versions of the Emerald viewer into compliance with the GPL by omitting emkdu. Use OpenJPEG or other GPL-compatible code.
- Update your posted Privacy Policy for the Emerald viewer to specifically describe what user data has been collected or stored by any version of the Emerald viewer that may be used to log into Second Life. For all user data collected or stored, specifically describe in the policy how that user data has been used, displayed, or shared. If you wish to disable login of any versions of the Emerald viewer that may be collecting user data, please advise us immediately of the specific viewer versions.
- Do not distribute any functionality that conceals information in Second Life assets, including through encryption or steganographic techniques, with the sole exception of information that LSL scripts produce or consume. We will be updating the Third-Party Viewer Policy shortly to clarify this requirement. Be sure to bring all current and future versions of the Emerald viewer into compliance with the requirement.
Please respond to this notice no later than this Friday, August 27 and confirm the date by which you will have completed the above steps. Failure to comply with the steps may result in further action by Linden Lab, beyond removal from the Third-Party Viewer Directory. We look forward to your prompt response.
Sincerely,
Oz Linden
And our second response from LL was.
Your responses are acceptable, with the following exceptions and clarifications:
- We have considered your request to retain Phox, Skills, and Discrete on the team in some advisory capacity, and have made a final decision: No association with the project in any capacity is acceptable. All connections between those individuals and Emerald Viewer project must be terminated, and that fact made public by the team.
- The time frame for a release that does not include the emkdu.dll is not acceptable. A release must be made available that will not use an emkdu.dll or an llkdu.dll even if they are on the users system must be made available.
Each of the above issues must be addressed no later than Friday September 3rd or Linden Lab will begin taking steps that will culminate in blocking all access by the Emerald Viewer.
With respect to the identification of contributors: the use of age or payment verification will not be sufficient. We will provide more details on the new requirements as part of updates to the Third Party Viewer Directory policies; these will apply to all new applications, not just yours. Specifics are still being worked on, and I’ll share them publicly as soon as possible, but the essence of the change is that each person with commit access to the viewer code or any project web assets served through the viewer will need to individually execute a certification of compliance with the Third Party Viewer Policy, including real identification and addressing information. Those identities will be confidential.
With respect to the public code repository – the googlecode repository is acceptable, but a link to it should be added to the set of links in your project web site footer, not only on the FAQ page.
It’s pretty clear, there was no choice but to have those three people off the team in order for emerald to continue.
Jessica Lyon's Blog 
Pingback: Emerald Gang Implodes – Viewer Ban Hammer Next? | The Alphaville Herald
Jessica, again, thanks for being transparent on this.
LL is really trying to dig a hole for them selfs any RL info like addresses Drivers #s birth certificates etc for identification is illegal for a non government agent. SL is really setting them selfs up to government take over
It’s the same stuff that you need to be age-verified, Nacht.
LOL when you wake up and realise that your drink or cigarette was probably spiked with something before you wrote that post, have a think about this. If you dont want to give your real life information to Linden Labs, nobody is sending the police to come and force you to do it. You dont have to give any information whatsoever to Linden Labs neither do any developers. Having said that; neither do you have to connect to THEIR GRID. Nobody is forcing you to do that you can have a much more rewarding 1st life without it and Li9nden Labs is not going to send troops out to force you onto the grid. Now if you dont provide valid RL identification to them they can refuse access to their grid. They own the grid its a commercial excersise nobody is forcing you to use their product but if you want to use it to connect a viewer you wrote then its simple – show us your id or dont connect nobody is forcing you to connect and nobody is forcing you to hand over any RL data its not compulsory to connect but if you wnt LL to provide a service to you then they want your RL info or stay off their grid, nobody is forcing people to write a viewer or to connect
That’s absolutely ridiculous, NachtWolf. No one has a constitutional right to be a developer of SL-compatible software, and LL can put any conditions they want on it. (Note: you have to provide verifiable identification in order to get any RL job, and requesting such info is certainly not “illegal” on the part of your employer.)
@ Flax – Your employer is backed by legal right established by the government. LL can ask for identification documents but they cannot legally demand it. YES, they can deny you partial usage of their product without it, but the government does not back their demanding it of you if you want to use their product at all.
@K.L.
that isnt clear, I think what you mean is that the law would not back LL right to demand real life identification, but at the same time failure to produce such RL identification would mean the law would back LL right to deny access to the services you provide, because in the contract every user agees to, Linden Labs states that its services are offered only in so far as they want to offer their services and are under no obligation to provide services to anyone but those they wish to allow on their grid. If your face dont fit they aint gonna bother lookin at it too long b4 they throw u off the grid. Like I said on the modular systems blog – If you are a lodger in someonelses house you dont make the rules, they do, and if you dont agree with their demands you needn’t let the door hit your ass on the way out to find another place to live.
Wow, well good for linden labs they take over the government and then we have a ton of aussies running the freakin usa isn’t this awesome??? Lmao, honestly without sarcasm this is bullshit i love emerald i love the features and all and i think this is bullshit if you ask me and what linden labs is doing is illegal we should make a team of people and SUE them yes i said SUE them they are breaking so many constitutional laws that allow for privacy here in the united states what is linden labs trying to play at do they want people to sue them?? Do they want to be taken to court over this i mean come on you can’t legally take someones personal info unless they are government officials they can use verification processes to verify the info like they do with the age verification thing on their site but in no way are they allowed to hold peoples info unless they are reporting certain things back to the irs on their customers and dealing with peoples credit unless they are not doing this it does not allow them to take peoples info in a way that breaks their privacy so essentially if they are asking for peoples personal info they are breaking the law themselves so let them break the law and tell them to FUCK off shit i know i would but for me i just follow the rules like everyone does i just won’t ever go as far as trying to get into legal shit with them i see no point but just because they are a big corp does not mean they can be taken down by the law.
LL isn’t “TAKING” personal info, they are accepting what you are giving IF you want your viewer listed in the TPV directory. It’s quite simple. They want SOME verification that you are who you say you are. By listing in the directory, LL is basically saying “This is trusted.” It is VERY reasonable that they want to know exactly WHO is compiling code that they are giving their blessing to. As we have all seen, there are some people, (Phox and Fractured) who we should not be trusting right now. They are talented coders for sure, but seem to have ethics problems.
Considering what kind of crap was going on with the Emerald code, and what kind of crap some of the developers were doing outside Emerald as well (copybot and griefing stuff) the requirements from LL are very reasonable (except the small part regarding lldku.dll specifically. If LL can release a GPL viewer with it, so can anyone else. The GPL actually allows for run-time linking with non-GPL libraries so LL is WRONG there. I’m fine with the requirement that they can’t use emdku.dll because it is untrusted.)
Phox SHOULD be learning a lesson. You can’t act like spoiled child and get your way all the time. At some point, you have to deal with the consequences of your actions.
Pingback: Emerald Viewer - Diskusionen rund um das Thema... -Seite 4 - SLinfo.de - Second Life Forum
Jessica,
Thank you for releasing the original and followup LL demands. It does explain the confusion and reluctance to release them initially as you and possibly some others worked to convince Phox and company to resign peacefully. Immature ego’s are the ultimate cause of the demise of Emerald. You should be proud of how you handled a very difficult situation. I look forward to following your next project. I hope you can find some good devs and make a new viewer even better. Just remember the saying, Trust, but Verify! Thank you for watching our backs.
Hope you stick around and I’m sure you’re go on to even bigger and better things. -Sniley
You all do know that when we age verify that goes through a government authorized 3rd party and the information is just verified as ACCURATE to LL, then it is permanently deleted. It even states that in the documentation. So I don’t know how they can demand personal and private information from a Developer. What does that have to do with it? What next? Background checks? Blood tests? Its like the SL patriot act. Identity theft is rampant these days so who does LL think they are to just demand personal info. How about they give us their drivers license numbers and names and addresses! Are we suppose to just “trust” them?? They were calling your bluff and it looks like they got what they wanted, the end of Emerald and all its users handed to them on a platter.
How simple does it have to be before people understand that Linden Labs is under no obligation whatsoever to allow third party viewers on its grid. How simple does this statement have to become?: LINDEN LABS OWN THE GRID.
You as a user are there entirely at their discression. Their policy is not unreasonable regarding developers because you have to trust they arent encoding the path to your viewer installation in the clothing layer of your avatar. WHY? YOU MIGHT ASK! WHY WOULD THEY WANT THAT STOPPED? well quite simply it allows the taking of users data en masse from the viewer to their websites. It allows a lot of very dodgy things to take place concerning the viewer. Now how simple does it have to become when Linden labs states, we dont have to allow your 3rd party viewer on our grid but if you want it to be allowed on our grid we want your real life details so that when our users complain about you hacking them to bits we can hand your name to the police because you are accountable for your viewer. AND IF U DONT LIKE THAT THEN DONT WRITE A VIEWER FOR OUR GRID BECAUSE IT WONT BE ALLOWED ON IT!
how simple do u want this LINDEN LABS OWN THE GRID
Um…. ROFL, they do. We know the real names of everyone at linden labs, we know their addresses, their phone numbers. We can drop in and visit them and also know where to send subpoenas to if there is a lawsuit and who to tell the cops to go question if there is a crime committed. They are a company.
There is no constitutional guarantee of your privacy when it comes to business transactions. If I do business with you, it’s expected I know who you are. Why is this so hard for some people to understand?? You want to take care of my kids? I want to know who you really are. You want access to my computer? I also wish to know who you really are.
LL let people be anonymous developers. Where did it get us? Someone committing a crime via their TPV… OK, time for change. You want to develop a viewer that linden labs let’s their customers use and which accesses their grid, you tell them who you really are. Seems reasonable to the reasonable.
Besides, LL isn’t even demanding they make their real identities public, only that they have that info which they will keep confidential. There are arguments that have merit about why someone would want to remain anonymous, if I were on the new Phoenix team I might be concerned that some disgrutled ex developers might mess with me hard, like they have done to others in the past… But there is also merit to the argument that if you wish to form a “company” that develops a viewer, you should at least tell people your name.
Argue all you like that individuals can’t demand your ID only governments.. You are wrong. Every person, at least in the US has the right to demand to see your ID before even letting you onto their property, let alone into their computer system.
Thank you for posting this; hopefully you won’t get in trouble for doing so. Reading these messages from Linden explains a little.
Contrary to what some Emerald users have written, it does not seem that LL was trying to root out either Emerald or the TPV’s in general. The way I read it, it looks more like what has happened on the net again and again. A new technology comes up, people start to do wonderful things to get the most out of it, and security considerations — both technical and cultural — are downplayed, since after all we are all friends here. Then someone decides to abuse that trust, and there is a backlash.
It looks like Linden Lab was a little too relaxed with the TPV requirements to start with. That is, not just from the time when they set up the TPV directory but even before. It’s understandable: people were enthusiastic about being able to develop new viewers, and the results were good for SL as a whole, so it didn’t make sense to be too strict about things like user privacy or GPL compliance. From a business legal viewpoint they are only now getting to where they should have been at the start.
I still don’t know for certain whether the key people here were brilliant young hackers who just didn’t have a clue about the ethical implications or whether they were wearing pitch-black hats. By this time my ability to give them the benefit of the doubt is wearing really thin, though. Besides, even if they were acting mostly out of stupidity as opposed to malice they managed to break things for the rest of the SL community.
The saddest thing about this whole debacle is not that Emerald is dead — and I write this as someone who used the viewer since about the first public releases. No, the even sadder consequence is that because a very small group of people abused the little trust still left in the TPV policies, Linden Lab feels they must have tighter controls so that someone else won’t do the same, or worse. I can’t blame them (I would have done pretty much the same, and have in in the past), but this makes developing TPV’s less attractive than it used to be. We all lose.
Pingback: Emerald Viewer DEAD!!! « Nalates' Things & Stuff Blog
Pingback: De viewer wordt geblokkeerd voor Emerald | Krovac's Second Life Blog
The LL disclosed statements have a couple of possibly contentious issues that may have big ramifications for other TPV’s
“A release must be made available that will not use an emkdu.dll or an llkdu.dll”
Will other viewers have to do same & all TPV have to suffer poorer performance than LL viewers?
“With respect to the identification of contributors”:”each person with commit access to the viewer code or any project web assets served through the viewer will need to individually execute a certification of compliance with the TPV Policy, including real identification and addressing information”:” the use of age or payment verification will not be sufficient”
When the TPV policy first appeared RL identification was a major issue, will we see a repeat of all that drama?
Pingback: The decline and fall of the Emerald viewer « Dwell On It
Pingback: After Emerald? « Starflower Bracken's Blog
You actually won some respect from me by resigning and posting this. Emerald users, however, have been writing some of the most idiotic posts in protest of LL’s actions. You would think they are completely naive to the existence of 1.xx based TPVs that are not Emerald from some of the things they say.
Imprudence is a more than viable alternative to Emerald, and from what it looks like, has a far more trustworthy dev team than Emerald ever did. Good riddance to tarnished gemstones, long live Imprudence.
Would you please release the name of the Linden who sent you the final requirements list? I find it unconscionable that LL tell me that I many not link to any legally installed DLL on my system. This really does appear that they are trying to cripple Third Party viewers relative to their brain damaged
BrowserViewer 2.@Hope Dreier
LOL are you completely devoid of reason?
suppose you modify a viewer to do stuff which is not approved by linden labs on ITS GRID, and your modification steals my user data…. i think u already get the picture, but incase you dont, lets spell it out shall we.
You connect to linden labs grid using your dodgy dll and steal my data. I complain to linden labs. I involve the police. Now whats Linden Labs going to say? Not our viewer, I dont know where you got this but yeah we agree it stole your data and no sorry we cant help you recover any data and we dont know the names of the developers who made your vieer.
LOL great well i will go somewhere that does know who is behind a viewer development, you know why, because I want accountability under the law.
Someone steals my money I want them convicted.
I want the name and address of every developer on a project so that if they damage my life I can take action against them. Linden Labs own the grid, they say what runs and dont run, not the developers. Linden labs own the grid. Linden labs say who gives rl information or not Linden labs own the grid, linden labs say who can connect and with what software LINDEN LABS OWN THE GRID!
In the interests of transparency, is there a chance of getting the official Emerald response back to the Labs between email one and email two, so we have full context?
Pingback: Neuer Emerald-Fork: Phoenix Viewer - SLinfo.de - Second Life Forum
I would like to thank you for the Post,
I am glade the ethical Developers of Emerald have decided to move forward with a New Viewer I look forward to the new Viewer.
To those that think Lindens Was being unfair, they were not When the Un-Ethical developers from Emerald have done far more shady things yet you all trust them?
Lindens can request as they did, If they developers didn’t want to comply lindens has every right to block and remove the viewer. We are on their servers not yours.
They own the land sorry to say. The even are responsable for the content on the servers. So when a company says Lindens is allowing copyright viloation to happen on their servers and points to the offending items Lindens Informs you to remove it. Since they are the ones who get in legal trouble first.
In regards to the privacy issue .. “Emerald viewer was collecting the installation path without stripping any user account names present in the path, and storing it in textures produced by the viewer’s graphics library wrapper…”
I suggest the new viewer has very flexible install paths and locations for settings and logs ….so the user can determine where that data is. Also make a portable install option for the viewer for the convenience and for us travelers. We the users want flexibility and the portable option…like many apps today. Example portable Firefox
Thank you for confirming that this site is nothing but a sham like emerald was I must have made around 6 or 7 posts not one of them was published, they all attacked those with the attitude of the supposedly gone emerald devs (Its all linden labs fault, they cry, linden labs cant do this to us – my replies all basically said linden labs own the grid and their requirements for connecting to that grid or for having a viewer u wrote on that grid, is that they can ask for RL data and if you dont give it they dont let u connect and the reason why is because they own the grid, and will say who is and isnt allowed on)- i dont believe for a minute they are gone. Once a scammer, always a scammer and somewhere lurking in the wings is the skills hak we all knew and despised and the others. Yeah you seriously wouldnt do without the gemini project it was the only thing bringing in the money – phox was right wheres the money? The money is in gemini. Well done i will watch as this project crashes and burns because u will never convince enough people now u are as squeeky clean as imprudence or kirstens. Sorry but you and the others in my estimation deserve all you get and personally I hope you all get investigated by the legal authorities in Europe and the USA, because I belive that is exactly what should happen, me and many many others.
I find it highly amusing that you can quite rightly point out that Linden Labs has every right to order the use of their infrastructure as they see fit, yet when it comes to a blog owned by someone other than yourself you will happily leap up and down like a crazed chimp flinging feces all over the place.
“Abortions for some, miniature American flags for others.”
I count five posts bearing your name. So, your vision is impaired along with your intellect. I’m not using Emergence, or Phoenix, because I wasn’t happy with the performance of Emerald on my (low-end) machine before all the hysteria–but in case you weren’t aware, both Emergence and Phoenix are now in the TPV directory.
Check it out for yourself if you don’t believe me: http://viewerdirectory.secondlife.com/
Regardless of what you think the TPV policy is not an endorsement of the product by linden labs, it is merely a statement of compliance with their requirements. As we saw with emerald that compliance is not necessarily subject to, either/all/or any, of the following by linden labs: continued compliance, safety of the code, quality control of the code, user privacy, it is merely a statement by linden labs that at such and such a date a viewer was compliant with their terms. They even allow you to connect with viewers that arent on the list, for example cool viewer and rainbow viewer, I should know i connect with them. I will be willing to bet that as soon as the emerald thing is forgotten, give it 8 months from today, and I think we will already be feeling that sense of deja vue.
Funny how LL didn’t bother posting what the violations were in their own blog… no, that’s about par for the course for them. =/ I’m glad we can all see what LL was slapping you with. Thanks for posting it for all of us to see.
Pingback: Anonymous
Get a first life!
Pingback: Secret requirements Lindenlab made of Emerald Viewer « Vienna Freebies