Jessica Lyon has resigned from the Emerald viewer team and published the formerly secret requirements Linden Lab made of the group – which include the expulsion of Skills Hak, Discrete Dreamscape, and Lonely Bluebird (a.k.a. Phox) from the development team – previously Fractured Crystal resigned from the group.
Emerald Project Team:
We have removed the Emerald viewer from our Third-Party Viewer Directory because of its multiple violations of our Policy on Third-Party Viewers.
Our Policy prohibits the intentional targeting of third-party sites as was done recently by the Emerald viewer’s login page. Specifically, the Policy prohibits the distribution of harmful functionality like denial of service attacks or griefing attacks. (TPVP section 2.d.iii)
Our Policy also requires a published privacy policy that specifically describes what user data the third-party viewer collects, stores, or uses, and how it uses, displays, or shares that data. (TPVP section 4.b.i).
The published privacy policy for the Emerald viewer does not disclose what user information the viewer collects. When it came to our attention that the Emerald viewer was collecting the installation path without stripping any user account names present in the path, and storing it in textures produced by the viewer’s graphics library wrapper, we asked that this code be altered to omit full directory paths. After assurances from Emerald developers (Lonely Bluebird) that the code would be altered, we were disappointed to learn that instead of stopping the practice of adding data to textures, the Emerald viewer code encrypted the data in order to obfuscate the data collection practices.
In addition to violating our Policy on Third-Party Viewers, these actions are significant breaches of the trust of the Second Life community. Please remedy these breaches immediately by taking the steps outlined below. Taking these steps is critical to providing transparency around Emerald’s viewer functionality and collection of user data, and to ensuring that the viewer complies with Linden Lab policies and the law. The steps alone do not, however, guarantee that the Emerald viewer will be readmitted to the Third-Party Viewer Directory.
-
Provide transparency in your development efforts to both the Second Life community and Linden Lab, including:
-
Use open mailing lists or forums for your developer communications.
-
Provide a publicly viewable source code repository.
-
Provide public code commit notices.
-
Demand accountability from each and every Emerald developer, including:
-
Require each committer to provide real-world identity information to Linden Lab as a signatory to the certification of compliance with the Third Party Viewer Policy.
-
End the participation of any developer who has deliberately violated Linden Lab policy or the law.
-
The Emerald viewer’s closed source emkdu library is not in compliance with the GPL. Bring all current and future versions of the Emerald viewer into compliance with the GPL by omitting emkdu. Use OpenJPEG or other GPL-compatible code.
-
Update your posted Privacy Policy for the Emerald viewer to specifically describe what user data has been collected or stored by any version of the Emerald viewer that may be used to log into Second Life. For all user data collected or stored, specifically describe in the policy how that user data has been used, displayed, or shared. If you wish to disable login of any versions of the Emerald viewer that may be collecting user data, please advise us immediately of the specific viewer versions.
-
Do not distribute any functionality that conceals information in Second Life assets, including through encryption or steganographic techniques, with the sole exception of information that LSL scripts produce or consume. We will be updating the Third-Party Viewer Policy shortly to clarify this requirement. Be sure to bring all current and future versions of the Emerald viewer into compliance with the requirement.
Please respond to this notice no later than this Friday, August 27 and confirm the date by which you will have completed the above steps. Failure to comply with the steps may result in further action by Linden Lab, beyond removal from the Third-Party Viewer Directory. We look forward to your prompt response.
Sincerely,
Oz Linden
And our second response from LL was.
Your responses are acceptable, with the following exceptions and clarifications:
-
We have considered your request to retain Phox, Skills, and Discrete on the team in some advisory capacity, and have made a final decision: No association with the project in any capacity is acceptable. All connections between those individuals and Emerald Viewer project must be terminated, and that fact made public by the team.
Each of the above issues must be addressed no later than Friday September 3rd or Linden Lab will begin taking steps that will culminate in blocking all access by the Emerald Viewer.
With respect to the identification of contributors: the use of age or payment verification will not be sufficient. We will provide more details on the new requirements as part of updates to the Third Party Viewer Directory policies; these will apply to all new applications, not just yours. Specifics are still being worked on, and I’ll share them publicly as soon as possible, but the essence of the change is that each person with commit access to the viewer code or any project web assets served through the viewer will need to individually execute a certification of compliance with the Third Party Viewer Policy, including real identification and addressing information. Those identities will be confidential.
With respect to the public code repository – the googlecode repository is acceptable, but a link to it should be added to the set of links in your project web site footer, not only on the FAQ page.