I have seen recently some growing concern with the legitimacy of CDS working within the Second life terms of service and various privacy laws, so I have decided to write this post to clarify how CDS works within the Second life rules.
Often, people who are caught by the system usually like to quote this part of the terms of service:
8.3You agree that you will not post or transmit Content or code that may be harmful, impede other users’ functionality, invade other users’ privacy, or surreptitiously or negatively impact any system or network.
CDS it self does not transmit content that is harmful, it sends nothing harmful to the user’s system, nor does it send anything harmful to the user. It does not impede “functionality” of a user, it does however have the capability to ban people (not enabled by default) but banning someone does not impede their “functionality”, only restricts them from accessing an area where they are not welcome – which is part of normal Second life functionality. “Privacy” is not violated, as knowing what viewer you are using is not any different from knowing what browser you are using on a website. No personal details are being stored by the system it self. I had even called up Linden lab’s concierge line and verified whether or not an agent key, viewer information constitutes as “personal information” – It’s safe to say that Linden lab said it was not.
Other segments that are often quoted are:
You agree to respect both the integrity of the Service and the privacy of other users. You will not:
(i)Post or transmit viruses, Trojan horses, worms, spyware, time bombs, cancelbots, or other computer programming routines that may harm the Service or interests or rights of other users, or that may harvest or collect any data or personal information about other users without their consent;
This piece is the most confusing for many users and many who are pro-copybot like to quote it a lot due to how how vague this term is. Fortunately, I can explain why CDS does not violate this rule. First of all, CDS is not using “exploits”, so it most certainly does not violate the majority of this statement.
The next part of the term that discusses about collecting data about other users without their consent, the fact is. CDS gets the consent of the user. The user willfully enters private land, this private land is governed by it’s own rules and much like real life, when you walk into a mall and pass through the theft detection systems, you are consenting to this scan. CDS works in exactly the same way. I have also brought this up with the Lindens in the past and got confirmation that it was not violating rules for these purposes.
Sadly, this segment of the rules are so vague, that while CDS does not violate them, the Second life viewer it self violates them. By visiting a location, your viewer automatically harvests keys and agent names into a cache file. This can be on private land where you have no rights to and in which case, this would mean you were technically breaking this rule by simply visiting this in a regular viewer. The truth of the matter is, these terms are usually meant to be so vague that if Linden lab wish to justify removing someone for violating something but don’t have the justification to, they can use little clauses like this to remove them.
Those who are caught on CDS also like to quote this line from the Terms of Service a lot:
(iv)Engage in malicious or disruptive conduct that impedes or interferes with other users’ normal use of the Service;
CDS has no malicious intentions, it’s design is to catch viewers that infringe on the third party viewer policy created by Linden lab, specifically the parts about content theft. CDS does not impede or interfere with other users’ normal use of the software, it does have the capability to automatically ban people who are detected as using a ‘bad’ viewer (not enabled by default). But the user not being able to access an area they are banned from is perfectly normal for Second life’s use of the service. So CDS does not violate the terms of service here either.
Occasionally some people like to claim CDS is hacking into their system to get their alt names, and quote this bit below. But since CDS does not do any hacking or unauthorized access, this is quite impossible.
(v)Attempt to gain unauthorized access to any other user’s Account, password, Virtual Land or Content;
Now that the Second life terms of service have been dealt with. Many people have also been quoting various laws to me, telling me that CDS is violating them. CDS does not violate the privacy laws that I am aware of for some very simple reasons. CDS is logging agent keys and viewer information – This is not private information. Private information which is often written in these privacy law documents usually involves a name, address, phone number, payment details and usually it needs to be a combination of these for it to be considered to be governed by these privacy laws.
CDS does not violate the privacy laws of the country it operates in for this reason. A lot of this was investigated before CDS was released to the public. Many people often claim that CDS violates these rules, but fail to provide information as to how it violates these rules. I think the best “law” I had heard that CDS “had broken” was related to “penile” code to do with human rights, over some very loose logic.