Rainbow Viewers for Virtual Worlds

The free software here is not provided, supported or approved by Linden Lab. No surprising or unexpected functionality other than listed in the releasenotes is included. No private data is collected. There is NO warranty or liability. Use at your own risk

How to block zF RedZone

Sunday, February 13, 2011 12:31:21 PM

[Updated] 7 Mar

We all remember the drama around Emerald, Onyx, CDS and there demise. But this seems not to have been enough to encourage LL to make necessary changes, and enforce their ToS. zF RedZone is a very similar system like ModularSystems/Gemini's Onyx/CDS and in clear violation of SL's ToS, particularly section 8.3:

You agree that you will not post or transmit Content or code that may ... invade other users' privacy.

Business as usual here, ignorance from Linden's side and there will unlikely be any change to this. As Psyke Phaeton wrote in SLUniverse, we can not force LL to make changes, but we can evolve as users, it is "our world, our imagination" and we can get rid of the bad apples. Or try at least.

If you still don't have a clue what this is all about, zF RedZone is a spyware system that collects your user and usage data in SecondLife, puts them in an external database out of anyones control, to do all kind of fancy, not working, buggy, flawed and faulty data mining to supposedly identify copybotters, alts, your IP address, your ISP, your neighbour, your address, god knows what. It's obviously a lucrative enterprise, given the price and the amount of deployed aka rezzed RedZones around the grid.

I can not repeat here again what many others have said many times before, it is a black hole smile. Tons of information are available, please educate yourself and help to educate the ones who still believe in such snake oil. It harms us all, and benefits only one single person, the snake oil creator.

So, having written that, here is what this posting is all about and how to get rid of and kill RedZone once and for all. It's fairly simple, and thanks to http://no2redzone.wordpress.com everybody should be able to make the small changes that render the spyware useless (which it is anyway smile) in a blink of an eye.

Just add the following entries to your hosts file

127.0.0.1 isellsl.ath.cx
127.0.0.1 isellsl.com
127.0.0.1 zfire.isellsl.com
127.0.0.1 girlsofthevip.com
127.0.0.1 hamlinpro.com
127.0.0.1 syscast.net
127.0.0.1 media.syscast.net
127.0.0.1 apache2-blow.port-au-prince.dreamhost.com
127.0.0.1 quickware.net
127.0.0.1 www.quickware.net
127.0.0.1 quickware.zapto.org
127.0.0.1 wh0.zapto.org
127.0.0.1 m.sparkgap.info
127.0.0.1 policedepartmentonsl.info
127.0.0.1 sparrowindustries.net

Working hosts for Vista/Win7 (just replace the existing one): hosts

You can find the file here:
WinXP - Win7: C:\WINDOWS\system32\drivers\etc\hosts
Linux: /etc/hosts
MacOS: /private/etc/hosts
(to edit the file you need admin rights)

What it does is preventing the DNS (domain name service) resolution of that website, assign your localhost IP (127.0.0.1) to it and keep everything that it wants to send to this site on your own PC.

His main site is using a free DNS service (ath.cx) and can be changed at anytime. So this may not prevent spying on you in future releases. But it should kill RedZone for now. Also he started redirecting traffic to the .com.

Not sure if girlsofthevip.com and hamlinpro.com also belong to him. They look similarly unprofessional at least p. But they are hosted at the same IP (76.104.212.177) that points directly to Redzone.

The anonymously registered domains/URLs syscast.net, media.syscast.net and apache2-blow.port-au-prince.dreamhost.com were supposedly used by CDS. They may not be needed anymore. m.sparkgap.info is highly suspicious and might be associated with CDS or a similar tool. Not leaving it to chance, blocked too.

policedepartmentonsl.info appears to be another data collector hidden behind Redzone and tons of popups.

sparrowindustries.net is used by another CDS / Redzone copycat product that works the same way, and is blocked the same way.

How to block Quickware? The newcomer on the block, not much information seems to be available other than the tool does the same as RedZone, supposedly it scans residents, puts them into a database and correlates data to identify alts. Same story, ToS violation. Quickware is hosted in the Netherlands, with a number of domains linking to one IP: 193.93.174.118. So to block this spyware you should add this IP to your firewall blocks. Adding quickware.net, quickware.zapto.org and wh0.zapto.org to the hosts file may not be sufficient here. If someone can provide an update on how it exactly communicates, please do so.

As I wrote there is a lot of more information and discussion around. Just a number of links, in case you want to get more details about it. I also copy the very good combined writeup from a number of people (Free, Samantha, Ann, Elysium, (Thanks!) here that summarizes it all.

"WHAT IS SPYWARE?

Spyware is a type of malware (malicious software) that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's personal computer.

While the term spyware suggests software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is provided by the term *privacy-invasive software*.

Source: Spyware - Wikipedia, the free encyclopedia


SPYWARE AND SECOND LIFE

A number of Second Life products claim to protect content creators from anyone who may 'rip' content illegally (i.e., copybotters). Many do this in part by detecting the type of viewer in use, and then banning individuals suspected of copybotting from locations where the product is installed.

For this to work "well" they need to collect information on EVERY visitor, copybotter or not, and retain it in a database. Both the collection and retention of that data occurs without your awareness, or consent. Data often includes IPs (Internet addresses), and can correlate alt accounts and resident locations.

For these reasons, we consider such products to be spyware.

Further troubling, there are few to no safeguards on how your data may be used or distributed, and little in the way of recourse from Linden Lab in cases of abuse. And despite the marketing, these systems stop only the most casual of copybotters as they have numerous ways to avoid detection, and they're more likely to rip content from locations and avatars beyond where any "protection" systems are run.


PROTECTING YOURSELF

No method is full proof, but there are a few things you can do to try and protect yourself and your information from spyware in Second Life:

1) Keep Parcel-based Media (Streaming music, Media) turned off in your Sound & Media Preferences unless you know you are somewhere trustworthy. Don't access Shared Media (web-on-a-prim) unless you trust the object or person who created/owns it. These can provide the holes which allow your personal information to be captured.

2) Find out if places you frequent use RedZone, CDS, or similar large-scale "copybot" scanning systems. If they do, you can stop patronizing them. You might inform the owners WHY you won't return until they stop using them, but let's stress they see these systems as an attempt to protect their content, not an opportunity to violate your privacy. They may have little idea how they work and surrounding issues. When contacting them, do so *politely*. Send them this notecard, or direct them to one of these locations for more information:

ZF Redzone, Disclosure of SecondLife Alts. - SLUniverse Forums
GreenZone

3) Learn more about these types of products on your own. Take your concerns to Linden Lab. Consider voting for, watching, and commenting on this JIRA:

https://jira.secondlife.com/browse/VWR-24746

4) And spread the word. Send this notecard to friends. Blog about the issue. Knowledge is power.

(The U.S. The Do Not Track Me Online Act, introduced by Rep. Jackie Speier, would direct the FTC to create standards for a nationwide do-not-track mechanism allowing online users to opt out of tracking and sharing of consumer data among businesses. If you live in the U.S., contact your representatives and demand they support this legislation.)

WHAT SPYWARE-FREE MEANS

Content protection and stopping copybotters are important goals. But first and foremost, we believe customers deserve to be treated with respect and dignity. This includes having a healthy concern for your privacy.

Spyware-Free is a pledge that we will never use such a system ourselves. You can shop or hang out here with confidence!"



And some more links for more information. Google is your friend too smile:

Soft Linden warns Second Life users against Quickware Alts Pro
ZF Redzone, Disclosure of SecondLife Alts
SL Jira VWR-24746 - RedZone Security violates TOS, exposes private information and is being misused
no2redzone
Ban Redzone @ BDSM Institute
RedZone – security, scam, or scraping?
Forceme Silverspar - zf REDZONE

Thanks for reading. Now open your hosts file in your favorite editor and let's get rid of RedZone!
Boy love


WARNING: Greenzone is not always able to pick up Redzone, especially the latest versions. Also Greenzone confirmed to run their own list/database, and uses it against others. Based on a no-mod unverifiable script. I therefore can not recommend to use this tool. Links for details: GreenZone gets nasty and confirmation from the author (see Addendum)


Happy Holidays!Viewer 1.x - The sources that poofed

Comments

Anonymous Sunday, February 13, 2011 2:28:00 PM

Lady Sakai writes: While Im not active that much in SL anymore (due to many factors to legnthy to list ;) ) I do sometimes venture back to my birthplace/home. Ive been speaking out against these systems since CDS appeared on the scene but met mostly aggressivnes when I did or in the best cases belittlement (sp?) Lke no system can do that thing bla bla. Its good to see, even if a tad late, that residents are now taking this seriously and preasuring LL to stop it (frankly I dont see the difference between these products and the Emerald thing that made LL shut them down in a heartbeat) Now I got GreenZone of SLM but Im wondering if GZ only picks out RZ or does it get the similar products as well? Like CDS and the like ? (Im not mentioning names in case someone gets bright ideas) Do you know if it does Boy? Thank you in advance :) Lady x

Anonymous Monday, February 14, 2011 12:51:02 AM

DeNovo Broome writes: Brigadoon Station: My Little Green Dot: The Economy of Respect is my take on how this fits into the larger economy of SL. Making people understand WHY they should care is always the biggest step...

Boy Laneboylane Monday, February 14, 2011 3:39:03 PM

@Lady

I don't know how Greenzone internally works, haven't had a look at it. But it's unlikely it universally detects all kind of similar spyware. The hosts entries also work only against zFRedzone. But the same approach should also be able to kill other systems.

Boy Laneboylane Tuesday, February 15, 2011 1:54:06 PM

GreenZone just confirmed they also run their own illegitimate database. See the update on top. The script is no-mod, so nobody knows what this thing does. Not recommended to use.

Anonymous Tuesday, February 15, 2011 9:22:11 PM

Anonymous writes: And keep in mind... Greenzone is made by a (former) copybotter... I can guess why... And I am not talking bs...ask the owner of n-core

Anonymous Wednesday, February 16, 2011 11:04:23 AM

Wilma Philbin writes: I think one of the best places for people to find out how RZ works and what it is really used for is on the RedZones own forum. The posts there really makes any claims they have on their users being responsible and mature totally ridiculous. Thanks to your helpful post I can't reach that page anymore :)

Anonymous Wednesday, February 16, 2011 2:39:47 PM

Huntress Unya writes: 1. Greenzone keeps a list of infected SIMs, and keeps it private. That is hardly the same league as redzone who keeps personal and private data of avatars. 2. How dumb do you have to be to believe that redzone's own forum is a good and neutral place for report? zFire deletes all threads personally that are not pro-redzone...

Anonymous Wednesday, February 16, 2011 2:50:43 PM

Huntress Unya writes: Oops Wilma, my mistake should read closer ;-)

Boy Laneboylane Wednesday, February 16, 2011 3:06:39 PM

@Huntress
The fact that Greenzone runs their own unauthorized database (which was confirmed first here and then here (Addendum, from the Greenzone author himself) and makes use of it publicly against others/creators/sims puts them in the very same league of violators of ToS. No difference to CDS, Onyx, Redzone, etc.

Anonymous Wednesday, February 16, 2011 3:17:21 PM

Huntress Unya writes: Boy Lane, a list of sim places that is published nowhere but only used internally, is not in the same league as the stalking data on avatars that Redzone & Co gathers. How do you stalk a sim? And with data that you can't access? I know that the list in question exists, but that it is inaccessible and not "sold to anyone" like redzone's lists. Also the data is automatically removed from the list if no redzone report is coming in for a week (? I think it was a week). The purpose lies in the potential to use such a list as blacklist in conjunction with a viewer. Again, personally I see a big difference. Greenzone lists Redzones. Redzone lists people.

Boy Laneboylane Wednesday, February 16, 2011 3:28:13 PM

@Huntress
You should read what I linked. N-core was threatened to not be removed from Greenzone if the owner does not remove a Greenzone dev that was legitimately banned from N-core for being a confirmed copybotter from their ban list. Thus using the Greenzone database against store/sim owners by showing false alarms, and being directly damaging to their business.

This posting however is not about Greenzone. I just can't recommend it to anyone based on their own asshole behavior and claimed supremacy. Redzone is certainly way worse, still this is unacceptable.

Anonymous Wednesday, February 16, 2011 3:37:07 PM

Huntress Unya writes: @BoyLane: I can confirm that such an auto-deletion exists. Anna does not speak for Greenzone. Since the list is not public, and immediate removal would not make any sense anyway, right?

Boy Laneboylane Wednesday, February 16, 2011 3:50:43 PM

One word for another. The script, its communication and its database are closed source, unverifiable. As you seem to be involved into Greenzone, how about providing its mechanisms to the rest of us, if not opensource it. That would certainly help. But as I said this is not about Greenzone here.

Anonymous Thursday, February 17, 2011 9:20:09 AM

Huntress Unya writes: @Boy Lane: I am not THAT involved, just happen to know some people. (Was in the process of making my own redzone detector when Greenzone came out and was ready and better :-D) I will relay your suggestion, however there is the slight problem that zFire is not 100% sure of how Greenzone works and I wouldn't want the Greenzone team to deliver that info... But maybe they could split detection and what comes after and keep the detection part a bit more confidential...

Boy Laneboylane Thursday, February 17, 2011 2:39:18 PM

My opinion, so more we can go broadly after him, so sooner we can stop that scam and privacy/ToS violation from continuing. Not only redzone but the other copycats too. The hosts and IP blocks plus the funky false insertions must be killing him already, given that he's not the most clever kid around the block smile.

Anonymous Friday, February 18, 2011 8:25:59 AM

Arya writes: I had a situation where I was accosted by a business owner using redzone and accused of being the alt of a copybotter. After some detective work we found out that people from the same country that I am from have had the same issues, due to the system our ISP provider uses. Read about it here: http://aryasheart.blogspot.com/2010/11/you-heard-it-from-me.html

Anonymous Sunday, February 20, 2011 1:27:40 PM

Achron writes: This is why I can't take this argument seriously. You claim that RedZone is spyware. You even put a hefty definition of what spyware is in your argument. Yet, you fail to prove that RedZone is doing any of those things. Here's where it all falls apart: "Spyware is a type of malware (malicious software) that can be installed on computers" RedZone does NOT install anything to your computer. It can't. All it does is direct your viewer to load a webpage for half a second, logs your ip and viewer for that request and matches it to your account name. This isn't exactly rocket surgery here. I had a similar system up and working within 20 minutes. Logging website traffic is not, has never been, and never will be spyware. More intrusive invasion into your privacy happened when you commented on this blog post. So if your only bit of ammunition in this fight is a false claim, then you all need to pack up your soap boxes and stop pandering to the people too stupid to know better.

Boy Laneboylane Sunday, February 20, 2011 2:14:56 PM

Well Anchron, then I'd suggest you read the whole thing again smile.

Anonymous Sunday, February 20, 2011 2:38:05 PM

Achron writes: No, I read the part where you "consider" it to be spyware. You can "consider" yourself to be the queen of england if it pleases you, but it doesn't make it so.

Boy Laneboylane Sunday, February 20, 2011 2:43:00 PM

The explanation is pretty straight forward, if you don't understand it, don't agree with it or don't like it, there is no one here to help. But you may want to edit the Wikipedia entry to correct it p.

Anonymous Sunday, February 20, 2011 3:07:15 PM

Achron writes: Ok, because my last post *mysteriously* disappeared... let's try this again. That wikipedia article has a match for 'install' both as a full word or as a partial match for 'installed' or 'installing' 65 times. It is the base requirement for it to be considered malware or spyware. It MUST be INSTALLED on your system. You are, as a point of fact, claiming that RedZone is doing this by calling it spyware, when it is not, and you have no proof otherwise. So, yes, the explanation IS straightforward, and if you don't understand it or don't agree with it, you have a whole lot of editing to do on wikipedia yourself.

Boy Laneboylane Sunday, February 20, 2011 3:15:29 PM

Whatever.

Anonymous Thursday, February 24, 2011 5:49:57 PM

Eva Ryan writes: Achron, you can pull the definition of "Install" out of any sort of Wiki, Encyclopedia, or Dictionary all you want. Given that technology is fast moving and volatile; fact is, that meanings and definitions of what "Spyware" is also moving and volatile. For me, "Spyware is any type of software or hardware used to collect data without consent." Is that simple enough for you?

Anonymous Saturday, February 26, 2011 12:45:50 AM

Dante Tucker writes: Asking people to block an entire dreamhost server is a pretty bad idea! There are tons of accounts using that one server. As a dreamhost user myself I would be pretty upset if that was the webserver my account was on. Please consider removing the dreamhost entry from the list of domains or come up with a better solution.

Boy Laneboylane Saturday, February 26, 2011 3:52:32 AM

@Dante
Not sure what you refer to as "dreamhost" (for the last in the list, this only blocks a particular sub domain). zF uses some home server with a Comcast IP or hosting24. Doesn't matter. If hiding between the masses is the tactic he follows then let the massses cry out. I'm not going to remove anything here.

Let your voice speak and get the ISP remove the culprit instead.

Anonymous Saturday, February 26, 2011 5:37:17 AM

Dante Tucker writes: Actually yes, I didn't think of that. As a customer myself let me send in some abuse complaints :)

Anonymous Thursday, March 10, 2011 4:58:07 AM

Anonimo writes: i'm happy that residents join together to cover what LL policy not cover or protect. BUT i would like the same effort, passion and force to fight COPYBOTING too! I'm sure that if i inspect one of the GreenZone passionate i will find someone with copyboted stuff. I've already see a greenzone group formed on the most famouse CopyBot web site, that means for me that this campain is right but also pushed by who live on sl to steal! Do what you have done for CDS/RZ/and clones also for copyboting and copyright writing on forum, group, spamming people with notecard as you do for fight these tools! Same problem same way to act... there is no difference for me, also because copybot is the principal cause of the creations of these tools. ty

Boy Laneboylane Thursday, March 10, 2011 12:12:10 PM

@Anonimo
Nothing I would disagree with. Perhaps you remember that Redzone supposedly was created to find copybotters, by copybotting CDS stolen sources wink. Other similar tools did the same, and Greenzone perhaps too, that is closed source stuff and they already confirmed they run their own database and used it against people. If you read my blog posting above you will see a warning about GZ. However that does not mean GZ = copybotters or vice versa.

You may well go back to the time before <insert color>Zone existed and the still ongoing fight of many against it. That is a related issue, sure, it however does not make any privacy violation and continued ToS violation in any way lesser important.

And one more thing, the principle cause for copybotting was the lulz and the script kiddies who could show, hey we could beat the system. And not to forget the fact that LL failed till today to provide a legitimate backup tool. Redzone on the other hand is all about money, greed and grief. That is not the same.

Anonymous Friday, March 11, 2011 10:02:33 AM

Anonimo writes: @Boy i agree that redzone and all clones are unuseful because are based on HTML viewer TAG. This way to detect the fake viewer is now unuseful because copybot viewer spoof perfectly their tag that is impossible to find a difference from one copybot version from the original source (for example phoenix based). About redzone-cds i've some doubts... i think redzone born before but i'm not sure for sure there was another tool working like cds before that do the same ttrick but the creator was kicked out from LL because he used a BOT to track the viewer using the bug present on cryolife/vlife and so on. What is strange for me is the big campaign agains one only of these toold , RedZone, using a hud while CDS is detectable and cannot be hidden in easy way (CDS was no mod don't know now). Boy agree that these tool that reveal alts (cds dont reveal alts) are not a good thing for sure. The IP-alt matching story is very bad too because IP are dynmically released and leased by providers, and peopel use wify in common or internet caffe so that system not work. For sure 90% of the time work but i0'm worried of the remaining 10%. I hope that the big campaign method (forum jira Linden lab butt kicking) WILL BE USED to force LL to secure moer and fight more the copybot story. You know now that copyboter use the same UUID texture importing exactly products with original name and original textures? is impossible now to inspect somoene and see if some hair are original ir not...THIS STORY MUST BE RESOLVED BY LL but till people on SL not fight like they fight for privacy no one will take care. Take alook to the Jira about copyboting ... few votes no one blog (SLU or others) treads are so long like that privacy treads... this is sad... because the feelign of people is only "cover my ass" and not fight for a REAL justice. So for every paladins that say "i fight for the justice" "for the privacy" and "for keep SL a dream place where i can be every one i want" i answer... i agree but fight also for "who invest money to allow u to dream here, that use SL to pay the bill, that spent 24 hours aday to fight copyboters alone" ty

Boy Laneboylane Friday, March 11, 2011 10:42:13 AM

I'm not going to open another discussion forum to argue about Redzone (or it's relation to copybotting) here. As a matter of fact Onyx and CDS are older and Redzone is based on stolen CDS code snippets.
All of these "tools" work the same way, can be detected, and can be blocked. And all have one thing in common, they violate not only SL's ToS.
LL is doing what is necessary, that is enforcing of existing policies. They are only a bit slow in it.

Anonymous Friday, April 29, 2011 11:59:09 AM

Anonymous writes: Skills Hak Violates a users privacy using the same media scanning methods, and ruins the community as a whole, while Him, The Alliance Navy, Merczateers, New Jessie owner worked along side Various Copybot networks, and their friends who were attacking a person named Goth, and got this person perma banned for about a week under investergations by LL without reason, but only for being against CDS, and their privacy violations, while certain members of these groups have been involved with content theft in 2009, and asked for evidence to be covered up. Remove CDS, Just like ZF Red Zone was removed, as it is a privacy violating system, brings annoyance and harassment to many residents of Second Life, and defames individuals/groups.

Anonymous Friday, April 29, 2011 12:01:40 PM

Anonymous writes: Oh and yes just look at what Skills Hak has been involved in, and know that the only reason LL does nothing is because they are an owner of gemini Industries, and he hides his/her alter ego's really well, and probabily a content thief themselves on alt accounts that cant even link back to them but this is honestly the cause of Linden Lab's Second Life/ Virtual World, as no one wants to play a game with people who illegally data mine and harvest information without consent.

Anonymous Tuesday, May 3, 2011 8:54:53 PM

Anonymous writes: 1. Kid signs up for SL to hang out with RL school friends, fills profile with RL information. 2. Kid learns of Adult areas, signs up an alt, easily defeats age verification with the aid of a phone book, fills profile with false information designed to look like an adult. 3. Kid wanders into Adult to fap to pixel boobies, gets into conversation with one of the many sexual predators who frequent such areas, quickly gives himself away as a kid. 4. Predator buys or makes a device that uses media to associate IP addresses with avatar names. 5. Predator discovers kid's alt and RL information in profile. 6. ... I've ~seen~ this happen once already, just amongst the few people I know and few places I go in SL. Not heard of it, seen it. People I knew personally in SL. A kid was abducted and raped by a man she met in SL. SL has become a paedophile's paradise, while LL sits there with its finger in its arse and a stupid expression on its face going "what security hole?" 7. Resident contacts her representative, highlights this issue, SL gets banhammered. The end. Moral of the story: having to scrap everything you built viewer 2 around is nowhere near as expensive as being forced out of business altogether. You listening, LL?

Virtual World Viewers

Friends, Dolls & Banes

Linden Lab Issues to vote for