By Bixyl Shuftan
In recent days, there's been some controversy, notably in the Second Life Forums, about something called "Bonniebots." Some feel they're a useful tool. Others feel they're a real or potential threat to privacy.
The website for Bonniebots is at https://www.bonniebots.com/. What the bots do is described on this webpage (https://www.bonniebots.com/bonnie) : "BonnieBelle and her sisters are roaming bots who travel the grid collecting data. You can follow their progress on the map below." And the included map showed a number of markers going from place to place over Mainland, Bellisseria, and private sims. With the main page stating, "The worst part of Second Life is finding where everyone else is at. We're trying to come up with a better way to find the party. ..." It looks like the purpose is to check the activities of various sims, listing how many avatars are there, and mention how many have been there for more than an hour. It was unclear why these particular sims were listed. The "Regions" page would also display them with an option to go down the list of 27609 sims ten at a time.
There are other pages for most popular attatchments, which regions have the most abandoned land, which sandboxes have the most traffic, which regions have the most available Linden Homes, a Marketplace page for sales history over the past few days as well as a list of the top merchants and listing some items up for sale, and an avatar search page. At the bottom of each page was a Discord contact, the name of one of the bots to contact, and an email: bonniebellebots@gmail.com . There was also the semi-familiar phrase among longtime SL residents, "Be excellent to one another."
Looking up my own name on the search page, curiously I was the second person mentioned on the list, the first being someone who quoted an amusing comment I made. There were also two other with Shuftan as a surname, someone with one of them listed as a friend on their profile, and someone who I couldn't see why they would be there. Checking my home community, the Sunweavers, community leader Rita Mariner was the third person listed, me being the fourth, and two of the people listed I haven't see in months. Searching for Gemma Cleanslate let to a long list of names in which she only appeared after a dozen or so others.
The bots are not brand new, but according to the forum thread "Has Anyone Else Noticed the B[xxxx] Accounts?", they have been around since before August 2022. It started getting more attention, and debate, around mid-December. "They pop in, stay five seconds, and leave. I can't image what they're doing excect gathering the number of guests at each." Eventually, a "Bonniebelle81" respoded, "We attempt to visit all regions at least once a day and are certainly not stalking anyone. I'm sorry if we gave you guys a fright." Some people commenting didn't see a problem, "Just block them." Others grumbled they shouldn't have to or that preventive measures had a downside, "...my first thought was to allow Region access only to those who have payment info.The problem is that by doing so, potential customers who don't have such info can no longer enter my region to rent, and also friends or visitors of my tenants who also won't have pay info can no longer visit. ... why do I have to tolerate and accept your 'data collection' bots that make my customers nervous."
Skyler Pancake tried to assure they weren't out to collect anything that wasn't already done so, at least by Linden Lab, "All data collected HAS to be publicly available data. There's no way for anyone aside LL to collect data that isn't. So this is information you are putting out on Second Life. It's just data being anonymized and compiled." But the complaints continued, "This website and its avatar search provides information to the public that is not otherwise public knowledge." Not everyone else posting was against the bots, "So many words to excuse paranoia." "You people are freaking out entirely too much over a network of land survey and census bots." But the majority were either outright against them or expressing reservations about them, "I am tired of seeing your bots teleport in all the time and having to mass ban them. You are disturbing Second Life residents who are paying money to rent or lease their virtual property. You are doing this without asking permission for your own entertainment." There was also a debate about whether this was against the Terms of Service or not.
Finally at page seven on Friday January 20, Keira Linden announced the following:
Hi all, I understand some are upset by what they are seeing on the BonnieBots website. Let me assure you that all the information they are displaying is accessible via lsl script call or openly available information on various web pages. In other words, this is public information and has been for quite some time. Nothing that is discoverable in this manner is considered personally identifiable information. If you have something on your Profile you do not wish others to know, you should remove it at this time. As has been pointed out, land owners have the ability to restrict access to private areas via the land management tools.
If you are concerned about the safety of your account, please enable MultiFactor Authentication. The steps to do so can be found here: accounts.secondlife.com/mfa/status
And, as always, if you believe anyone has broken the Terms of Service, please file an Abuse Report so that we may investigate the situation.
We are in communication with the owner of this system to ensure all it adheres to all requirements and will now be closing this thread.
But the debate didn't stop as another thread was opened the next day, "Sorry, This Is Not OK, B Bots Profile Scraping." The poster stated that her profile "is set in the privacy options to FRIENDS ONLY," and compared the limited information in my.secondlife.com to much more being available in a Bonniebots search, "I am deeply disheartened by LL's initial reaction to this. ... This is a massive wholesale data leak and should be treated as seriously as any other security issue. None of this is ok." And debate started immediately, "But unless you're daft enough to put RL in your profile it's not a big point. Nothing to personally identify you." There were nine pages of comments over about 12 hours until it was closed by Volo Linden after he stated, "... the information displayed is accessible via LSL script calls and is publicly available information. We would recommend removing content from your profile if you did not wish for others to see it. "
On Sunday January 22, a third thread was started, "Banning Bots From The Grid?" This time the person starting the thread wasn't so sure about going after the bots. It would be locked seven pages and less than eight hours later, the Lindens basically saying the chatter had gone off the rails. So on Monday a fourth thread started, "Open Letter to Linden Lab: Enforcing Policies?", the person suggesting there was a double standard between how the Lab enfoced it's policies on the forums and it's policies on bots, "We all know that these are hardly enforced at all, laissez faire at best. I think we as (paying) costumers have the right to expect and IMHO even demand that Linden Lab enforces all their own policies in the same way and not only in the advantage of themselves, meaning as it pleases the company." This one lasted two days and eighteen pages, then Patch Linden stepped in.
This post, like others has been locked for going so far off the rails of the topic that I think was originally intended to be discussed, and the outward accusatory, defamatory tones and attacks towards others, while still a thinly veiled attempt to discuss the matters behind the other locked topics is no longer going to be tolerated on our forums.
That said, I am in direct contact with the creators behind the Bonniebots and I have consulted our legal teams and a GDPR specialist, to give me a full understanding of the situation at hand. Out of respect for all concerned in the matter, I turn your attention to reviewing the policy at stake, and understand that we will enforce this policy:
Information You Provide when Using our Services. Please note that our Services may offer chat functions (either one-to-one or within a limited group) or other forms of communication services (such as real time voice communication either one-to-one or within a limited group), forums, community environments (including multiplayer gameplay) or other tools that are either restricted to other account holders or Services users or that do not have a restricted audience and can be accessible by anyone. Any information, content or communications, including personal information, you provide when you use any of these features will be available to the recipients (dependent on the nature of the tool) and may be publicly posted and otherwise disclosed without limitation as to its use by us or by a third party.
While we endeavour at all times to protect the privacy of our users and to ensure no harm is caused through our Services, given the nature of the tools, we have no obligation to keep private any information you made available to other users or the public using these functions.
I feel that I will be able to attain an ammicable and suitable solution to all soon, while preserving the spirit of the policy and allowing open exploration of Second Life to continue on a healthy trajectory. Non-playable characters, "bots" and other automated means of roaming the grid are not prohibited in general at this time.
By this time, the Bonniebots were starting to get the attention of Second Life media. New World Notes would write about it on Friday January 20, and the debate would follow there, "SL was always dead to me. ... Then someone goes and actually solves it ... What's the reaction? "OMG, my privacy." There would be a followup on Monday about the worries and counterarguments. Prokofy Neva would write in his Second Thoughts about the matter, "It's not enough to say 'oh, it's public'. Because what's happening is that it's being AMPLIFIED AND WEAPONIZED. When THAT happens in SL, we have a right to protest. Nobody thought when they signed the TOS and read the privacy policies that their annual sales data and their raunchy profiles would go into Google and be read by RL bosses or spouses or whoever can cause havoc in an avatar's life. So let's not be children here. AGGREGATIONS and AMPLIFICATION is the issue, NOT the mere act of scraping what is there."
Eventually New World Notes would report on Wednesday that Patch Linden met with the BobbieBots team "for a fireside meeting. It was stated that the website would be making some changes, "We'll be adding an opt-out to the avatar search and the Top Merchants listings. Avatar search will stay disabled until the opt-out is implemented. Top Merchants listing will have merchant names hidden." The time it would take to make the changes was described as "maybe a weekend or two."
The Newser reached out to the Bonniebots team to see if they could answer some quesions. They responded they couldn't at this time, but should soon be available for an interview.
It's unlikely the debate about Bonniebots will simply up and quiet down soon. feel free to leave comments below.
There are other pages for most popular attatchments, which regions have the most abandoned land, which sandboxes have the most traffic, which regions have the most available Linden Homes, a Marketplace page for sales history over the past few days as well as a list of the top merchants and listing some items up for sale, and an avatar search page. At the bottom of each page was a Discord contact, the name of one of the bots to contact, and an email: bonniebellebots@gmail.com . There was also the semi-familiar phrase among longtime SL residents, "Be excellent to one another."
Looking up my own name on the search page, curiously I was the second person mentioned on the list, the first being someone who quoted an amusing comment I made. There were also two other with Shuftan as a surname, someone with one of them listed as a friend on their profile, and someone who I couldn't see why they would be there. Checking my home community, the Sunweavers, community leader Rita Mariner was the third person listed, me being the fourth, and two of the people listed I haven't see in months. Searching for Gemma Cleanslate let to a long list of names in which she only appeared after a dozen or so others.
The bots are not brand new, but according to the forum thread "Has Anyone Else Noticed the B[xxxx] Accounts?", they have been around since before August 2022. It started getting more attention, and debate, around mid-December. "They pop in, stay five seconds, and leave. I can't image what they're doing excect gathering the number of guests at each." Eventually, a "Bonniebelle81" respoded, "We attempt to visit all regions at least once a day and are certainly not stalking anyone. I'm sorry if we gave you guys a fright." Some people commenting didn't see a problem, "Just block them." Others grumbled they shouldn't have to or that preventive measures had a downside, "...my first thought was to allow Region access only to those who have payment info.The problem is that by doing so, potential customers who don't have such info can no longer enter my region to rent, and also friends or visitors of my tenants who also won't have pay info can no longer visit. ... why do I have to tolerate and accept your 'data collection' bots that make my customers nervous."
Skyler Pancake tried to assure they weren't out to collect anything that wasn't already done so, at least by Linden Lab, "All data collected HAS to be publicly available data. There's no way for anyone aside LL to collect data that isn't. So this is information you are putting out on Second Life. It's just data being anonymized and compiled." But the complaints continued, "This website and its avatar search provides information to the public that is not otherwise public knowledge." Not everyone else posting was against the bots, "So many words to excuse paranoia." "You people are freaking out entirely too much over a network of land survey and census bots." But the majority were either outright against them or expressing reservations about them, "I am tired of seeing your bots teleport in all the time and having to mass ban them. You are disturbing Second Life residents who are paying money to rent or lease their virtual property. You are doing this without asking permission for your own entertainment." There was also a debate about whether this was against the Terms of Service or not.
Finally at page seven on Friday January 20, Keira Linden announced the following:
Hi all, I understand some are upset by what they are seeing on the BonnieBots website. Let me assure you that all the information they are displaying is accessible via lsl script call or openly available information on various web pages. In other words, this is public information and has been for quite some time. Nothing that is discoverable in this manner is considered personally identifiable information. If you have something on your Profile you do not wish others to know, you should remove it at this time. As has been pointed out, land owners have the ability to restrict access to private areas via the land management tools.
If you are concerned about the safety of your account, please enable MultiFactor Authentication. The steps to do so can be found here: accounts.secondlife.com/mfa/status
And, as always, if you believe anyone has broken the Terms of Service, please file an Abuse Report so that we may investigate the situation.
We are in communication with the owner of this system to ensure all it adheres to all requirements and will now be closing this thread.
But the debate didn't stop as another thread was opened the next day, "Sorry, This Is Not OK, B Bots Profile Scraping." The poster stated that her profile "is set in the privacy options to FRIENDS ONLY," and compared the limited information in my.secondlife.com to much more being available in a Bonniebots search, "I am deeply disheartened by LL's initial reaction to this. ... This is a massive wholesale data leak and should be treated as seriously as any other security issue. None of this is ok." And debate started immediately, "But unless you're daft enough to put RL in your profile it's not a big point. Nothing to personally identify you." There were nine pages of comments over about 12 hours until it was closed by Volo Linden after he stated, "... the information displayed is accessible via LSL script calls and is publicly available information. We would recommend removing content from your profile if you did not wish for others to see it. "
On Sunday January 22, a third thread was started, "Banning Bots From The Grid?" This time the person starting the thread wasn't so sure about going after the bots. It would be locked seven pages and less than eight hours later, the Lindens basically saying the chatter had gone off the rails. So on Monday a fourth thread started, "Open Letter to Linden Lab: Enforcing Policies?", the person suggesting there was a double standard between how the Lab enfoced it's policies on the forums and it's policies on bots, "We all know that these are hardly enforced at all, laissez faire at best. I think we as (paying) costumers have the right to expect and IMHO even demand that Linden Lab enforces all their own policies in the same way and not only in the advantage of themselves, meaning as it pleases the company." This one lasted two days and eighteen pages, then Patch Linden stepped in.
That said, I am in direct contact with the creators behind the Bonniebots and I have consulted our legal teams and a GDPR specialist, to give me a full understanding of the situation at hand. Out of respect for all concerned in the matter, I turn your attention to reviewing the policy at stake, and understand that we will enforce this policy:
Information You Provide when Using our Services. Please note that our Services may offer chat functions (either one-to-one or within a limited group) or other forms of communication services (such as real time voice communication either one-to-one or within a limited group), forums, community environments (including multiplayer gameplay) or other tools that are either restricted to other account holders or Services users or that do not have a restricted audience and can be accessible by anyone. Any information, content or communications, including personal information, you provide when you use any of these features will be available to the recipients (dependent on the nature of the tool) and may be publicly posted and otherwise disclosed without limitation as to its use by us or by a third party.
While we endeavour at all times to protect the privacy of our users and to ensure no harm is caused through our Services, given the nature of the tools, we have no obligation to keep private any information you made available to other users or the public using these functions.
I feel that I will be able to attain an ammicable and suitable solution to all soon, while preserving the spirit of the policy and allowing open exploration of Second Life to continue on a healthy trajectory. Non-playable characters, "bots" and other automated means of roaming the grid are not prohibited in general at this time.
By this time, the Bonniebots were starting to get the attention of Second Life media. New World Notes would write about it on Friday January 20, and the debate would follow there, "SL was always dead to me. ... Then someone goes and actually solves it ... What's the reaction? "OMG, my privacy." There would be a followup on Monday about the worries and counterarguments. Prokofy Neva would write in his Second Thoughts about the matter, "It's not enough to say 'oh, it's public'. Because what's happening is that it's being AMPLIFIED AND WEAPONIZED. When THAT happens in SL, we have a right to protest. Nobody thought when they signed the TOS and read the privacy policies that their annual sales data and their raunchy profiles would go into Google and be read by RL bosses or spouses or whoever can cause havoc in an avatar's life. So let's not be children here. AGGREGATIONS and AMPLIFICATION is the issue, NOT the mere act of scraping what is there."
The Newser reached out to the Bonniebots team to see if they could answer some quesions. They responded they couldn't at this time, but should soon be available for an interview.
It's unlikely the debate about Bonniebots will simply up and quiet down soon. feel free to leave comments below.
Sources, SL Forums, New World Notes, Second Thoughts
Image source: Bonnie Belle
Bixyl Shuftan
I read the full article, I reached out to them and was able to interview them for curiosity sake and even toss some suggestions and have back and forth on ideas for the bot and I have to say the bots seem benign, maybe even beneficial the data they collect is viewable on https://www.bonniebots.com and seems to be focused on anonymity and nothing you cant get without right clicking a nearby person and hitting view profile, to be honest though the concern about hiding a profile in search, the feature was never good because quite frankly LSL/SLURL calls and a lot of other means can get you to a profile if you know its there so to ever expect any privacy of the profile is just kind of foolish, the attachment feature connects no data to avatars and allows you to see whats popular which may be beneficial as it gives some users a new way to see what content is available and promotes stability of the creators selling the content, after having spoken with the creator and the lengths they go through to keep the data benign I have to say their activity appears to be more responsible than most bot operators, the bots even now provide links to show what their doing, when I first encountered them, they may of been in the testing phase, but they offer no data that isn't easily obtained within SL beyond showing where they've last seen people at , unlike that stupid traffic system which could place empty locations at the top of search because they sporadically attract a crowd, I think the only reason these bots attract so much Ire is because they don't hide the fact they have the same origin by giving them diversely different names which gives haters a clear target making them a little harder to dismiss as random, but I really think you should try to ask for an interview again, I had a little chit chat with the creator, and between what I see from them and their site, their handled as responsibly as any roving bot can be. Basically the advertising these bots achieve is the safest there is online, the data they collect is publicly available and easy to collect and isn't anything newly generated that breaches actual privacy unlike that Trash from jack sparrow, zfire and Monkey and this might actually help bring people together and help them meet new friends as unlike SLs traffic system it shows where there's actual current activity, to be honest I don't see anywhere this thing is a threat the only none public data it provides is most popular attachments, and where SL's population has shifted too if your looking for a crowd, beyond the spook factor its harmless. and unlike the mass of other bots I see, but much like loubottin, its purpose is declared and open. so the controversy over this thing as it stands is kind of pointless
ReplyDeleteThey should leave the Avatar search off and let people Opt IN, there will be a lot of people that have no clue about this. But MY main concern as someone that owns multiple sims is I would LIKE to see a way to opt my sims out completely. I am getting so very tired of bots popping in when and where ever in residential area's. Granted this could be a boon for business areas and more power to them, me, I detest all bots and want them to stay out of my sims period.
ReplyDeleteBots should have to register. There should be an easy checkbox to exclude any bot you don't specifically authorize from a parcel or region. Easy peasy, but I bet LL won't do it.
ReplyDeleteI agree. Linden Lab has demanded, for over a decade, that avatars used for bots must be labeled as such — something which is quite easy to do on the Account page (I know, because I do use several bots on my academic projects, and although they're restricted to a region and clearly labeled as bots, I nevertheless checked the box to identify them as bots to Linden Lab).
DeleteMy understanding is that this is a requirement more for legal issues — if a 'bot is caught doing something against the ToS, and it is not even registered as a 'bot, then LL is in their right to ban that account — as well as all its alts that LL is aware of. Flag it as a bot — then LL will probably just contact the owner and ask them to change its control software to comply with ToS.
But if it's flagged as a bot, then you should be able to ban it from About Land or the Estate Tools, just like you can easily ban underage users, or those without credit information on file, and so forth.