[opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Henri Beauchamp]

On Sun, 22 Aug 2010 21:10:00 +0100, Gareth Nelson wrote:

> There isn't anything in the policy itself which says you must be
> listed, there is however a note on the directory page warning users to
> be wary of unlisted viewers.

Which is a non-sence.

Quoting the TPV policy:

"
6. The Viewer Directory and Self-Certification

We created the Viewer Directory to help promote awareness of Third-Party Viewers within the Second Life community. Unlike the other sections of this Policy, participation in the Viewer Directory is currently not a requirement for connecting to Second Life. 
"

So, the viewer  directory is just a promotion tool. Also, having a
viewer listed in the directory is in no way a guarantee, since LL
clearly disclaims it; still quoting the TPV policy.

"
6.c. The Viewer Directory is a self-certification program. Linden Lab
does not represent or warrant any independent testing or verification
of compliance of any application listed in the Viewer Directory.
We disclaim all liability associated with applications in the Viewer
Directory.
"

And the 3rd paragraph of the forewords of the directory itself:

" .../... However, because third-party viewers are not our viewers, we
cannot guarantee that they will follow our rules. You are responsible
for evaluating whether you want to use and share information with them."

As you can see, being listed in the directory means nothing, and not
being listed means nothing either as far as the safety of the viewer
goes.

I myself didn't list the Cool VL Viewer, not because it would not
be TPV policy compliant (it is, 100%), but because Linden Lab
requires private data about me that I won't disclose so to protect
my privacy and anonimity in SL.

Henri.