Ugh, Second Life is an awful game from the community, to it's whole selling virtual items and real estate to it's absolutely horrid, out of date, unoptimised design. I'm just glad crap like this is against the rules for just about every other MMOG.

If it isnt thrown out and does concentrate on if they can deny him service based on his terms of service violation, this case could be really bad news for some of the other MMO companies out there. I really hope they don't find in his favor, just because we pay to play doesn't mean we shouldn't have to follow rules.

I half hope this case does go to court, since as far as I'm concerned the guy broke electronic trespass laws.

The excuse 'but their security was so bad it isn't _really_ hacking! I just wanted to profit from their poor design' has _never_ held up very well in court.

In short, I'm hoping Linden Labs nails Bragg to the wall......

SL is not a game most noobs refuse to understand that its more social experiment/dev community than anythign else.


Calvinball
I think its stipulated at the time there was no such rule in the ToS thus what he did was legit however he broke what is known as the sprite of the Tos,I could be wrong I usauly am.

Ya know, I just gotta say that when I read the part where the company said that the PA court didn't have juristiction, I got all hyped up that they were going to say that it had to be held in a court IN Second Life.

What a let down. :)

Nightwng2000
NW2K Software

This is wack though....it sounds wack because the idea for virtual stuff for real stuff is new.

This might be the "evils" of the next generation or something who knows.

IT's probably one of those things that sounds crazy now.....but down the road this might be a common thing.

Besides....having your money in the bank....it's not psyhically there. When you pick up a pay check...you get a peice of paper with a money sum on it.....it's not REAL money...yet it too can be transfered into money from eletrionic things.

So it's somewhat the same consept and idea....it's a "state of mind" that your money is there.

[...] From GamePolitics comes news that a virtual land dispute that started last year is moving into actual court rooms. Attorney Marc Bragg “exploited a URL quirk to grab several plots of virtual land for cheap,” and Linden Labs then suspended his account, citing ToS violations. [...]

@Mauler

Did you even read it fully? The guy got the land illegaly in the first place via a glitch. And no contract is unenforcable.

[...] From GamePolitics comes news that a virtual land dispute that started last year is moving into actual court rooms. Attorney Marc Bragg ‘exploited a URL quirk to grab several plots of virtual land for cheap,’ and Linden Labs then suspended his account, citing ToS violations. [...]

@Merc25

Anti-aircraft guns maybe?

Though more seriously, doesn't the game already support zones of denial so property can be kept invite only? They could just doughnut the guy's land.

What the hell?! The guy agreed to the terms of service! It's a contract, for cripes sake! This shouldn't even be considered a valid complaint.

If the dude agreed to the ToS ( Which he had to to play the game) then the land is still LL's. But, being one to give someone the benefit of the doubt LL would probably be best off reseting the dude's account to where it was before the purchases.

Second Life will soon fall as did Cybertown. They will start pushing around their users, as did in Cybertown, until they have to begin banning people left and right to try to thin the herd of upset folks. But a new account is a new e-mail, and IP address away so its not a big deal. Most people know how to change their IP address so banning someone gets pretty difficult, then even more difficult when someone changes their IP to a banned one and tries to use it.

Players like to exploit the their cyber-laws more openly than real laws. So no matter what Linden Labs tries to do there will be a group of people ready to exploit it for whatever reason they see fit. But I love it. Even though I don't really enjoy the game myself I like reading articles about such events. I find the virtual vandalism stories to be funny in most cases. Without that I don't think I'd ever really talk about Second Life, until people claim its innovative(I point out Cybertown) and when silly things such as this happen.

Was'nt it Shakespeare that said "lets kill all the lawyers"?

@kurisu7885

If Linden Labs and this guy agreed to a price, which they did, and Linden Labs took the money from him, which they did, then how did he do it illegally? He didn't hack the servers, he didn't make them sell him the land. He found a hidden, but still public webpage and filled out a form.

ToSs and EULAs don't make companies bulletproof. For a contract to be a contract it must be reached by mutual consent. A take it or leave it stance, especially after they have your money, doesn't work. Also, you can't contract certain rights away from yourself. For example you can't contract yourself to a wage below minimum wage. The more lopsided the contract the less likely the contract will be held to be valid.

Since the sections requiring arbitration and venue have already been struck down by the court, this idea that a ToS or EULA is carved in stone and handed down from on high is demonstratively false.

@AWOL

Hacking? He changed a few, perhaps one, digit in the URL. That is not hacking. They were making the page public since it was reachable on their servers by typing in a web address. He did as much hacking as anyone who types in gamepolitics.com. Which is to say none.

If the land wasn't for sale then why did they take his money? Even more to the point, if the land wasn't for sale, why didn't they return the money they took for the land? It was for sale. They took the money and he took the land. If you take money from someone and give them the stuff they bought you have sold it to them even if you didn't mean it. No backsies and all that without, you know, returning his money.

To:Mauler

From SL ToS

3.3 Linden Lab retains ownership of the account and related data, regardless of intellectual property rights you may have in content you create or otherwise own.

2.6 Linden Lab may suspend or terminate your account at any time, without refund or obligation to you.

2.7 Accounts affiliated with delinquent accounts are subject to remedial actions related to the delinquent account.


http://en.wikipedia.org/wiki/Unenforceable

http://en.wikipedia.org/wiki/Exploit_%28online_gaming%29

The terms of service listed above apply to this issue i think. No matter what the exploit is Linden deemed it one and under 2.6 they have every right to suspend his account (even though the ToS states they don't need a reson). unenforceable contract is still a vaild contract but one the court will not enforce. I hope Linden Deletes his account.....or better yet donate all the money he mad of the exploit to charity.

Also not sure if anyone has seen but he is asking for help with legal costs.
http://www.chescolawyers.com/

@Awol

Might have been a "public page?" Sorry, but it was a public page because it was accessable by the public. He hacked that site just as I hacked gamepolitics.com when I typed it in. If GP had a non-linked paged called love letters where he published and stored they would be public because the public had access to them. There is no hacking here.

You don't remember correctly. And this will cover kurisu7885 comments as well.

http://lawy-ers.com/robreno_order.pdf

Page 6. And I quote from the findings of the court "The dispute ultimately at issue in this case arose on April 30, 2006, when Bragg acquired a parcel of virtual land named “Taessot” for $300."

Is he suing for more than he paid? Of course. Find me one lawsuit where this doesn't happen. He bought the land from Linden. It was a sale and now they are keeping the money and the land because they don't like the way they did the sale with him. That is the part that bothers me the most. That they took his money for the sale, said the sale violated the ToS and took away both the item he bought and the money he paid. If you are going to cancel the sale you have to return the money.

@Lothar

The problem with 2.6 is that court already has issue with such a one sided agreement. Go to the link above, the actual court document for this very case, and read page 33 and 34. The court used that very section to show that it is unconscionable. They have, in effect, already rendered that part unenforceable by allowing this to go forward. As to 3.3, the court found both that and the public statements by Linden Labs to be at odds on page 3-5. They were in essence advertising one thing and then offering another. I'm not sure why 2.7 is even envoked here.

Wikipedia has it wrong. If the court won't enforce it the contract isn't valid.

http://www.entrepreneur.com/management/legalissues/legalissuescolumnistj...

"Saying a contract is valid means it's legally binding and enforceable." If the courts won't enforce the contract, won't balance the scale as it were, then the contract is invalid. A valid contract that the courts won't enforce doesn't exist by definition.

It didn't ask for a password. He typed in a URL. That is not hacking even by the most generous definitions of hacking. He was authorized to see the data because the server gave him the data with his own credentials. It doesn't let me see it because I'm not a member. He was a member, he was authorized to see it, it was placed in the public, and it was not hacking. Had he bypassed any security that would have stopped him with his credentials then a hacking charge could be made. But he didn't. He accessed a publically available page that was neither secure or otherwise protected. Typing in a URL isn't hacking. Trying to guess the correct URL isn't hacking. Hacking involves trying to bypass some sort of security and this had none.

If Linden Labs didn't want to make it public they shouldn't have made it public. It was publically available to anyone who typed in the right URL. The page existed and was created by Linden and was active because he was able to use that page to buy the land. LL may not have publically advertised the land for sale but they did list the land for sale and then sold it to him. The second part here is key. They took his money for the land.

Just because the court used the definition of Avatar from Wikipedia doesn't mean that everything in wikipedia is correct nor does it mean that everything defined in wikipedia is correct either.

Take note of the ASU link you provided. A valid contract has the elements listed in I. above and is legally enforceable. He goes on to qualify something as "generally" valid but without a mechanism to enforce breach it isn't a valid contract because it isn't legally enforceable. A contract that can't be enforced, that can't compell someone to act, isn't a valid contract because it lacks the enforcable part.

Take note of the Gallaudet link as well. "A contract for which there is no legal remedy." which means it is not a valid contract because it lacks the ability for the court to enforce it.

A void contract is still definitionally a contract but it's not a valid contract because to be valid the courts would have the duty to enforce it.

While you are correct that it doesn't mean that they will rule in favor of either party, what it does mean that pointing to the ToS as if were some holy writ isn't going to work as he has already dismissed that contention. They have to do something other than hold up the ToS as a valid contract because the judge has already said that it wasn't. The judge isn't going to even look at it anymore.

Just because they don't want you to see something doesn't mean that when they put it out into the public sphere any attempt to see it becomes hacking. All he did was type the correct URL into a browser. That's it.

As to why he picked a lawsuit over arbitration or mediation is fairly simple. He is a lawyer. The other reason is that he would have to go to SF for arbitration because he wouldn't have a court document to change the venue. He would have to play by their rules and those rules have already been ruled unconscionable. He had to sue them to get a fair hearing. Once you are in court you might as well go for it all.

Given that most claims in such games would be small change the correct venue would be a small claims court. Costs there are small. The costs of arbitration compared to litigation have arbitration overshadowing small claims courts by about a bunch. For the normal player such an arbitration agreement is the same as denying any review by any party.

While the article says that it doesn't mean what you want it to mean. He isn't saying go to arbitration or mediation as the same problems exist. You are turning your problems over to the ruling of a third party either way and the costs of arbitration aren't that much lower than litigation anymore. What he is saying is that you need to avoid lawsuits by writting better contracts. Too bad Linden Labs didn't think of that eariler.

Reuters and Intentia went round on this in 2002. Can't find the outcome anywhere, and it's a UK think so it's not even on point, but their defense is exactly the same. If the URL can be typed in and it takes you to that page the information is undoubtably public. Most of the legal and tech minds agreed from what I found.

@Mauler

I have reviewd over all the documentation so far and most interestingly found that in his offical Press Release he states that his account was cancled and not reason or refund was given when in fact the Offical minuts of the court state that LL emailed him stating that his account was suspended. Now primarily in MMO's if that happenes that mean they are reviewing your account and that nothing is set in stone yet. So that being said he seems to contradict him self alot.

also he did not send $300 per parcile of land it was 300 lindens which the exchange rate is 250 lindens - $1 USD (current). he paid 300 lindens per plot. spending around $1.20 USD.

All I would say that he is intitled to would be a refund on what he originally purchased the land for and not include the profit he made from them. Keeping in mind that normally land goes for around 1,000 lindens and not the 300 that he got it for.

Now from the way that it sounds the way that he did this was by exploiting ( see full definition http://en.wikipedia.org/wiki/Exploit_%28computer_security%29 ) which states that - an exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).

It sounds like he used a mean called Code Injection ( http://en.wikipedia.org/wiki/Code_injection ) which the easiest way to explain would be you take a web address ( example - http://www.yourdomain.com/users.php?m=auth&redirect=L2FkbWluLnBocD9tPXVz... ). Now if I change anything past user.php? to achieve an effect, price, gain access to an otherwise non accessable part of that site that in turn is an Exploit and can be deemed illegal.

Furthur more he purchased the land with the intent to make a profit and only did so via the exploit. according to his website he is on the bar in california and another state and owns comerial realestates in california. the amount of money that he is asking for would be irrelevant if he is as connect and well off as his website makes him out to be. Plus he is also soliciting for financial relief for this case from anyone willing to donate. In my oppion it seems like he is wanting to get the publicity from this and make money while he does this.

So all I have to add is that even though I am not a fan of the SL game I will be interested in how this plays out after all anything can be achieved in the court system with the right lawyers. And a company that is worth million I would hope would have already had thier lawyers go over the ToS with a fine tooth comb. I believe that all he should get is his account placed back into the state it was prior to the purchase of the land and that is all.

you seem to ignore key elements to continue your debate. From what Bodok has said and posted and looking at the site what he did was code injection. He injected a chucnk of code(evne if it was one digit) to access the page. Also the best buy thing seems to be some thing openly published on there page that was accessable by clicking on links seraches etc. this was different. he got there by code injection which has a very questionable legaility. And he does not have a right to keep anything he gained from doing that. If they rule in favor of him on this it will drasticaly change the online world of MMO's. then it might be possible for gold famers to sue blizzard for banning their account. Users could sue for being banned for other exploits like this and hacks and get away with it. I support second life in this issue. The ToS you agree to is just that. you break the terms no more service. and they have only so far as i have read suspended the service. they could reinstate it at any time. it is there service and they provide it to the users. and they retain the ownership of all in world property. you get to keep the copyright on what you create but they own the digital contents of the world. maybe they should nuke his property.

http://thelastboss.com/post.phtml?pk=2284

@Mauler: There's a difference between public and unsecured. Public information is that which is put out by the company for anyone to view and use. This was clearly not public information; the average SL player not only had no way to know about this parcel's existence, but no way to access it. Linden had not released information about it yet.

The fact that Bragg had to figure out a way to gain access to this information is very telling; Gaining access to unsecured information is the very heart of hacking, and that is exactly what was done in this case.

If I write up a long story, and put it on my website server, but don't provide any links to it, and don't tell anyone about it, that story is still not public. Its existence on my server alone does not make it public. If someone uses a technique to pull up a file list on my server, finds the story, and then does something with it, he is commiting a crime.

Now, there's no question that it was poor security for Linden Labs to have web scripts that could pull up information on any parcel of land in existence in the game, and even worse that there was a way to actually bid on this land. But that doesn't change the fact that it was unsecured data, not public data.

The difference between public and unsecured is easy to illustrate. If I put a sign on my porch that says, "Come in," and leave the door open, that's public. If I leave my door unlocked, that's unsecured. If you enter my house in the second case, you're still guilty of the crime of Breaking and Entering; if you take something from my house, it's still Burglary, even though the door was unlocked.

- - - - -

All that being said, Linden does need to revamp their procedures and protocols for dealing with cases like this. Because they allow and encourage real-money trade in Linden Bucks, they have to take a much higher road than, say, World of Warcraft. I think the fairest case in this situation would be for them to issue funds equal to the current value of Linden Dollars that remain in the account; the land that was obtained through hacking, and the Lindens spent to acquire them, should be forfeit. And, of course, he should be permanently banned from SL.

@Nekojin

I completly agree...

I believe that LL sould file a counter suit agaisnt him

did you not read the wiki link. injecting code is entering a url. but with part of it changed. exactly what he did

* Buffer overflow
* Heap overflow
* Integer overflow
* Return-to-libc attack
* Format string attack
* Race condition
* Code injection
* SQL injection
* Cross-site scripting
* Cross-site request forgery

Didn't do any of that. He entered a URL of the land he was interested by putting in the correct land ID in the URL.

For example, the address would be /auctons/propertyid He changed the ID from one he wasn't interested in into one that he was. None of those methods you listed come close to what he did. He entered a valid URL for a property that he was interested in. This hacking fantasy

Also you quote the California penal code section 502 stating that requires it to be done without permission.

You left of the word knowingly, you would have to prove that he knew that the webpages weren't meant to be accessed and did it anyways, and the actions that have to occur after knowingly accessing the pages in question. You also left out the portions that require some sort of taking, and since they agreed to a price there was no taking involved, or other acts of malice that didn't occur. Without any elements of the crime then it's safe to assume no crime happened.

Interesting point, you know what the Wikipedia doesn't consider to be a reliable source? Itself. Part of doing your research means doing research. Wikipedia is a starting point and not an ending point. Pointing to it as if it were the final word on the subject, especially when it doesn't say what you want it to say (ironic considering how easy it is to make it say that) doesn't make this fantasy of the lawyer being some uber hacker any closer to being the truth. He typed in a URL with the information that Second Life gave him. If they didn't want him to see it they shouldn't have made that information public. If the wikipedia is your only experience in this subject perhaps your advice to do more research was directed at the wrong party. That and if a cultural referance comment gets you that upset you might need to research some humor. I hear wikipedia has an excellent page on that.

The last time I check, if someone enter a public store after closing hour because the staff did not lock the door and forgot to remove the "welcome" mat, it is still illegal entry.
Worst still when that person took something from that store during his "night raid".

On the same logic that code injection is legal.
If someone look at his bank account number and figure out how the account number is generated and formatted. Then he made a withdrawal from the bank using an account number he figure out and made off with the money.
This person is still legal by all meant because he is only exploiting what knowledge he learn?

I think we have another JT#2 here.

This will be my last Comment and then I will take my own advise and await the courts decision. Like I said opinions... and if you believe you are right go on believing it but rest assured that you will be a very small minority on this matter. Further more unless you can show undeniable proof of your allegations, and even then most would probably still disagree, then no one will sway to you ideals. I on the other hand I am A+, Network+, MCP, and finishing up my Security+ and then moving on to my MCSE not to mention my 2 years in law enforcement and am set in my ways and ideals just like any warm blooded person would be. I for one have better thing to do than to bicker over who is right. So in the spirit of sportsmanship I wish you good luck and good day. I now wash my hands of this and await the courts decision.

[...] Hallo Streit um virtuelles Land kommt vor Gericht Die Auseinandersetzung zwischen den Entwicklern von Second Life und einem Rechtsanwalt um virtuellen Grund und Boden wird nun vor einem Richter fortgesetzt werden. Das berichtet die Website gamepolitics.com. Der US-amerikanische Anwalt Marc Bragg hatte vor einiger Zeit einen Fehler im URL-System von Second Life genutzt, um seinen virtuellen Grundbesitz g

[...] Der Streit um ein Stück virtuelles Land zwischen den Second Life Entwicklern und einem Rechtsanwalt wird nun laut einem Bericht von gamepolitics.com vor Gericht fortgesetzt. [...]

I'm not going to engage in the petty semantic argument over the definition of hacking. It's really pretty irrelevant to the actual issues involved here.

The way I see it, there are two issues involved. The first that Bragg cheated on the land sale and tricked the system into holding an unpublicised auction with himself as the only bidder. Which resulted in him obtaining the virtual property for a price well below market value. In this issue, I think Linden is clearly within their rights to recind the sale. Through the sole actions of the purchaser, it was not a fair sale, and the company cannot be forced to honor it. Same as if a customer at a supermarket peels off one price tag and places it over another, the store is not obligated to honor the 99 cent price tag he placed on a 20 dollar frying pan.

Which leads to the second issue, Linden's response. They did not simply recind the sale. Instead, they froze the person's account and confiscated the entire balance. Had they not done that, I think Bragg would have been laughed out of court. But they not only kept the money paid on the fraudulent sale, they additionally siezed unrelated money that he had on deposit there and confiscated it. Linden's Terms of Service do allow them to do this. But as the first decision in this case showed (the motion to compel arbitration, as agreed to in the ToS), due to it's onesided nature, the ToS is not as bulletproof as Linden would like it to be.

Personally, I think they should have refunded all of his money and then banned him. I'll be interested in seeing how the decisions to come play out.

This is why you should never never EVER use real money to purchase something inside a video game. The moment that happens, it ends up no longer being a game to lawyers, since something of real value has traded hands. If I'm playing an MMO and I kill you and loot something off your corpse, its a game. If, however, that something off your corpse was worth $500 on ebay, now I've committed theft.

There is a similiar incident involving a dispute with a EQ player and SOE that I read about a few years ago.

The player shared his account with a friend and SOE banned the account for violating the EULA so the guy sued SOE. From what I read, he won because when SOE accept the money they had to provide service which susceeds the EULA.

Eula is nothing but a forced contract anyway.

A URL is not a script. You said that people don't take me seriously but the it's really hard to take someone seriously that considers typing in a URL any level of programming. The server side is scripting, the user side is a URL and inputting the URL isn't scripting by any stretch of the imagination other than yours. Nobody is going to take you seriously if you tell them you are a programmer or even a hacker if you tell them that all you do is guess at URLs.

If the page wasn't "live" then how did he get to it? The page was live and he got to it. Maybe they thought they hid it good but they published it on their website and thus it was open to the public who had enough mental capacity to figure out to change the page they didn't want into the page they wanted. This is not code injection this is typing a URL of a page that actually exists.

He bought the property from LL in the same mechanical manner that everyone else does. He just bought it earlier via an exploit. This is still not hacking nor is this any level of code injection. URLs are not code and typing in the URL is not injecting this non-existant code.

Every single one of your examples that you give shows you what code is and none of them describe URLs. Until URLs is taught at the same level as C++ is VB or even good old fashioned basic, it is not code. Elevating URLs to the level of code is ludicrious to say the least.

So if typing a URL is a valid way to get to the page and the page he typed in was valid then his method to get to the page was valid. Changing the numbers is still a valid way to get to a valid page. If the page wasn't live then the page wouldn't be accessable to the public. By definition it was live. They may not have wanted to take it live so early but they did and they should suffer the consequences.

Again, had he changed it to a parcel that didn't exist he would get nothing. If he changed it to a parcel long since sold he would also get nothing. For some awesome method of code injection this is fairly weak tea. It can only take you to those pages that LL had already created and made public.

@Barto

I don't remember that story. You wouldn't happen to remember a name or something?

http://prexus.yuku.com/topic/11518/t/Glider-suing-Blizzard.html

Heres the post from that link

Actually, I guy I worked with and his lawyer roomate sued Verant/Sony for just that thing when they banned a wizard account they bought together. They won.

By taking your money, they agree to provide service. By not providing service, they're actually breaking the law...which trumps breaking the rules of the game. At least that's the way that judge saw it in that case.

peace,
Aielman

You know its not illegal in California to record a phone conversation as long as one of the parties knows. But would it be legal to publish the conversation without the other parties first consent?

Homemade Porn Clip...

Its interesting, THX...