Tuesday, January 22, 2013

Body Swapping – Danger Ahead

I have talked here before about alts – additional Second Life accounts that you can create and use. As we know, alts have many legitimate uses, but they can also be used for harmful purposes.

Today, I want to talk about the mirror image of the alt: the avatar that has more than one Real Life operator.  Is this confusing?  Let’s say I am married (which I am, in fact) and that I let my husband log into Second Life using my Lindal Kidd account (which I most emphatically do NOT!)  This would be one example of what I am going to call “body swapping”.  (I've blogged about this before too, but I think it bears repeating.)

Sometimes we see a question on the forums like: “Can I transfer or sell my account to someone else?”  This would be another example of body swapping.  Or, a teacher might create a Second Life avatar and let her students take turns with it.

Sometimes, partners in Second Life trust each other enough to share the passwords for their accounts.  Whether or not this trust is justified isn’t the issue just yet (but read on), but this is another example of body swapping.

And sometimes, people may swap bodies with near-strangers, just for the thrill of it.  There is a “Body Swappers” group in Second Life for people who choose to engage in this behavior.  The group publishes a long manifesto which purports to show that what they are doing is within the Second Life Terms of Service, but in my opinion its logic is flawed, and body swapping is not within the ToS.  Even if it was, body swapping is a dangerous practice, both to you and to those around you.

Dangerous?  How can a cartoon character on a monitor screen be dangerous, regardless of who’s at the controls?  Well, let’s just talk about that, shall we?

Terms of Service.  The Second Life ToS prohibits (or, depending on how you read the language, strongly cautions against) letting anyone else have access to your account.

(From the Second Life Terms of Service, section 3.2)
You are responsible for maintaining the confidentiality of your password and are responsible for any harm resulting from your disclosure, or authorization of the disclosure of your password or from any person's use of your password to gain access to your Account or Account Name. At no time should you respond to an online request for a password other than in connection with the log-on process to the Service. Your disclosure of your password to any other person is at your own risk.  

What this says is that you are responsible for what is done with your avatar, no matter what.  If another person does something bad while using your account, the consequences will fall on YOU.  Those consequences could range from offended or enraged friends, to permanent banning for ToS violations like copybotting, to criminal prosecution for theft or extortion or certain other matters.

“Oh, but that won’t happen to me.  LL doesn’t enforce that crap anyway.”  They do.  But let’s assume that you are right and LL never finds out, or doesn’t care.  There are still other dangers to worry about.

When you signed up for Second Life, you provided an email address.  You also gave Linden Lab a “secret question and answer” to use for security purposes.  In order to give someone full access to your account (if you were to sell or transfer it, for example) you would have to give them this information, as well as your account password.

Do you really want to give someone else access to your email account?  Even if you created a Gmail or Hotmail account just for SL, it may be possible for the other person to backtrack to your main email account.  What about passwords…not only your SL password, but passwords for your email?  Did you use unique passwords for everything?  Or did you, as a lot of us do, use the same password you use for everything else on the Web?  After all, keeping track of so many different passwords is such a pain, isn’t it?  And that “secret question”…did you pick the same one, and the same answer, that you always do?  You did?  Oh dear, you have just made it really easy to steal your Real Life identity, not just your Second Life one.

If your account has Payment Information on File you have given LL a credit card number or a verified PayPal account.  Anyone else using your account has access to this source of funds.  They can buy $L…how would you like to see a $5,000.00 USD charge on your credit card from “Linden Research, Inc.”?

By giving someone access to your account, you are risking not only getting banned -- but identity theft, monetary loss, and even possible criminal prosecution.

There’s another aspect to this, beyond the above hazards.  What is the effect on others of there being someone else behind the controls of the avatar they know as “you”?

I have experienced this on a couple of occasions when I knew that someone else was using a friend’s avatar.  For example, one friend once told me “I want to introduce my wife to Second Life.  I’m going to let her swap chairs with me and use my avatar.  Will you show her around?”  Even when I knew what was going on, this gave me a creepy feeling.  Suddenly my friend was…someone else, a stranger.

How much worse, then, when one’s friend suddenly seems…different?  She looks the same, but her attitude and her manner of speaking have changed.  When do you begin to suspect that the person behind the avatar isn’t the same as the one you know?  And if you do suspect, how on earth can you find out if it’s true?  And even if you ask, and she answers…can you believe the answer?  Doubt is corrosive. 

This is very similar to encountering a case of Multiple Personality Disorder, but in a way it’s even worse – because the multiple personalities really ARE multiple people, with unique bodies, minds, and pasts.  This is a very good way to alienate your friends.

Please, please – don’t use alts to play head games.  And don’t, don’t, DON’T give your account information to anyone else, ever!  You, there – yes, you with the “remember my password” box checked on your login screen.  Stop that at once!


  1. One legitimate use for a shared account is holding funds for a group business. However this account is a non playing account that logs on to do administrative things and has its own Email account with a different password.

    1. It's a *legitimate* use, but the same cautions apply. Only one person is the account owner of record in LL's eyes, and that person is responsible for what is done with the account.

  2. Good reminders, Linnie. As you know, I was a bit thrown by this very situation not so long ago. O.O

    1. You were the inspiration for the article, Maureen. :)

    2. This is not 100% true. you do NOT have to give them your email address as you can change that at anytime. But i do agree with rest. BAD idea