Web Profiles – privacy leak?

Tateru Nino posts on a privacy issues surrounding SL web Profiles – or more particularly, the “old” profile API utilised by 1.x Viewers and the likes of Firestorm.

Although there is an issue here, I’m not entirely with her on her take on the situation, or in the options she provides as potential solutions.

Essentially, the problem lies in the fact that people seem to be under the impression that setting the privacy options on a web Profile via my.secondlife.com will “hide” the selected parts of the Profile from being viewed in-world. For example: if Groups to be viewed by Friends in my.secondlife.com, people take it to mean only Friends can view the Groups information when viewing the Profile in-world.

While this is the case for those people using the official Viewer 2, it is not true for anyone using 1.x-based Viewers or some TPVs based on Viewer 2. For these people, your entire Profile remains fully visible, regardless of the Privacy settings active on mt.secondlife.com.

This is because 1.x-based Viewers (and Viewers such as Firestorm) use the “old” 1.x Profile API, which has no privacy settings associated with it, and it simply doesn’t care what has been set via my.secondlife.com.

As such, and while acknowledging the situation, I’m hard-pressed to call it a “privacy” issue in its truest sense; the behaviour exhibited by the API is exactly what it has always been – no more, no less. In that regard, it’s certainly incorrect to describe the resultant situation as a bug with the 1.x Profile API.

Rather than being a matter of “privacy” with regards what is viewable on Profiles in-world, I’d actually suggest that this problem is actually an unfortunate outcome of another poorly worded communique from Linden Lab coupled with taking the “easiest” route to providing a solution.

Let’s put matters in perspective. The privacy settings on my.secondlife.com came about not to limit the viewability of Profiles in-world, but rather to address users’ concerns that my.secondlife.com initially made it far too easy for non-SL users casually browsing the web to see people’s avatar Profiles. Unfortunately, when LL moved to fix the matter (and very clumsily so, in the first pass), Q Linden issued a blog post that unintentionally linked the web aspects of privacy with the in-world viewing of Profiles; something that was possibly exacerbated by the clumsy manner in which “privacy” was first invoked.   As a result, some people have become confused.

Unless LL unequivocally state it is their intention to enable the blocking of certain parts of a person’s Profile from in-world viewing (and there are actually valid arguments for this), then I’d dispute Tateru’s view on how to resolve this matter.

Far from there only being two options open to LL (backport the privacy controls to the 1.x API or to shut down that API entirely), there is actually a third. It’s this: add the necessary clarification to the privacy settings page on my.secondlife.com. It’s around 10-15 minutes work at most. The wording itself is pretty simple:

“Please note: These privacy settings apply to how your profile is seen at my.secondlife.com or by residents using the official Viewer 2. Residents using older Viewers and third-party Viewers may be able to see your full profile in-world, regardless of the settings made here. Please ensure you only supply information you wish to be made “public” within Second Life, and ensure your profile remains within our Community Standards guidelines.”