Privacy policies basically amount to statments of intent. The idea of online privacy is pretty meaningless—unless you've got some way to make sure your providers, carriers, and governments aren't collecting everything you do, good luck with privacy before we even get to things like Google, Facebook, advertising networks, and malware. But here are the privacy implications this site and my Second Life thingamajigs anyway.

Last updated May 1, 2021.


This Web Site

Public pages and services on this Web site don't log anything. Not even the standard "Web log" info like your IP address, browser info, and the items you've accessed. No cookies are set or retreived, nor do we use technologies like pixelbugs. No access information is shared with any hosting providers, advertising networks, or third parties.

If you log in to this Web site with a username and password (e.g., you're helping me write questions for Teh Globe or something) then the site sets a cookie and logs standard HTTP access information, including the IP number from which you're connecting, the items you've accessed, and your browser info. Honestly, I'll probably never look at it unless there's a problem but it is being collected, compressed into a passworded archive every week, then tucked away.

Teh Globe

Teh Globe collects no direct information about any Second Life users. In-world, Teh Globe keeps track of who's playing at any given moment to award points and whatnot, but that information only exists during the course of a game and is neither stored nor transmitted in any way.

Teh Globe communicates with my offworld databases and services to retrieve questions and other data. Again, no information about players is transmitted or collected.

Teh Globe does use Shared Media/media-on-a-prim in Second Life. If the media exists on, no information about the requests is logged (just as with public Web access, above). If the media is on another site (most likely Wikipedia) access is subject to the privacy and access policies of those sites. Currently Wikipedia is the only site other than from which Teh Globe will load remote media.


Kyrie logs no information about questions, responses, or requests from users—that information is treated the same as public Web access, above.


A few of Kyrie's features require persistent per-user settings: right now those are limited to news subscriptions and customised teleport locations. Those settings are encrypted in-world using AES encryption, and that encrypted information is stored offworld. When Kyrie needs the info, it retrieves the encrypted data and decrypts it within Second Life: the clear data is never transmitted to/from Second Life.

Even if encrypted user data is somehow accessed illegitimately or stolen, it would take an attacker quite a lot of brute-force computing power to decrypt it, and even then all they're going to get is a short list of news sources and custom teleport locations a user may have set up. And, unless that information is especially revealing, they won't have any idea whose information it is: no usernames or other identifiers are associated with it. Even as the developer, I can't unwind the data to figure out what belongs to who.

Greetings/Avatar Scanning

Kyrie's "greeting" function (that enables it to comment on avatars and their outfits) relies on a custom database of anonymised avatar and attachment information (see "LouBot," below). No information in that database can be associated with a specific Second Life user, and attachment names are not stored in clear text. There is no public access to the database, and Kyrie itself does not contain a scanner that feeds the database.


I operate a bot account on the Second Life grid under the name LouBottin. The bot's profile clearly identifies it as an automated avatar and provides contact information for me.

  • LouBot collects fully anonymised avatar data to chart aggregate information about avatar trends (height, age, memory used, etc.) and seed Kyrie's anonymised database of avatar attachments. The data includes hashed (anonymised) names of visible, non-HUD attachments avatars are wearing, along with some basic information about the avatar's status at the time (height, render weight, memory use, script information, etc.). The item names are also hashed (anonymised, basically) in case they inadvertently contain avatar identity information (i.e., if I were wearing an attachment called "Lou Netizen's Awesome Hat" my avatar name "Lou Netizen" doesn't leave SL). If the hash doesn't match one that's been previously manually identified (as as a hairstyle, shoe, or a mesh body or similar), Kyrie is unaware of it.
    As part of this scan, LouBot collects a hashed version of each avatar UUID ("key") and uses it to prevent repeated scans of the same avatar over a short period of time (e.g., if LouBot sees the same avatar six times in one day, that avatar will only be scanned once). Hashed keys are deleted after 24 hours, and there is no way to associate a hashed key with a grid location or any other collected avatar information: even if someone cracks the database and gets a day's worth of hashed keys, they aren't going to be able to figure out where those avatars were or what they were wearing. I can't either.
  • LouBot occasionally tests to see whether selected remote services like my personal servers, Amazon AWS, Microsoft Azure, Linode, and other hosting providers are accessible from a particular sim. This does not involve collecting any information about a sim or any avatars there at the time and has no privacy implications. The function is merely a test of how those services do or do not block Second Life servers, or how Linden Lab may or may not be blocking access to particular external resources, since both I and some of my clients have experienced sporadic issues, and the issues vary by region.
  • If LouBot encounters a security device and can recognise any message or dialog it sends, LouBot will attempt to leave the region. (Unfortunately, many security devices have a window of only a few seconds, which isn't long enough for LouBot to work out a new destination and leave.) If LouBot does successfully recognise a security device and LouBot is on a mainland region, it will report its location to Shergood Aviation's Air Traffic Control (ATC) in an effort to help Second Life's pilots, boaters, and drivers plan their routes (and stay out of private areas). LouBot neither collects nor shares information about security device owners; only the device name and location.

Put into words, the data collection may seem like a lot, but the amount of information accessed by LouBot is a tiny fraction of the information sent to every Second Life viewer when a resident enters a region normally. In other words, far, far more data is available to any avatar in the same location at any time.

LouBot operates autonomously (there's no one "driving" the avatar) and will not respond to local chat or IMs. LouBot tries to stay out of the way: it makes every effort to teleport into sims at a very high altitude and "drift" above the 4096 meter altitude limit on building. However, set landing points, no-fly options, and other factors can prevent that from happening. LouBot does its best to detect and honour security devices/security orbs. If LouBot gets in your way, please feel free to ban it: there are plenty of other sims where it can go. If there is a problem with LouBot, please try contacting me directly.

Magic Book

The Magic Book displays cover images using Shared Media/media on a prim. Most covers will be served from, and access is subject to their privacy policy. If covers are served from, no information about the access is logged: it's treated as public Web access, above.

Product Updaters

Several products use a custom updater system to get new versions to users if I ever have to issue an update for a product. Those updaters rely on an in-world server; the only data that goes offworld is (encrypted) product and version information, and Lou Netizen's avatar info. No user or customer info leaves the Second Life grid.

Dice Poppers

The Dice Popper and RPG Dice Popper do not use offworld services and have no privacy implications outside Second Life.

ALS Pocketwatch and Monocles

The ALS Pocketwatch and Monocles do not use offworld services and have no privacy implications outside Second Life.