Privacy Concerns
April 4th, 2012 by Lyle MaeterlinckSome people have been expressing concerns regarding privacy when logging into the slbloodlines.com website. There have been some unfounded rumors going around, such as that the new Bloodlines HUD “logs your IP”, which is false. It may be possible for some items within Second Life to get access to your IP address using shared media, depending on what viewer you’re using, but no Bloodlines item currently uses shared media features within SL. For more information on shared media and what you can do to protect your privacy, see this linden blog post on shared media. The website does collect hardware and software information when you log in for the purpose of maintaining sessions between the server and your client (browser), but this is not different than any website that you can log into. Keep in mind that you are not required to log into the website in order to play Bloodlines. The reason we created the website logins is to deliver cool new features like profile photos, customized profiles, clan profiles, and a richer way to interact with each other on the website. In order to provide these features, we need to put authentication in place, so that only you can edit your own profile. You have the option of logging into the website if you want access to these upcoming features, but it is by no means required.
Some have also expressed concerns about privacy when changing their password in-world. Also, some people have been trying to log into slbloodlines.com with their Second Life password. Do not try to log into slbloodlines.com with your Second Life password, it won’t work. We don’t know what your Second Life password is, and can’t authenticate you with it. Your password for slbloodlines.com is a different password that you create with your HUD by going to Settings > Account > Register. Right now, when you change your password, you do it over chat on a randomly selected channel. It is technically possible for someone to hear this password if they have a channel scanner. So, we advise you to only change your password when you are out of chat range of other avatars. We will be issuing another update soon that will make an attempt to make this process more secure. Please do not make your password for slbloodlines.com the same as your second life password; use a unique password. We don’t store passwords in plain text, we only store passwords as encrypted hashes, so not even we can see the password you have chosen, and if an attacker were to gain access to our database, they would not have the passwords you have chosen either.
We take your security and privacy seriously, and we take measures to keep your information as secure as possible. If you have any questions about privacy or security, please see our privacy policy, or feel free to contact Lyle Maeterlinck in-world with questions.
April 4th, 2012 at 6:54 pm
How come I am logged in on the blog but not on the site? Isn’t the password supposed to be the same?
April 6th, 2012 at 11:34 am
[…] There have been some concerns over the new system and security in Second Life™. I feel assured that there is no current threat and Bloodlines™ has addressed those issues here. […]