Please note the following about CLOK and Privacy:
- Login passwords are stored in a hashed, but unsalted format. I cannot see what a password is, but your hashed password may be used to uniquely identify multiple characters to a single individual. Passwords can be overridden by "Coder" and "Developer" staff on the GM team, allowing us to resolve issues requiring us to log into a character, without us actually knowing what your password is.
- When using a command that involves passwords (logging in, setting password on character creation, changing a password), the command is not logged to the command log at all. If you typo such a command or an unexpected error occurs, we MAY see what you typed.
- ALL other commands are logged to a central command log with a time stamp and either your character's name or your IP address. The only person who has access to this log is the server owner/developer. It is not actively monitored but is occasionally used for investigation in the following circumstances: To identify and verify possible cases of harassment, disruption, bug abuse, exploitation, or multi-character policy violations; to determine how players are reacting in-character to certain GM-driven events; or to monitor the IC actions of potential members of guilds that have strict roleplay requirements such as the Monastic Order and Knights Templar.
- A command exists for Event Staff, GameMaster, Coder, and Developer staff to remotely view ("spy on") a player's output. This allows us to see the game from their perspective and is is only used to identify disruptive players, identify bugs, monitor player reaction to events, or monitor suspected unattended (AFK) scripting.
- We do not monitor ERP (Erotic Role Play), however, please keep in mind the above two bullets. No one on the GM team has any interest in watching other's ERP, but it is still logged. If we are actively monitoring the output of someone who starts to engage in ERP, we will stop monitoring them.
- Player IP addresses are logged to help identify disruptive users. IP addresses are not visible to the GM-team in-game and are only accessible to the server owner/developer.
- Email addresses which are optionally provided by users for certain alert features are stored in plain text flat files that only the server owner/developer has access to. They will occasionally be used to uniquely identify multiple characters belonging to the same player, either to identify a disruptive player or upon player request from that specific email address, but will otherwise not be given out to anyone for any reason whatsoever.
- While unlikely, if I were to be subpoenaed for information, if my only options were to comply and provide information or receive criminal charges, I would provide the information.
- Nearly all MUDs, including CLOK, use the Telnet communications protocol. This protocol by definition is a non-secure method of communication. Anyone between you and the server could intercept your data and see everything in clear text.
With all of the above said, please keep in mind this is game is merely a hobby project, not a registered business or organization with all sorts of restrictions and accountability measures in place. The following best practices are recommended:
- Do not communicate sensitive information within CLOK.
- Use a unique password for CLOK that you do not use for any other online accounts that you actually care about.
- If you wish to speak privately with another player, consider using a third-party application.