From Somnium Wiki
Both privacy and transparency are extremely important to me. I want to make the following completely clear:
- Passwords are stored in a hashed format that I cannot read. Passwords can be overriden by myself, if I ever need to do so for some reason, without knowing what the actual user password is - I have neither the need nor the desire to know users' passwords.
- When using a command that involves passwords (logging in, setting password on character creation, changing a password), the actual password is not logged in the commandlog.
- Tells (private direct OOC messages from one user to another) are not actively monitored, but they are logged in the commandlog along with everything else, and may be searched through in cases of reported harassment or possible bug/mechanics abuse.
- User IP addresses are logged to help connect alts for alt restrictions, as well as to help identify trolls and other disruptive users who may try to simply switch to a new character after being punished or banned. I will not, however, look at/up IP addresses without good reason. Yes, "without good reason" is vague. Sorry.
- ALL commands are logged. The only semi-exceptions are commands regarding passwords (see the second bullet point of this list).
- Email addresses (optionally provided by users for certain alert features) will not be given out to anyone for any reason whatsoever (sans possible government subpoena - see further down).
- I do not monitor ERP (Erotic RolePlay). It just doesn't do it for me, and I turn off any active monitoring if it looks like some is about to start up. It still goes to the logfiles, however, so please keep that in mind.
All the above said ...
- This is all essentially on my honor. While I give my word that I will honor all of the above, I'm just some guy running a server, not some registered business or organization that has all sorts of accountabilty measures in place. If there are any trust issues, users are encouraged to simply not provide or communicate any sensitive information while connected to Somnium.
- Consider using unique passwords for Somnium, rather than re-using passwords you use for other services. It's worth the peace of mind for everyone.
- It's possible to typo a command, and then have the commandlog log the whole thing in plaintext. If a user uses an incorrect login/password command that includes their password, the system won't know to omit the sensitive information.
- If there is a desire to have a private conversation between users without my having any chance of seeing it, please use a third-party instant messenger, email, or any other communication method outside of Somnium.
- While I really don't see it happening, it's possible I could be subpoenaed for information by the government. I'd resist, because I'm a huge privacy advocate, but I'm not going to jail over any of this if things get ugly.
- Seriously. Just don't provide or communicate any sensitive information via Somnium. It is by no means a secure private communication medium.