Privacy Statement
slaac.net
1 April 2026
Informational 1 October 2026
Privacy Statement
This document describes the privacy practices of slaac.net.
Distribution of this memo is unlimited.
Messages expire. We don't want your data.
slaac.net collects no accounts, no emails, no passwords,
no analytics, and no tracking pixels.
slaac.net uses exactly two (2) cookies. Both are strictly
necessary for the service to function and require no consent
banner under ePrivacy Directive Article 5(3).
Purpose: Proof-of-work session gate
Content: HMAC-signed expiry timestamp
Max-Age: 24 hours
HttpOnly: Yes (not accessible to JavaScript)
SameSite: Lax
Secure: Yes (HTTPS only)
Issued after completing a hashcash proof-of-work challenge.
Grants access to chat channels without re-solving the puzzle.
Contains no user-identifying information. The server cannot
correlate sessions across visits; it verifies only that the
HMAC signature is valid and the timestamp has not expired.
Purpose: Persistent MAC address identity
Content: HMAC-signed MAC address
Max-Age: 15 days (renewed on each connection)
HttpOnly: No (read by client for WebSocket auth)
SameSite: Lax
Secure: Yes (HTTPS only)
Preserves a user's pseudonymous MAC address across sessions.
The MAC is either randomly generated on first visit or issued
via a one-time vanity claim link. The cookie contains the MAC
and a cryptographic signature; no server-side session state is
stored. Cleared by the /quit command.
No other cookies, supercookies, ETags, localStorage entries,
or fingerprinting mechanisms are employed.
All messages are stored in Valkey with a TTL of 4-48 hours.
When the TTL expires, the data ceases to exist. Valkey
persistence is explicitly disabled. If the server restarts,
everything is gone. This is a feature.
There are no third parties. There is no CDN. There is no
analytics provider. The KaTeX library is self-hosted.
You have the right to send LaTeX. You do not have the right
to send emoji.
/contact
This is a parody.