There are currently three different basic ways you can access Second Life account profiles. There’s access via a Web-browser (through my.secondlife.com), access through the officially supported Second Life viewer 2.x (at least the later versions of it), and there’s the basic profile API that’s still used by viewers based on the 1.x series code-base, and earlier versions of Viewer 2.x.
Two of these respect the privacy settings on your profile data. One of them doesn’t. Guess which.
If you guessed the basic profile API, you’d be right. You’ve earned an image of a gold star (don’t make me have to draw one for you, though. Show a little initiative).
Both the Web and non-Web profile systems have some privacy settings (you can selectively conceal group affiliations using the non-Web profile system, for example) – the Web-based profile system (also in use by later versions of Viewer 2.x) has additional privacy settings, as shown here:
Linden Lab has not, however, ever implemented those additional privacy constraints into the basic API that’s used by Viewer 1.x and early versions of 2.x, which just gets and displays all of the data anyway.
With something like two-thirds of Second Life users using viewers that access profiles through the older API, those privacy settings are pretty much moot at present.
Linden Lab has indicated in recent months that it is considering simply switching the old profile API off entirely at some point in the not-too-far-distant future.
In order for the new profile privacy settings to not be misleading (and possibly deleterious), the Lab is either going to have to bite the bullet and implement those privacy features in the old and already-deprecated profile API, or shut down that API entirely, leaving the majority of Second Life viewers without in-world access to Second Life profiles.
Either way it’s a tough call, and I’m glad it isn’t my job to make it.