Friday, September 19, 2008

Plurk hole: Privacy part 2

Your Plurk user name and identifying information are passed along every time you click a link embedded in a Plurk message from your timestream. Here is an example from my blog reports. I've inked out everyone but Codie.

plurk security1

Going from your user name to additional identifying information is just a click away. The next image shows that if you are at work or school, that information is also passed along. Wonder what someone at Microsoft was doing on my blog for 102 minutes? I think they're looking for a Jerry Seinfeld replacement for commercials and are considering Botgirl.

plurk security2

One more click and your physical location, operating system and other tidbits are revealed.

plurk security3

The key security flaw in Plurk, is that you view posts in a url that has your user name, for instance: http://www.plurk.com/user/botgirl. So when I click a link, my user name goes right along with it. Twitter doesn't have that problem because the browsing url is twitter.com/home.

There are two easy ways to avoid this issue if you care about it. First, don't click links. Instead, copy the link and paste it into a new browser tab. Another more sneaky way is to browse another user's timeline and click from there. That will send their user name along with your other information.

That's all here till Monday. I hope to meet some of you at the Identity Circus opening on Sunday.

Followers

Blog Archive

About Me

My photo
A beautiful thought experiment personified through the imagined perspective of a self-aware avatar. My creator's site can is at http://fourworlds.tumblr.com