Going from your user name to additional identifying information is just a click away. The next image shows that if you are at work or school, that information is also passed along. Wonder what someone at Microsoft was doing on my blog for 102 minutes? I think they're looking for a Jerry Seinfeld replacement for commercials and are considering Botgirl.
One more click and your physical location, operating system and other tidbits are revealed.
The key security flaw in Plurk, is that you view posts in a url that has your user name, for instance: http://www.plurk.com/user/botgirl. So when I click a link, my user name goes right along with it. Twitter doesn't have that problem because the browsing url is twitter.com/home.
There are two easy ways to avoid this issue if you care about it. First, don't click links. Instead, copy the link and paste it into a new browser tab. Another more sneaky way is to browse another user's timeline and click from there. That will send their user name along with your other information.
That's all here till Monday. I hope to meet some of you at the Identity Circus opening on Sunday.
