That depends, do you want to work for myspace, or yourself?
Great answer. OMG LOL as they say on MySpace. All I really want is some more links to my music blog - but maybe I just lack ambition.
This is a limited privacy breach but real.
[edited by: Iguana at 8:25 pm (utc) on Sep. 4, 2006]
Well, the information is probably quite valuable to 2 groups, myspace, and the nefarious.
1. Post enough information to legitimize your claim.
2. Make sure your PM box has room-or just list your blog address in your profile.
3. Wait for myspace to contact you.
Share the information with myspace-as a security consultant.
[edited by: akmac at 8:45 pm (utc) on Sep. 4, 2006]
That's a bit like blackmail isn't it?
Oops-it does sound that way-sorry, not my intention. You found a hole in a security system, and you would like to help myspace patch it. I guess it's up to you if you'd rather do it for free.
I'm not sure. You think I should do something like this:
Amanda has privacy settings on. I know she was 14 on the 6th of August.
A mother from Placentia, California (with privacy settings on) took a survey that said she had a sexual IQ of 120. To quote "When it comes to sex, you are a super genius".
I'm acting like a stalker!
The thing is I do like MySpace and spend a lot of time talking to bands through it (well, most of the time they are trying to talk to me - ego trip!). I also like my blog and the prospect of links to it is very tempting...
Do to others has you would have them do for you. If the problem was with your website, what would you have someone do? Or, if you were one of the users of the website who might be troubled about the release of this private info, what would you prefer the discoverer do?
In that you are media, I would contact the media department of mySpace and ask for a response to your findings, explaining you are going to publish what you found and their response. Give them a reasonable deadline (two to three days) and then move forward.
The problem with doing nothing is that if you found it, others might as well. This has to be addressed, but addressed in a responsible manner.
Why not do everything at the same time?
Send an email (see privacy page) to them alerting them to the problem.
Post a page on your site about it - with copied screenshots (blank out any details, try not to show how its done).
Write a condensed description here - and a link to the page on your site with more detailed information (this may be okay as it is the original source - so long as the page isn't 99% full of spam/ads).
Email the BBC (or reuters or whatever)
It's important to alert everyone quickly in case anything bad comes of it - you have a responsibility to do so. Whatever you do don't post anything that instructs people on how to get the data (here, on your site or anywhere else).
I don't see anything wrong with telling announcing the problem as it will encourage/alert the site to the problem and get it delt with quicker (some sites ignore emails - perhaps they get too many or they go to the wrong people)
I did a post on my blog late last night about this. It's been fun watching the number of referrals from Digg (and StumbleUpon for a short intense time). Still only six Diggs though (including mine). Seems like the real users of the Internet are not too interested - duh, of course we know anything you post online isn't private. I suspect the Media frenzy on MySpace privacy is not reflected in the concerns of actual users.
But a few hundred extra visitors to my blog is nothing (and no I haven't put any ads or spam links on that page). I use MySpace to stay in touch with all my bands who send me CDs to review so I am an enthusiastic user of the site for the music side of it. I also see it as a potential way of challenging the power of the Record Companies in the future.
I am going to report the problem on the MySpace forums so that they hopefully will fix the privacy leak.
Posting on WebmasterWorld is more of a problem - links to blogs are not allowed for very good reasons. But I am not even allowed to post links to the example I have set up to demonstrate the problem. The only comment on the blog post was 'it didn't work for me' so I made a profile of mine Private and showed how you could see data from it.