homepage Welcome to WebmasterWorld Guest from 54.204.58.87
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
I Know MySpace Leaks Teen Data
What Should I Do With This info?
Iguana




msg:3071579
 7:51 pm on Sep 4, 2006 (gmt 0)

A few days The Register claimed that MySpace Privacy options had been breached. I debunked that story - it was merely hidden html on non-private profiles. So, it was a no story.

I've just realised that I can get to see private data (not all of it but a significant amount). The question I am asking is how should I reveal this information. Some options:

1. Try and let MySpace know through ther forums

2. Contact the BBC with the story

3. Post it on WebmasterWorld

But maybe there's a way I can turn this to my advantage. I could post it on my blog (and try and highlight it so that other people get to see it). I could get some links that way. Might even reach the front page of Digg. Hopefully I wouldn't get too much traffic because my shared server would probably grind to a halt.

Any thoughts on what I should do - and if I put it on my blog should I put Adsense ads on that page?

 

akmac




msg:3071597
 8:15 pm on Sep 4, 2006 (gmt 0)

That depends, do you want to work for myspace, or yourself?

Iguana




msg:3071610
 8:19 pm on Sep 4, 2006 (gmt 0)

Great answer. OMG LOL as they say on MySpace. All I really want is some more links to my music blog - but maybe I just lack ambition.

This is a limited privacy breach but real.

[edited by: Iguana at 8:25 pm (utc) on Sep. 4, 2006]

akmac




msg:3071637
 8:39 pm on Sep 4, 2006 (gmt 0)

Well, the information is probably quite valuable to 2 groups, myspace, and the nefarious.

1. Post enough information to legitimize your claim.

2. Make sure your PM box has room-or just list your blog address in your profile.

3. Wait for myspace to contact you.

Share the information with myspace-as a security consultant.

[edited by: akmac at 8:45 pm (utc) on Sep. 4, 2006]

Iguana




msg:3071661
 8:51 pm on Sep 4, 2006 (gmt 0)

That's a bit like blackmail isn't it?

akmac




msg:3071697
 9:38 pm on Sep 4, 2006 (gmt 0)

Oops-it does sound that way-sorry, not my intention. You found a hole in a security system, and you would like to help myspace patch it. I guess it's up to you if you'd rather do it for free.

Iguana




msg:3071698
 9:43 pm on Sep 4, 2006 (gmt 0)

I'm not sure. You think I should do something like this:

Amanda has privacy settings on. I know she was 14 on the 6th of August.

A mother from Placentia, California (with privacy settings on) took a survey that said she had a sexual IQ of 120. To quote "When it comes to sex, you are a super genius".

I'm acting like a stalker!

The thing is I do like MySpace and spend a lot of time talking to bands through it (well, most of the time they are trying to talk to me - ego trip!). I also like my blog and the prospect of links to it is very tempting...

weeks




msg:3072210
 1:18 pm on Sep 5, 2006 (gmt 0)

Do to others has you would have them do for you. If the problem was with your website, what would you have someone do? Or, if you were one of the users of the website who might be troubled about the release of this private info, what would you prefer the discoverer do?

In that you are media, I would contact the media department of mySpace and ask for a response to your findings, explaining you are going to publish what you found and their response. Give them a reasonable deadline (two to three days) and then move forward.

The problem with doing nothing is that if you found it, others might as well. This has to be addressed, but addressed in a responsible manner.

TravelSite




msg:3072300
 2:39 pm on Sep 5, 2006 (gmt 0)

Why not do everything at the same time?

Send an email (see privacy page) to them alerting them to the problem.

Post a page on your site about it - with copied screenshots (blank out any details, try not to show how its done).

Write a condensed description here - and a link to the page on your site with more detailed information (this may be okay as it is the original source - so long as the page isn't 99% full of spam/ads).

Email the BBC (or reuters or whatever)

It's important to alert everyone quickly in case anything bad comes of it - you have a responsibility to do so. Whatever you do don't post anything that instructs people on how to get the data (here, on your site or anywhere else).

I don't see anything wrong with telling announcing the problem as it will encourage/alert the site to the problem and get it delt with quicker (some sites ignore emails - perhaps they get too many or they go to the wrong people)

Iguana




msg:3072790
 10:14 pm on Sep 5, 2006 (gmt 0)

I did a post on my blog late last night about this. It's been fun watching the number of referrals from Digg (and StumbleUpon for a short intense time). Still only six Diggs though (including mine). Seems like the real users of the Internet are not too interested - duh, of course we know anything you post online isn't private. I suspect the Media frenzy on MySpace privacy is not reflected in the concerns of actual users.

But a few hundred extra visitors to my blog is nothing (and no I haven't put any ads or spam links on that page). I use MySpace to stay in touch with all my bands who send me CDs to review so I am an enthusiastic user of the site for the music side of it. I also see it as a potential way of challenging the power of the Record Companies in the future.

I am going to report the problem on the MySpace forums so that they hopefully will fix the privacy leak.

Posting on WebmasterWorld is more of a problem - links to blogs are not allowed for very good reasons. But I am not even allowed to post links to the example I have set up to demonstrate the problem. The only comment on the blog post was 'it didn't work for me' so I made a profile of mine Private and showed how you could see data from it.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved