Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Flaws In Chatroulette Expose Users

Posted by CmdrTaco on from the users-exposed-themselves-just-fine dept.

itwbennett writes "In a paper posted online this week, researchers from the University of Colorado at Boulder and McGill University outline three different types of attacks that could be launched against Chatroulette users. While the new research doesn't expose any gaping privacy holes, it does show how the service could be misused by determined criminals. For example, the researchers were able to use IP-mapping services to get a general idea of users' location (a public Web site, called Chatroulettemap.com already does this). Then by searching Facebook using information obtained in chats and comparing pictures, researchers were able to identify chatters. 'Even in a city as big as Chicago, you can drill down and find the person you're actually talking to,' said Richard Han, an associate professor with the University of Colorado who co-authored the paper."

30 of 101 comments (clear)

  1. No No No No No by eldavojohn · · Score: 5, Funny

    Privacy Flaws In Chatroulette Expose Users

    Trust me, on Chatroulette it's the users that have been exposing themselves.

    --
    My work here is dung.
    1. Re:No No No No No by jmerlin · · Score: 5, Funny

      This brings a whole new meaning to the word "gaping privacy holes."

    2. Re:No No No No No by Anonymous Coward · · Score: 5, Funny

      I was visiting a friend of mine in San Fran a few months ago. He got a new Apple laptop, so he was showing it to me. We tried out Chatroulette briefly, and the third session ended up being a close-up of some guy touching his penis. The first thing my friend wrote was "Jim, is that you? It's Freddy."

      My friend recognized the other guy by his penis. Turns out they knew each other from a gym they both went to, where they'd seen other naked in the showers. They both thought it was a really funny coincidence to meet on Chatroulette like that.

    3. Re:No No No No No by Jesus+IS+the+Devil · · Score: 2, Insightful

      Mr. Goatse hasn't been seen on /. in YEARS...

      --

      eTrade SUCKS
    4. Re:No No No No No by vxice · · Score: 2, Funny

      I'm guessing they cross reference the video of your genitals to the picture of your genitals on adultfriendfinder.com for a start on identifying person.

      --
      every anarchist is a baffled dictator. Benito_Mussolini
    5. Re:No No No No No by PitaBred · · Score: 4, Insightful

      Even if they're gay which would give you an excuse for recognizing another man's penis, that's disturbing in many ways.

      --
      My blog. Good stuff (when I remember to update it). Read it.
  2. Won't work all the time... by Bryansix · · Score: 5, Funny

    For one simple reason. Facebook does not let you set your profile picture to a shot of your genitals.

    1. Re:Won't work all the time... by mobby_6kl · · Score: 3, Funny

      Maybe not, but facebook does let you search by email addresses!

  3. For those not stupid enough to know: by Saysys · · Score: 3, Interesting

    "Chatroulette is a website that pairs random strangers from around the world together for webcam-based conversations. Visitors to the website randomly begin an online chat (video, audio and text) with another visitor. At any point, either user may leave the current chat by initiating another random connection. As of July 11 the site is offering an experimental "localized" version which pairs people by state". -wikipedia

    So 1.) people find each-other intentional and 2.) "using information obtained in chats" I can get you SSN... if you tell me.

    Literal nothing worthy of note in this research folks... move on.

    1. Re:For those not stupid enough to know: by ByOhTek · · Score: 2, Informative

      Actually, if you RTFS, it's more along the line of combining the IP address of the other party, and the picture to narrow down who/where.

      I think they are missing the bigger flaw here. Flash, or even worse, peer-to-peer flash...

      --
      Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
    2. Re:For those not stupid enough to know: by Restil · · Score: 2, Informative

      I can always sniff out the ip address of the host I'm communicating with, even if all of the data is encrypted. The only way to prevent that is to run all of the data (video, audio, and text) through a central server (or multiple central servers) or some type of proxy. The point is, someone is going to have to pay for a huge amount of bandwidth, as opposed to the way it works now where all the main server has to do is arrange the connections.

      -Restil

      --
      Play with my webcams and lights here
  4. Re:This is news? by socz · · Score: 2, Interesting

    Why make it so complicated and give it a fancy name? Here's the summed up version: "ASL?" What else do I need to know?

    --
    My abilities are only limited by my imagination
  5. Question about chatroulette by Pojut · · Score: 4, Interesting

    Has anyone ever used it and engaged in an interesting conversation with a person who became a regular point of contact? Or is it all just penises and overweight bald guys?

    --
    Living With a Nerd
    1. Re:Question about chatroulette by nozzo · · Score: 4, Funny

      Yeah I did but all he wanted to talk about was penises and overweight bald guys so I stopped it.

    2. Re:Question about chatroulette by Drakkenmensch · · Score: 2, Funny

      Has anyone ever used it and engaged in an interesting conversation with a person who became a regular point of contact? Or is it all just penises and overweight bald guys?

      Who says it can't be both?

    3. Re:Question about chatroulette by dr_dank · · Score: 3, Funny

      It's penises all the way down.

      --
      Where does the school board find them and why do they keep sending them to ME?
  6. Re:This is news? by Haffner · · Score: 2, Funny

    In another paper posted online this week from the University of Colorado at Boulder, my hand hurts when I poke it with something sharp.

    --
    "Going to war without the French is like going deer hunting without your accordion." ~General Norman Schwarzkopf
  7. Um, OK. by pushing-robot · · Score: 5, Funny

    Next article: Privacy flaws In Public Streaking Expose Users

    --
    How can I believe you when you tell me what I don't want to hear?
  8. Nothing New by Ziekheid · · Score: 3, Informative

    At least 2 of the 3 things mentioned in the paper can be done on ANY cam site (blogtv, ustream, tinychat, etc).
    It's truly ridiculous to only mention Chatroulette here and I don't consider any of the things mentioned a real security flaw. 4chan has been "exploiting" these sites for years already, it's nothing new.

  9. researchers? by z-j-y · · Score: 2, Funny

    researchers in universities are seriously out of ideas of what to research

    1. Re:researchers? by Rijnzael · · Score: 3, Informative

      I'm actually a CU-Boulder student and had a class with Han last semester. He's a great prof and really cares about the students' understanding. I was surprised to see that he put out research on something so common-knowledge; "Oh once you have a picture of someone you can look for another picture that looks like it and you know you've found your target". He's more of an operating systems/networking kind of guy. This just seems like fluff research to keep the department chair happy while he actually does his teaching and "real" research. Academia has this tendency to prioritize quality over quantity, and I think this provides an example of the pressures even good profs feel from the top re: publishing.

  10. Researchers found new feature by iamhassi · · Score: 3, Funny

    "... researchers were able to use IP-mapping services to get a general idea of user's location... Chatroulette is now testing a new feature called Localroulette, which connects people from specific cities with one another."

    Congratulations researchers, you've discovered chatroulette's new features.

    Please tell me taxpayers didn't pay for this research :( "... researchers from the University of Colorado at Boulder and McGill University ..."

    DOH!

    they weren't researching anything, network admin probably noticed IP logs of them spending all day on chatroulette and they had to come up with some excuse.

    *phone rings*
    Person answering: Hello?
    Admin: is this the research office of (BLANK)?
    "Researcher": Yes it is
    Admin: I'm the network admin for (insert "prestigious" university) and we've noticed someone in your office has spent the last 4 months on a website by the name of "chatroulette". Do you know anything about this?
    "Researcher": Um.... what's the website?
    Admin: Chatroulette
    "Researcher": ..... no, no doesn't ring a bell
    Admin: Well if you notice anyone please let us know. The website is known for inappropriate content (NSFW) and we'll be monitoring the PC logins of the individuals and alert campus security once we know who is visiting the website.
    "Researcher": OH Chatroulette! Oh yes I'm very familiar with that website, we're researching it
    Admin: Research?
    "Researcher": Yes research. We're... um, "probing" it's vulnerabilities, looking for "gaping holes" that "expose" users (chuckle)
    Admin: gaping holes?
    "Researcher": smiling Yes gaping holes... in security
    Admin: Oh i see... well thank you for letting me know, I'll note this in the logs
    "Researcher": You do that, have a good afternoon
    Admin: You too

    --
    my karma will be here long after I'm gone
  11. gaping privacy holes? by ThisIsAnonymous · · Score: 2, Funny

    gaping privacy holes

    Why would that phrase ever be used when discussing Chatroulette.

  12. Dupe? by MonsterTrimble · · Score: 3, Informative

    I thought this was the exact issue the U.S. miltary had when they had soldiers posting geotagged pictures to facebook which identified where they were in Afghanistan. Same idea - people, given a few small details, can very easily find out about you by the use of Google.

    Back when I was in first year university (1996) it was still pretty wild west on the internet. I was talking to a friend who I had never given any of my real details (name, address, etc) when she popped up and asked if I went to AMHS (my high school). After picking my jaw off the floor I found out that I had mistakenly forwarded them an E-mail which I had originally forwarded from my school account to my hotmail account. They found the e-mail address, and googled it. It was all laid out there on the Universities' website.

    --
    I call it 'The Aristocrats'
  13. Yes by axl917 · · Score: 3, Interesting

    I still talk to a girl in Sicily I ran into on roulette a few months ago. It is rare, but you can find normal people there.

    1. Re:Yes by wjousts · · Score: 2, Funny

      Unfortunately, when asked, she said it's just overweight bald guys and penis'

  14. Those aren't flaws by Graham+J+-+XVI · · Score: 2, Interesting

    Nothing mentioned in TFA is a flaw with Chatroulette, they're simply byproducts of this type of communication. If I printed a picture of myself and stapled it to a telephone pole someone could possibly identify me and try to scam me, too. Does this mean telephone poles have flaws?

  15. People are still using Chatroulette? by Hell0W0rld · · Score: 2, Insightful

    I thought this was only made for some /b/tards and bored journalists.

  16. I hate to be all Captain Obvious on you, but... by TheABomb · · Score: 2, Interesting

    When you plug in a camera, sit down in front of said camera, and broadcast said camera to random strangers, the very notion of a "privacy flaw" becomes moot.

    --
    MSIE: The world's most standards-complaint web browser.
  17. Are you kidding me? by BitterOak · · Score: 2, Insightful

    Privacy flaws in Chatroulette? Based on what I've seen on Chatroulette, these are not people who care much about privacy!

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?