February 16, 2010

Potential RL-identity exploit with Avatars United

For those of you using their RL-email for their SL-avatar, using the default settings of Avatars United might pose a risk of unintentional exposing the address!

Snickers Snook posted an insightful article about "Spam via Avatars United", where she explained that since joining AU she receives significantly more spam on her supposedly undisclosed email address. She dug a bit into the settings and found that the default is that even non-installed AU-widgets can access certain data and send emails.

While Snickers primarily saw the spam problem, my friend Zonja Capalini pointed out that while being spammed is a nuisance, the bigger threat lies in the unsolicited disclosure of a potential RL email address and thus disclosure of the RL identity.

So if this concerns you, do two things:
  1. Read Snickers article and adjust your Avatars United settings
  2. Go and finally get a GMail/Yahoo/Hotmail/whatever address for your avatar
Post a Comment