Orkut Inbox Messages Not Private?

I noticed recently that Google has recently changed the Orkut email interface. Unfortunately their seems to be a minor problem, with the fact that your Orkut email may be visible to outsiders, that is if they know the exact link).

Vijay, over on Matrix Chronicle details this on his blog, and provides a link for users to test this out.

This does not make me happy, and Vijay communicates the same feeling over on his weblog.

When I clicked the link, it opened an orkut login box. I expected that I will be able to see the message only if I logged in with the userid of the person to which this message was meant for. But I was wrong, it showed the message even though I logged in with my user id! This means that every information pertaining to a message can be accessed using the URL to the specific message. This is not SO private because URL alone should not disclose the content of a message. It should be accessible only to the person which the message is meant for, after password authentication.

I am going to notify Google about this, but in the mean time, I would recommend users to have their email sent directly to them instead of their Orkut account.

For those of you either new to Orkut (or lack the geek powers like us Orkut freaks) these three simple steps should help you resolve the privacy issue, that is until Google can make time to resolve this issue.

1. Locate and click on the Settings link near the top of the page.
   
   



2. Uncheck all of the messages boxes and check all of the email boxes.
   
   


3. Scroll down and click on the update button, and then you are done.
   
   

This should resolve some of the privacy concerns, although if you send email from your Orkut account, it may be visible to users. As stated previously, I am going to notify Google about this error, and encourage users to do the same.