I was shocked when I saw the newsletter email from Burrp.com, titled Local SMS Alerts from burrp.com. Instead of sending it one at time to each individual, they CC'd it everyone in the group ! This leak could've been goldmine for spammers and other internet marketeers ! could've been did I say ? I was further shocked to learn that there are only about 450 users registered under Burrp Mumbai !

Burrp is currently all about a local search for restaurants, bars, nightlife, street food, juice centres, desserts, bakeries etc - which is what this very city is built upon. The reason why this 'seems' so overly-crowded is because of the excess fat in most of the Mumbaikars (no offence, just a view). They're soon on the way to becoming Indian version of citysearch.com, listing Cinemas, Theater & Dance, Museums, Art Galleries, Spas, Salons, Gymnasiums and Book Stores. Food and drinks being the backbone of this city, a potential site like burrp.com could've done much better marketing - instead they've now got a tougher job of marketing as result of this breach of privacy. Trust is very important factor when signing up for a service - esp when its a free one. That's why I have a separate email for all public community related websites.

Anyway, thanks for list Burrp.

Update: A similar incident seems to have taken place with an upcoming website called Nivio.

What is our privacy level on the internet ? How secure are we on the internet ? Most of us who use the internet are unaware of privacy and security. You've often read of something like this when signing up : We'll never give your email address or disclose your personal information to any 3rd party member. Your privacy is very important to us - or something similar. And as a result, most of us sign up trusting whats written. There are two kinds of people who are overcautious of entering sensitive information over the internet : ones who use the net just for surfing and ones who know how the internet works to some technical level. The ones who use the net just for surfing are just browsin' around to kill time and/or checking mail. They wouldn't dare enter their credit card number for any reason what-so-ever and so they don't shop online. Ones who know the inner mechanisms may check for SSL certificate validity, safer browser, cookies etc. Not all sites can be checked manually, and hence arrived phishing protection. But the extent to which one can extract personal information from websites is not just limited to phishing techniques. Other factors like bad coding, poor Search Engine Optimization and allowing directory listing leading to holes in the website make it real easy for a surfer to extract information. If you are lead to a site (from a search engine) which has nothing related to what you want and has a whole lot of junk, you probably have entered a site that is SEOptimized real well. But Im not talking abt MFA related or similar sites. Im talking about genuine standard sites which have holes that lead to a breach in security and hence privacy (Im sounding like my old SJS math teacher !). An example of this is HRCapitol which seems to be a a job-placement company and has a form for a job-seeker to upload a resume. I don't know if they meant it to be searchable but it definitely shouldn't be. Check out http://www.google.com/search?q=filetype%3Adoc+site%3Awww.hrcapitol.com. You'll find around 163 resumes in Word DOC format which are available to the public and downloadable without any signing in ! For this reason alone, I would rather snail-mail my resume. Heres what it looks like today : Click on the image for a very long result As you can see, all these resumes are totally transparent. We can get all their personal information and...you guess. Incidentally, I came across this when searching for references of the name of the building in which I live in (moving permanently to another nearby building in Jan '07) !