[Update 2: Monday June 4th: Not really fixed yet it seems; I see the issue has resurfaced today. The YouTube related-videos list is safe, the Orkut list shows private browsing habits as reported below. BTW, one theory is that if someone uploads a video on YouTube, watches it anonymously, and then watches a bunch of other videos, YouTube thinks they are related. So the content-uploaders are disadvantaged, cause most likely they will watch their own videos along with unrelated other ones in a given session. So now you have to remember not to watch your own videos if you are browsing videos you dont want others to see!?]  

[Update 1: The following privacy issue appears to have been fixed around Friday (25th), and lasted for about a month as confirmed by several friends and colleagues. So this blog essentially points out the kind of privacy issues that could potentially arise from aggressive data-mining/profiling.]

Things have been very busy on the malware research front, so I will keep this short. I find this to be an interesting, potentially accidental, information leakage. However, some readers might find this disturbing.

I ran the following experiment with YouTube for about a week.

• I created a YouTube account, and logged in. Uploaded a few videos into my YouTube account, and published them to the world.
• Then I created a totally different Google account for use with Orkut. I added (linked to) the above YouTube videos in my Orkut videos section. YouTube recently introduced this feature, wherein, when you play a video from inside Orkut, it shows you videos “related” to that video as a fish-eye list at the bottom.
• Each day, I kept logging into my YouTube account and browsing other videos while logged in. I intentionally stuck to a specific category of videos while doing this - like redlining cars, or videos of a specific celeb, and other specific video themes totally unrelated to the videos I had uploaded. I also added a video to my favorites list on YouTube.

What I found was, the videos I had uploaded on YouTube, when viewed through Orkut, started leaking my online browsing habits on YouTube via the fish-eye list of related videos in Orkut.

Following is a screenshot of a video I had uploaded on YouTube, and linked to from a totally different Google account in Orkut, and browsed as yet another unrelated Orkut user. I have intentionally motion-blurred some of the videos in the related list. All those videos listed as related were either 1. from my YouTube favorites list, 2. a video I had seen often on YouTube while logged in (the “Drawing Straightheads” video in the screenshot), or 3. related to the general theme of videos I was watching while logged in.

Long story short, until it was fixed, the online logged-in browsing habits of users who have uploaded content on YouTube got leaked to the whole world when those videos were viewed via Orkut. I have seen some explicit/implicit loss of privacy via Web 2.0isms like collaborative filtering (a la Amazon/Delicious) or interestingness (a la Flickr), but this approach seems unprecedented. Crazy huh!