Now it's emerged that a new site, ChatrouletteMap, is combining screenshots of users with their physical location on Google Maps. ChatrouletteMap determines location by examining users' IP addresses, which are available because Chatroulette uses peer-to-peer technology. What's more, some of the IP addresses and host names that were available contained users' names.
As of this afternoon, ChatrouletteMap carries a message saying it has decided -- for now -- to stop posting IP addresses and host names because some of that data appeared to identify specific users. The site also publicly asked Maine.edu to stop including students' names in the host names. ChatrouletteMap additionally says it will remove images of any Web users who want them taken down.
Still, the upshot is that Chatroulette users -- many of whom appear in not-safe-for-work screenshots -- are not nearly as anonymous as they might have believed.
It also proves, once again, that old definitions of personally identifiable information are outdated. In the past, industry executives tended to say that only certain types of data -- like names, addresses or phone numbers -- were personally identifiable. Everything else -- including IP address -- was assumed to be anonymous.
But the reality is far more complex. Individual pieces of information alone might not be enough to identify Web users, but the more data that's available about any one user -- including IP address -- the more likely it is that user will be de-anonymized.