Protect personal data when running iChat Rendezvous messaging

This is one of those issues that I think twice about before posting in the security category because the risk is so minimal and requires the user to consciously and manually allow it to happen. Nonetheless, it is still worth noting.

The following article describes how individuals running iChat with Rendesvous messaging enabled can unknowingly allow others within the same network to access their email address and AIM handle.

The following cenario is required for others within your network to be able to access this information…

1. You must be running iChat
2. You must have Rendezvous messaging enabled (note, this requires manually opening specific ports in your firewall)
3. There must be individuals within your same local network also running iChat with Rendezvous messaging enabled
4. You must have “Block Rendezvous users from seeing my email and AIM address” deselected within the Privacy pane of iChat’s Preferences.

Interestingly, it appears that step four is deselected by default, something I feel Apple should correct. Granted, many users may want to share this information to anyone within their local network, but it should require a conscious decision and not be the default.

This issue was brought to my attention by a similar article on MacMerc. Visit their site for screen shots and more information.