It isn't a security flaw, it's a place where a hotmail user's email address can be released thanks to the way that hotmail puts your userid in the http location. That the refferring location is passed to the linked page is a design feature of http, allowing clued in webmasters to redirect deep linkers to their front page if they so chose.
Two things: First, again, this isn't news as it is known to anyone who has above a beginner's knowledge about http. Your product, I assume it to be commercial, purports to do exactly what many free alternatives already offer. "revolutionary new privacy tool" - The whole thing sounds like that security page on the internet that has a basic security check and uses scare tactics to try to convince you to buy their firewall product. (See also: Norton Antivirus - We'll protect you from viruses like Michaelangelo and trojans like BO, but only after they've been in the wild wreaking havoc for a week)
Second: Hotmail accounts are supposed to get spam. It's one of the unwritten rules of the internet, meant to punish users for a) using webmail, and b) using a webmail provider that even now makes it very difficult to specify how to filter the To: header.
My point being made earlier, I'm not about to go changing any details on the current hotmail account (if it hasn't yet been done). I simply think that people should be voting this story down as it is much ado about nothing.
[ Parent ]