Google said Friday that it was altering the privacy settings on its JotSpot online collaboration service afterwards a researcher came across that user e-mail addresses and names were being exhibited to the Web without user consent.

Ben Edelman, Harvard Business School professor and security researcher, placed a blog entry on Thursday demonstrating how JotSpot user names and e-mail addresses were easily getatable on Google search.

After being contacted by CNET News, Google released a affirmation disavowing any obligation by saying that the administrators of the JotSpot groups were accountable for setting the privacy controls. If the data was exposed on the Internet it was because the administrators had produced it public.

Not satisfied with that reply, Edelman indicated out the defects with that exempt in an update to his original post.

JotSpot users didn't accord to have their names and e-mails made public and Edelman talked to several who told they indeed didn't permit consent. Administrator permission isn't adequate to rationalise the practice, and administrators are not party to the privacy policy "contract" between JotSpot and the users, he added.

Additionally, Edelman found that the language relaying this responsibility to administrators wasn't clear-cut and probably led to administrators mistakenly exposing the information to the Web without meaning to.

"Google must prioritise defaults and options that oblige reasonable users, reasonable administrators, and standard use cases," he wrote.

Put differently, make the policy acknowledge understandable and clear and make it rational. Clearly, those thousands of JotSpot users would not have desired to have their names and e-mail addresses revealed for strangers and spammers to see, even if the administrator of the group wanted it so.

In response, Scott Johnston, former vice president of products at JotSpot, sent an e-mail to Edelman outlining changes based on his feedback.

"Admins have always been in control of whether to make their wikis public or leave them set to private. JotSpot wikis are private by default, and unless an admin chooses to set it to public, none of the information in that wiki is publicly accessible," Johnston wrote.

"However, based on your feedback, we have admitted action to improve the JotSpot user experience by setting the User Management page on all public JotSpot wikis to private, and we're in the procedure of taking out these pages from our cache," the e-mail said. "All private wikis will be unaffected by this change, as their User Management pages have never been publicly accessible."