itwbennett writes: In a paper posted online this week, researchers from the University of Colorado at Boulder and McGill University outline three different types of attacks that could be launched against Chatroulette users. While the new research doesn't expose any gaping privacy holes, it does show how the service could be misused by determined criminals. For example, the researchers were able to use IP-mapping services to get a general idea of user's location (a public Web site, called Chatroulettemap.com already does this). Then by searching Facebook using information obtained in chats and comparing pictures, researchers were able to identify chatters. 'Even in a city as big as Chicago, you can drill down and find the person you're actually talking to,' said Richard Han, an associate professor with the University of Colorado who co-authored the paper.