Benlog » Protecting Data by Being More Open

Protecting Data by Being More Open

Filed under: policy,security — September 13, 2007 @ 6:20 pm

In the last few weeks, friends of mine — savvy friends of mine — have been hit by sites that ask for your gmail, yahoo, or hotmail password just so they can “check to see if your friends are using the site!” Quechup, the so-called “social network that’s sweeping the globe” is accomplishing that grand goal by spamming your friends without your permission. So is Shelfari. And so are many others I don’t know of, I’m sure.

Of course, this is fraud. But do we really expect the FTC or any branch of law enforcement to be able to pursue all the ethically challenged small companies and off-shore sites that will engage in this kind of deception? I don’t think that’s practical.

At first I was upset at sites like LinkedIn that ask for gmail/yahoo/hotmail passwords, or platforms like Facebook’s. Even though they are not apparently abusing the credentials, they’re still getting users accustomed to the concept of entering one site’s password on a different site. But if you look at it from the LinkedIn point of view, what choice do they have? How can they properly integrate with your address book when the big three haven’t developed (or at least haven’t publicized) an API for other apps to integrate with your address book?

I think I know why: the user’s address book is the crown jewel. Let it be accessed by others, and users might get their services elsewhere. But frankly, I have no sympathy for the big providers who achieve lock-in via this method. It’s my data, I’m storing it with gmail, I should be able to let any application I want get access to it if I choose. And, more importantly, gmail should provide a convenient and secure approach for me to do this. Someone wants to spam my address book? There should be an API for doing that, with a nice friendly Google warning that says “you’re about to spam 150 of your friends, is that okay?”

If Google doesn’t provide the API, then LinkedIn has to ask for passwords and log in to Google as if it were me, so it can do the things that Google only lets me do. The good sites, like LinkedIn, and the bad sites, like Quechup, become indistinguishable. Reasonable security advice, like “don’t give your password to anyone” becomes moot. In other words, by failing to provide an API, Google is encouraging poor security practices because everyone wants an API, so they’re finding the quickest fix, and the quickest fix is to ask for your password and take total, unmitigated control.

So Google, Yahoo, and Microsoft: please protect my data. Protect my data by providing a door with a good and flexible set of locks so I can let people in when and how I want. Otherwise, I’ll have to let people break in through the window, and once that window’s broken, I have no control left. And that’s bad for everyone.

update: I put Shelfari in the same category as Quechup based on a friend’s experience. Going through the site myself, I have to apologize to Shelfari, because they’re not deceiving the user the same way Quechup is: they do tell you they’re about to “invite friends.” The message could be clearer, and having a default of spamming everyone is not the right approach. But it’s not user deception, and I apologize to them.

Comments (12)

http://www.adambarth.com/ Adam

You can export your Gmail contacts in in XML. Look for the Export link on your contacts page.
http://www.adambarth.com/ Adam

You can export your Gmail contacts in in XML. Look for the Export link on your contacts page.
http://ben.adida.net ben

Adam: sure, I didn’t mean to imply that Google is keeping my data completely hostage. What I mean by an API is something that a 3rd-party site can integrate with using a web user interface. You click on “integrate with gmail,” you get sent to gmail, where you authorize the app to read your contacts, and it gets a token to access you contacts, or maybe an interface to directly send mail to your contacts if you authorize it. A bit like the Flickr API, or the Facebook platform.

But it has to be something that your average user can use. You shouldn’t have to download and re-upload a file.
http://ben.adida.net ben

Adam: sure, I didn’t mean to imply that Google is keeping my data completely hostage. What I mean by an API is something that a 3rd-party site can integrate with using a web user interface. You click on “integrate with gmail,” you get sent to gmail, where you authorize the app to read your contacts, and it gets a token to access you contacts, or maybe an interface to directly send mail to your contacts if you authorize it. A bit like the Flickr API, or the Facebook platform.

But it has to be something that your average user can use. You shouldn’t have to download and re-upload a file.
Danny

I am an employee of Shelfari and found your blog a bit disconcerting.
Shelfari offers its members an option to access their email account through its website solely for the purpose of making it easier for its members to share Shelfari with their friends. We do note that we do not save passwords.
We offer two alternative options to inviting friends without importing email addresses from your contact list:
1. Send invites individually
http://www.shelfari.com/schaufferwaffer/friends/import?InviteManually=true
2. Copy and paste the text below into an email then send the email to friends you would like to invite.

I just joined Shelfari to connect with other book lovers. Come see the books I love and see if we have any in common. Then pick my next book so I can keep on reading.

We also offer Members to send an invite with a personalized message.

Per the instructions in the invitation we do not that a follow-up email will be sent out and give the option to block it.No more emails are sent to friends after the follow up email.
Danny

I am an employee of Shelfari and found your blog a bit disconcerting.
Shelfari offers its members an option to access their email account through its website solely for the purpose of making it easier for its members to share Shelfari with their friends. We do note that we do not save passwords.
We offer two alternative options to inviting friends without importing email addresses from your contact list:
1. Send invites individually
http://www.shelfari.com/schaufferwaffer/friends/import?InviteManually=true
2. Copy and paste the text below into an email then send the email to friends you would like to invite.

I just joined Shelfari to connect with other book lovers. Come see the books I love and see if we have any in common. Then pick my next book so I can keep on reading.

We also offer Members to send an invite with a personalized message.

Per the instructions in the invitation we do not that a follow-up email will be sent out and give the option to block it.No more emails are sent to friends after the follow up email.
http://ben.adida.net ben

Hi Danny,

I had not personally used Shelfari, but I did receive an invite from a friend who immediately followed up with a “I’m sorry about the Shelfari spam, I didn’t realize it was going to send out emails to everyone, I have just closed my account with them.”

I just tried your site, and I do see that the message says “invite friends,” so it was wrong of me to put you in the same category as Quechup. I will shortly add an update to this blog entry.

That said, I would suggest being even clearer and making it less easy to mistakenly spam everyone in your address book: don’t select everyone by default, and add one more warning that emails are going to be sent. That’s as much as you can do, of course, the rest needs to be done by the email providers.
http://ben.adida.net ben

Hi Danny,

I had not personally used Shelfari, but I did receive an invite from a friend who immediately followed up with a “I’m sorry about the Shelfari spam, I didn’t realize it was going to send out emails to everyone, I have just closed my account with them.”

I just tried your site, and I do see that the message says “invite friends,” so it was wrong of me to put you in the same category as Quechup. I will shortly add an update to this blog entry.

That said, I would suggest being even clearer and making it less easy to mistakenly spam everyone in your address book: don’t select everyone by default, and add one more warning that emails are going to be sent. That’s as much as you can do, of course, the rest needs to be done by the email providers.
Michael

Hey Ben,

I also have at least one friend who caught virus or spyware that took her outlook address book and sent mail on behalf of quechup to all her contacts.

ALSO, even “nice” companies make “mistakes”. My wife removed her account at LinkedIn but people can still search for her on their site and they will contact her on their behalf.

MJM
Michael

Hey Ben,

I also have at least one friend who caught virus or spyware that took her outlook address book and sent mail on behalf of quechup to all her contacts.

ALSO, even “nice” companies make “mistakes”. My wife removed her account at LinkedIn but people can still search for her on their site and they will contact her on their behalf.

MJM
Pingback: Benlog » The Password Anti-Pattern and the Login Redirection Anti-Pattern
Pingback: Benlog » Bad and Good News on the “just give me your password” front