On Thu, Oct 15, 2009 at 6:33 PM, Raj Mathur <r...@linux-delhi.org> wrote: > On Thursday 15 Oct 2009, Gora Mohanty wrote: >> I am not averse to the idea of working together, through sites >> similar to LinkedIn. However, I am very much opposed to what >> seems to have become de riguer for such social networking sites, >> where they actively seek to sucker new users into exposing more >> email addresses that they can unscrupulously harvest. Because of >> this, I refuse to use LinkedIn, even though they are apparently >> a very useful site. >> >> I also think that it is incumbent on people to be aware of such >> practices by social networking sites that they subscribe to. If >> they choose to open all contacts in their email box to such >> spammers, in my opinion, they share the blame for the spam that >> results. The "punishment" in this case is also ridiculously trivial, >> so there is hardly any reason to complain. > > Er, what makes you think that once you've revealed your e-mail ID and > password to linkedin (or equivalent site) they won't use, abuse and > misuse it for their own hidden agenda? Yes, yes, the web site claims > that they'll forget your password eventually, but any web site can make > any claim without actually adhering to it. Further, linkedin (and other > anti-social networking sites) are now ripe targets for various mafiosi- > type attacks (remember Twitter got haxqu0red a couple of weeks back?) > and you can be absolutely sure that when a band of gun-toting coke- > crazed hoods gets hold of your contacts and presumably your password > they're not going to be agonising over whether to misuse that data or > not. > > There is also the whole value-raising question, where the promoters of > every site try to raise the value of the site; traditionally this was > done (roughly) by counting registered users, at, say, $1 per user or so. > Now if I were promoting linkedin I'd make damn sure that I kept users' > passwords with me, so that when MS tries to buy me out they pay me $1 > per registered user and, under the table, another $100 per validated > user password! > > In short, giving your e-mail ID password to someone you don't know from > Ali is an excellent way to show the world that you don't have a clue > about security and can't be trusted with sensitive data. >
I definitely hate these "Connect with me on blah blah" mails as much as the next person but I still have to dispute some points here. In my opinion, storing huge amounts of confidential customer data is more a liability than an asset. Plus sites like LinkedIn have a lot of credibility which they need to protect and the easiest way to do that would be by not screwing your users. Curious, why do you think MS would pay large amounts of money for user passwords? Maybe to sabotage other email services? Highly unlikely (but not impossible), or did you have any other use in mind? In any case, the root cause here is that these "social networking" websites need to provide a way to allow easy import of existing contacts into their service. It's very beneficial to the user to not have to do this by hand. I still think it's stupid to supply your gmail password to any website but gmail, but asking for the username and password used to be THE only way to do this (If I wrote a social networking app 2 years back I would have done the same thing without any guilt). Thankfully we now have open standards like OpenID and OpenAuth springing up to provide a safe idiot-proof way of doing this. -- Anupam _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
