Educational CyberPlayGround - Facebook & Addressbook Snarfing Pt II: Speeddate.com = the Gander?

Friday, June 13, 2008

« Children's Health | Main | America - the 500 year flood and the foo... »

Facebook & Addressbook Snarfing Pt II: Speeddate.com = the Gander?

Facebook & Addressbook Snarfing Pt II: Speeddate.com = the Gander?

Speeddate.com, after one signs up for an account, encourages users to
enter their email address on file with Facebook, and their FB account
password, too.

" Before viewing your message, find your friends on SpeedDate
Enter your Facebook email and password below
to find and invite friends on SpeedDate."

So, to recap, in theory, I've entered my Hotmail/Yahoo!/Gmail account
& password over at Facebook, and invited friends to join, and then
I'll spa^H^H virally market anyone who is a Facebook friend about
Speeddate.

Why does this make me uneasy?

This is, as far as I can tell, against FB AUPs and TOS.

http://developers.facebook.com/guidelines.php

II. Applications may not:

1. Contain functionality that requests or collects Facebook Site
usernames or passwords from any user;

http://www.facebook.com/policy.php

http://www.facebook.com/terms.php

Neil Schwartzman

--
P.S. I forgot to mention - many of these companies make the "log
into your address book at AOL / Yahoo / Hotmail/ Gmail " pages look
as much like a portal - *in partnership* - with the ISP as they can.
The screenshots in the Flixster article shows them using the AOL logo
next to the username and password fields because we gave them an AOL
address; if you give them a Yahoo address it will display the Yahoo
logo, if a Gmail address it will display the Gmail logo, and so on.
Thus they *fool* their users into thinking that they are logging in
through a connection authorized by their ISP, or that the ISP
*approves* of the practice. Trust me, the ISPs do *not* approve.

In fact, every ISP we have talked with about this very much is
*against* this practice, and we know that the unauthorized use of
their logos is being looked at by their legal departments.
Unfortunately, there is so much else going on in the legal realm for
ISPs (phishing, DDOSing, etc.) that this is such small potatoes, we
don't expect to see much done about it. But you cannot find a social
networking site out there who is doing this who *has* permission from
the ISP to use their logo.

And it fools the users every time. In fact, a colleague who works
*in Internet security* was themselves fooled by this very tactic, as
we both discovered when I got spam from the site that fooled him,
because I was in his address book.

Kind regards,

Anne

Anne P. Mitchell, Esq
CEO/President
Institute for Spam and Internet Public Policy
http://www.ISIPP.com/

NetHappenings Mailing List

Friday, June 13, 2008 8:17:59 PM (Pacific Daylight Time, UTC-07:00) Disclaimer | | Related posts:
Fair Use The Google Scholar service has been extended so that users can choose to search legal opinions and journals for information that they need.
Tweet Black Friday Deals
How do you Upgrade Planet Earth by Marcus Ranum
Microsoft's Bing search engine has a vulnerability with its cash-back promotion, which impacts both merchants and customers.
Barak Obama's half brother is Jewish
Secret copyright treaty leaks. It's bad. Very bad.

CLICK TO GET POSTS EMAILED DIRECTLY TO YOU

Subscribe to ECP Blog and get it in email
You will receive a verification message then FeedBurner activates your subscription to Educational CyberPlayGround Blog once you respond.

FOLLOW ON TWITTER

ON THIS PAGE....

Facebook & Addressbook Snarfing Pt II: Speeddate.com = the Gander?


EDUCATION: An interdisciplinary blog about Internet and Technology News, NetHappenings, K12 Newsletters, and Network Newsletters. Provides resources for the Arts, Music, Linguistics, Literacy, National Childrens Folksong Repository, K12 School Directory for K-12 teachers, teacher educators, homeschooling parents, policy wonks, journalists, and business.