Friday, June 13, 2008
« Children's Health | Main | America - the 500 year flood and the foo... »
Facebook & Addressbook Snarfing Pt II: Speeddate.com = the Gander?
Facebook & Addressbook Snarfing Pt II: Speeddate.com = the Gander?

Speeddate.com, after one signs up for an account, encourages users to
enter their email address on file with Facebook, and their FB account
password, too.

" Before viewing your message, find your friends on SpeedDate
Enter your Facebook email and password below
to find and invite friends on SpeedDate."

So, to recap, in theory, I've entered my Hotmail/Yahoo!/Gmail account
& password over at Facebook, and invited friends to join, and then
I'll spa^H^H virally market anyone who is a Facebook friend about
Speeddate.

Why does this make me uneasy?

This is, as far as I can tell, against FB AUPs and TOS.

http://developers.facebook.com/guidelines.php

II. Applications may not:

1. Contain functionality that requests or collects Facebook Site
usernames or passwords from any user;



http://www.facebook.com/policy.php

http://www.facebook.com/terms.php

Neil Schwartzman



--
P.S.  I forgot to mention - many of these companies make the "log
into your address book at AOL / Yahoo / Hotmail/ Gmail " pages look
as much like a portal - *in partnership* - with the ISP as they can.
The screenshots in the Flixster article shows them using the AOL logo
next to the username and password fields because we gave them an AOL
address;  if you give them a Yahoo address it will display the Yahoo
logo, if a Gmail address it will display the Gmail logo, and so on.
Thus they *fool* their users into thinking that they are logging in
through a connection authorized by their ISP, or that the ISP
*approves* of the practice.  Trust me, the ISPs do *not* approve.

In fact, every ISP we have talked with about this very much is
*against* this practice, and we know that the unauthorized use of
their logos is being looked at by their legal departments.
Unfortunately, there is so much else going on in the legal realm for
ISPs (phishing, DDOSing, etc.) that this is such small potatoes, we
don't expect to see much done about it.  But you cannot find a social
networking site out there who is doing this who *has* permission from
the ISP to use their logo.

And it fools the users every time.    In fact, a colleague who works
*in Internet security* was themselves fooled by this very tactic, as
we both discovered when I got spam from the site that fooled him,
because I was in his address book.

Kind regards,

Anne

Anne P. Mitchell, Esq
CEO/President
Institute for Spam and Internet Public Policy
http://www.ISIPP.com/

NetHappenings Mailing List
Friday, June 13, 2008 11:17:59 PM (Eastern Daylight Time, UTC-04:00)    Disclaimer  |  Comments [0]  |  Related posts:
[ECP] NetHappenings News and Resources
Lori Drew was found guilty of three misdemeanor charges
Yiddish: A Struggle for Survival
My Uncle Stan
Youth and sexual predation online
Accidental Chrismukkah cards from President Bush
Comments are closed.