

Ask HN: Are you trying to steal my contacts? - Mafana0

When I tried to login to HN, I was offered to login using OpenID, via some site called ClickPass, and when I tried to login using my Google account's OpenID, there was a warning, all what ClickPass wanted was to access my contacts, rather than just granting a login access.
Here's the prompt:<p>The site www.clickpass.com is requesting access to your Google Account for the product(s) listed below.
	Google Contacts - http://www.google.com/m8/feeds<p>Any info?
======
petenixey
Hi guys. The answer is no, definitely not. When we first built Clickpass there
was no google authentication Ali, you could only authenticate as part of
getting authorisation for a particular google service. Contacts seemed the
most relevant so that's what we went with. Code dev has been frozen on the
system since the acquisition so we've just left it te same way. We don't store
or even access the contact data though.

~~~
cheald
I can vouch for that. Google now offers an OpenID auth cycle, but before you
did delegated auth by requesting OAuth access to one of a user's resources.

------
eagleal
I couldn't find anything on the Clickpass (YCS07) website about the actual
data accessed. Not mentioned on the privacy policy neither[1]. We should ask
Clickpass or PG (he implemented it on HN).

[1] <http://www.clickpass.com/docs/privacy-policy#pp1>

