

Don't login to reference.me - cientifico

Funny story.<p>A web site, you login with google oauth, and after that send invitations to all of your contacts. Including that email accounts that are reserved for monitoring and alert systems. 
See how my college receive and sms from and alert system and asking to ack the alert "you have and invitation from reference.me" was fun, but not serious.<p>So for your good. Don't even enter this spammers site.<p>And if you do, remember to revoke access from your oauth provider.
======
andybak
Here's a clue: "A third party service is requesting permission to access your
Google Account."

That's full access you're granting there - not just oAuth login. It's pretty
hard to spot that though. Not sure if I would have.

~~~
cientifico
Yeah. I know is totally my fault. But that site seems like a site to trust.
And yes. That is a huge mistake.

------
freshhawk
Your post got disappeared.

So mixtent (the guys behind reference.me) or some fans decided to all flag
you? Or was it admin action?

For whatever reason, all traces of stories about startups behaving badly have
a tendency to disappear from HN these days. As do stories about the
dissapearance itself. Really disappointing to someone who likes the HN
community.

~~~
nickmolnar2
It'd be nice to have an audit trail of admin actions on HN somewhere.

------
freshhawk
Well you weren't the only one at least. I got a crapload of spam from other
people signing in this morning and yesterday.

What the hell was their plan here? Unless this was some project to show people
not to trust these types of sites with oauth permissions then it was a
catastrophic failure wasn't it?

I'd never heard of them and now all I've heard, from multiple people, is to
never sign in to their site because they're horrible spammers. The tone has,
100% percent of the time, been one where they wanted to at least spit in
someone from reference.me's face, if not punch them.

Unless they've figured out a way to monetize user hatred ...

------
alpb
Why don't you report scam to oauth providers?

~~~
andybak
Any specific suggestions as to what reporting method to use?

Is there anything in place for this kind of abuse? Has anyone reported
anything like this before and can comment on the efficacy of the complaint?

------
alanbyrne
That's really disappointing. It's hard enough trying to get people to trust
your app without jokers like this ruining it for the rest of us. I agree with
alpb, report it!

~~~
dweisser
Yeah - whew. If you guys are interested in reference websites, check out
solidreference.com.

------
rbanffy
It's worth setting up a fake/honeypot account to play with services like this.

------
primitive
Very happy I spotted this thread! I did wonder what they'd do with so much
access to my Google account. Dodged a bullet there I think!

