

Typing In an E-Mail Address, and Giving Up Your Friends’ as Well  - muhamm
http://www.nytimes.com/2009/06/20/technology/internet/20shortcuts.html?_r=1&hpw

======
whughes
Similar article from Time:
[http://www.time.com/time/business/article/0,8599,1903810,00....](http://www.time.com/time/business/article/0,8599,1903810,00.html)

On the one hand, I'm not happy that Tagged and co are getting all this
publicity, but on the other I'm hoping that it helps to stem the tide a bit.
It's shocking how many people have not learned the importance of keeping
passwords secret.

~~~
pavel_lishin
I work for a web dev firm, and one of the features a client wants is a
facebook-style "invite your friends by giving us your e-mail and password"
feature. I'm trying to think of a nice way of convincing the client that the
feature they want is really a psychological bug that's going to cause long-
term problems for, well, everyone on the internet.

~~~
makeee
Why not use bbauth? I know Yahoo and Google support it. That way you can grab
their email contacts without requiring them to give you their email/password.
It just sends them to the email provider to login, then back to your site with
the api token to access their address book.

~~~
gaius
Still spams a buncha folks tho'.

------
mixmax
_"I spoke to Greg Tseng, founder and chief executive of Tagged, to ask him
what happened. He said all social networking sites invite you to e-mail your
contact list to join up or discover which of your friends are already members,
but that a software glitch meant an unusually large number of accidental
invitations went out recently._ "

Yeah right....

------
Locke1689
I'm confused, does it ask you to type in your email address and password for
your email provider? I can't believe anybody would be stupid enough to fall
for that.

If it doesn't, where did it get all of his contact info? Did he enter it in
himself. If this is the case, what does the website say that prompts you to
enter in your contact lists?

~~~
statictype
Yeah, that was my question too. I _think_ what happens is, when you enter your
email address and password to login to the site, the site assumes its the same
password you use to login to your mail provider. Of course, that assumption
could be wrong but apparently, it works often enough. And of course, this only
works with the big web mail providers like Google and Yahoo. I got a similar
spate of emails from friends asking me to register on their birthday calendar.

~~~
riffic
Not really, they aren't assuming you use the same password as your mail
provider. These sorts of sites just ASK you outright for your login/password..
and a lot of users actually give this up voluntarily to a third party site.

Lots of information here on this sort of anti-pattern:

<http://microformats.org/wiki/social-network-anti-patterns>

------
spazmaster
I can't believe the author is so soft on Tagged and MyLife.com etc. I've seen
this happen to my mother as well, who was very embarrassed. This needs to be
regulated and be treated like spamming is.

~~~
tomjen
My mother is better than your mother then, she had the good sense to use a
throw away email account.

------
wglb
First time I saw this happen was when my daughter signed up for doostang. All
of us on her gmail address list got an invite, including some ex-boyfriends.
She later sent an apology to the whole list. It was certainly a wake up call.

Software glitch, nah. Who are we kidding.

------
danbmil99
I had to read this like 3 times to understand that users were voluntarily
typing their email password into a site. It's so ingrained in my behavior not
to do that, I was trying to figure out, "how do they get the password?"

~~~
danbmil99
Wait -- are they just using the password you type for their site to log in and
go through your gmail account (guessing that they're the same pw)? That's
fraud. I don't care if it's in the fine print. I use multiple passwords, but
not enough. If websites just start using my passwords to break into my private
data on other sites, that's seriously fucked up.

~~~
smanek
No, users explicitly enter their email password.

I blame this on user stupidity.

~~~
riffic
I blame this on developer negligence.

------
mattmaroon
Kinda shocking that anything bad could happen when giving a stranger your
email address and password.

------
scscsc
Typing in an E-Mail Adress and the associated password, and Giv... Wait, you
did what ???

------
riffic
the password anti-pattern strikes again!

