programming and human factors
by Jeff Atwood
A number of people whose opinions I greatly respect have turned me on to Yelp over the last six months or so. Yelp is a community review site, and a great way to discover cool new places in whatever neighborhood you happen to be in.
I've enjoyed using Yelp, and I wanted to participate by submitting my first review, so I created a new account there. As part of the account creation process, I was presented with this.
The idea is that I tell Yelp what email service I use, then provide my login and password information so Yelp can determine if any of my email contacts are Yelp members. How convenient!
Here's how I see that page.
I'm willing to give Yelp the benefit of the doubt here, but let's think about what it means to give out your email account and password to anyone, no matter how ostensibly trustworthy they may be:
I don't think so.
Frankly, it's irresponsible to even ask this question. Naive internet users may not understand why it is such a profoundly bad idea to give out their email credentials to random websites. Worse, they might eventually get the idea that giving out their email credentials is typical or normal.
It's not. This is outlined quite literally in most privacy policies:
The security of your account also depends on keeping your account password confidential, and you should not share your account name or password with anyone. If you do share your account information with a third party, they will have access to your account and your personal information. -- Google CheckoutIf a password is used to help protect your accounts and personal information, it is your responsibility to keep your password confidential. Do not share this information with anyone. If you are sharing a computer with anyone you should always choose to log out before leaving a site or service to protect access to your information from subsequent users. -- Microsoft Passport
Your Yahoo! ID and password are confidential information. A Yahoo! employee will never ask you for your password in an unsolicited phone call or email. Do not respond to any message that asks for your password. -- Yahoo
How did we end up in a world where it's even remotely acceptable to ask for someone's email credentials? What happened to all those years we spent establishing privacy policies to protect our users? What happened to the fundamental tenet of security common sense that says giving out your password, under any circumstances, is a bad idea?
I can understand the cutthroat desire to build monetizable "friend" networks by any means necessary. Even if it means encouraging your users to cough up their login credentials to competing websites. But how can I take your privacy policies seriously if you aren't willing to treat your competitors' login credentials with the very same respect that you treat your own? That's just lip service.
Email is the de-facto master password for a huge swath of your online identity. Tread carefully:
Beyond those ethical guidelines, I do wonder why the technological solution to this problem has barely been addressed. If all Yelp wants is my address book, why can't I grant them temporary access to my public email address book without giving out the keys to my email kingdom?
If even a fraction of the coding effort that regularly goes into convincing people to cough up their email or website login credentials went into finding other, more reasonable solutions to this problem -- perhaps we could have arrived at a saner solution by now. And we can start by taking obnoxious, utterly inappropriate credential requests completely off the table.
UPDATE: Several commenters brought to light some efforts underway to address this pernicious problem:
A more general solution may be OAuth, billed as an open standard for API access delegation. In other words, a valet key for websites:
Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using your regular key to unlock everything.
Chris Messina of the OAuth project was kind enough to provide a number of related links in the comments and a followup post on the OAuth blog as well.
I was encouraged to learn about some of the recent progress we've made on this front. If you were looking for a way to be part of the solution, instead of the problem, read up on these solutions and participate!
why not just change your password after you finish?
genuises
Wow...thanks for posting this.
Somebody just left the link to this post of yours on my blog, on a posting I did about how goodreads spams your address book.
If you're interested, since you don't allow html, it's advicegoddess dot com and search goodreads. Mamasource is another site that does that as well.
Amy Alkon on July 6, 2008 1:21 PMPandora has one of those too. Make a new account and it says
Your email: xxx@xxx
Your email password: xxxxxxxxx
Oh noes!
First comment on your blog, though I've been reading it for about 1 - 1 1/2 years.
Mr Algebra on July 13, 2008 2:26 AMI just signed on to facebook. They have the same feature and they support SO many email services. But not comma seperated files! How cruel is this?!
David on July 14, 2008 5:53 AM2:06 in the night here in Italy. I just had another web page opened in the bar menu. It is the page were LinkedIn asked for my mail password. So weird to me.
No way of course to give them my pass: I just made a google search looking for LinnkedIn +password and after some pages found You.
I'm happy to have found you, just confirmed my thesys, I'm not giving my pass ever, this case included!
Thanks
ciao
some one
AMER on July 30, 2008 2:08 AMjjpimp22@msn.com
james on August 4, 2008 8:16 AMEasy way around it - change your email password temporarily - let the service log into do its thing - then change it back. Not perfect, but it works.
john doe on August 5, 2008 3:31 AMWords fail me, quite frankly. How can anyone be so daft as to code this, let alone fall for it. Reminds me of a friend of mine whose Facebook account got hi-jacked and the perpetrator then starting sending offensive messages in her name. Applications to Facebook to shut the account down were, you guessed it, IGNORED (hope you're listening guys, but I doubt it).
On a vaguely related note, I have discovered that entering your email address into just about any forum / social networking site generates spam, sooner or later. Somehow, the spammers just latch on to it. Be careful out there.
Paul Sanders
www.alpinesoft.co.uk
Words fail me, quite frankly. How can anyone be so daft as to code this, let alone fall for it. Reminds me of a friend of mine whose Facebook account got hi-jacked and the perpetrator then starting sending offensive messages in her name. Applications to Facebook to shut the account down were, you guessed it, IGNORED (hope you're listening guys, but I doubt it).
On a vaguely related note, I have discovered that entering your email address into just about any forum / social networking site generates spam, sooner or later. Somehow, the spammers just latch on to it. Be careful out there.
Paul Sanders
http://www.alpinesoft.co.uk
fdsfsd
faris on August 18, 2008 12:30 PMi love all men and you
sean bowers on August 22, 2008 5:40 AMi want to know other gmail user password.
how i do please can u help me.
can u teach me please.
PLZ MY E-MAIL ID HILINKGROUP.INFO@GMAIL.COMM IN MIS PASSWORD
PL'Z SEND MY PASSWORD IN E_MAIL iD SRATHWE@YAHOO.COM
I WANT MASTER PASSWORD OF YAHOO WEBSITE
jitu on November 2, 2008 11:30 AMGreat post - found it searching for this topic.
I understand you focused on the password issue - but isn't there an issue of did any of those folks in your Outlook, Gmail, Yahoo or other contacts - did any of these folks approve the fact that you are forking over their contact information?
I think I could give Twitter, Facebook, Plaxo and the others my contact information - but how can I give up the other several hundred or several thousand folks in my database?
We're looking for blog posts and articles about that privacy issue. If you know of any - send them our way.
Michael Benidt on December 12, 2008 5:53 AMchange emial passwoard whithout old one
change it
jimy on December 27, 2008 10:34 AMYelp.com ..something devious going on!!!
I feel exactly the same. I get very tired of wanting to reply to comments online only to learn I have to go through a registration process. I however was so pissed off with the service I have received from Broadstripe in Seattle that I felt the need to go through the effort. I start signing up and I get to the email password part and I was completly floored. That is nothing anyone (web site etc..) should request! What the hell is this site about? It has to be up to no good. I would love to chat with who ever came up with this business model. Either he/she is a complete idiot or they assume everyone else is.
Jim B.
Jim on January 8, 2009 9:22 AMAfter reading the previous responces I am sorry I ever entered mine. Goodbye all (hopefully).
Incognito (hopefully)
Jim on January 8, 2009 9:28 AMinteresting. I am so sick of yelp, but this seems... umm.. silly.
Don't give them your credentials?
So easy to deal with...
create a fake email, or just bypass that screen. But this is de riguer for all sites.
Just ignore it.
unclefishbits on January 13, 2009 11:36 AMWow. You guys are conspiratorial paranoids. Hope the tinfoil hat helps.
unclefishbits on January 13, 2009 11:37 AMidea pashward
More more people know that Blog are goods for every one where we can get more knowledge nice job keep it up !
Male Enhancement on February 10, 2009 11:29 AMaaaa
salem on February 21, 2009 9:04 AM3247
ttttttttttttt on March 21, 2009 2:03 AMmy password
poorya on March 24, 2009 8:42 AMku je bre qa po ban a ka najsen
a sen hiq a a a aa mut je ta dish
foieruhfiourhvuhbnbvAOWKKKLKLKLLK
Alex S. Camilli on April 19, 2009 3:48 AMDoes the world need another Web browser? Why not just collaborate with Mozilla on Firefox? Webkit http://www.frogmix.com/search/webkit + Firefox + Chrome stand a better chance together rather than apart, don’t they? Feels to me like the million Linux distros and their corresponding desktops. If they could all get together, users would be better off.
kimm on May 28, 2009 1:29 PMBy shrinking the enlarged prostate, Avodart may alleviate the various urinary symptoms, making surgery unnecessary. That is the reason why doctors are advised to buy Avodart for its treatment with out surgery.
シアリス on June 5, 2009 2:34 AMWhy on earth does the writer spend so much time on this and presumably does not even think to contact Yelp? Here was a potentially interesting piece made so much less simply by not contacting the offending party for some sort of input.
Ted on July 10, 2009 7:46 AMhtml
waagacusub on July 13, 2009 1:04 PMi think this is a real good idea getting a new email & password a great idea
michael on July 21, 2009 11:39 AMhameed
hameed on July 21, 2009 12:57 PMi hate stupid coding horror,thing more stupid
oscar homolka on August 6, 2009 10:20 AMgiving password for anybody why is 1 stupid,lol...this site have people very idiot
sandra on August 6, 2009 10:22 AMyankee are population more stupid of wourld,i hate usa,lol
Iran,ABOVE of everything...my Kamerates...
sayoanara
This is known as the password anti-pattern. As of a few days ago, it is completely inexcusable - Google, Microsoft and Yahoo! all provide address book APIs which allow sites to request your permission to scrape your address book without needing to ask for your password. It will take a little while for sites like Yelp to move over to the new system but they need to treat it as a priority. The more shame thrown at sites that continue to follow the anti-pattern despite secure alternatives the better!
Simon Willison on February 6, 2010 10:25 PMHousehold alarm systems caught onto this years (decades?) ago. If you want your friend or neighbour to come in and collect your mail while you're away on vacation, you program a secondary code. They can use it to get in, but not to reprogram anything. Even the most naive and technology-averse folks (like my parents) know not to give out the master code.
This seems so totally simple to me. Just create a subdomain like public.gmail.com (although it all just redirects deep into google.com now anyway), let the primary account holder create "public" accounts and passwords, and direct all the traffic to a quaint little REST web service that can dump out the address book and maybe a few other things like Calendar or Photos.
Given the mind-boggling complexity of this task, I'm sure it would take Google engineers and developers no less than 12 minutes to bang out.
Aaron G on February 6, 2010 10:25 PMFAIL, is right.
I've seen other sites with a similar goal just give users instructions on how to export their address book from several common e-mail providers/clients (gmail, Y!, outlook, thunderbird, etc.).
Honestly, that seems like the only sane/reachable solution at this point...and it really isn't that difficult.
I guess importing a csv file would be to complex. Google, Hotmail and Yahoo all let you export your contacts now.
Aaron Fischer on February 6, 2010 10:25 PMThere is a demand. An api needs to be created to meet the demand securely.
Facebook's api allows you to give away your friends info w/o using a password. Privacy concerns aside, your password is safe.
If I saw to site Z, here are my friends emails, buzz them for me, the site should have the ability to do that, and only that.
jon on February 6, 2010 10:25 PM@cp raises a good point... most users don't want to have to remember 20 passwords, and haven't heard of openID or similar services. so their email password, IS their online password for every site.
Personally, i'm not sure i'm happy giving away my addressbook to these services in the first place, nevermind my password. I receive emails from services my friends have joined which ask me to join. This is because my email has been given out as part of an addressbook, and this service discovered i'm not on it. You know, like telemarketers.
The whole addressbook thing is basically an easy free way of getting prospects. I'm a freelance web designer/developer... what if i asked all of my clients for their addressbooks? Pretty sure they would refuse, doesn't matter if i say "But i'm just checking to see how many of your friends I've built websites for... really... I'm doing this for your benefit."
I would much rather provide a good service, and be referred. You know, the old fashioned way: the way with integrity.
Devon on February 6, 2010 10:25 PMloved the FAIL. You should submit it to failblog.org, just to see how many people get it.
Ethical concerns aside, they shouldn't need a radio button to choose which service to use. It should know whether you used GMail, Yahoo or Live/MSN/Hotmail just from the domain of the address.
John Ferguson on February 6, 2010 10:25 PMEmail services might do well to allow a "valet password" just like a car's valet key that would only allow access to validating the email accounts existence and grabbing its contacts.
Cameron B on February 6, 2010 10:25 PMwhy can't I grant them temporary access to my public email address book without giving out the keys to my email kingdom?
As am sure others have mentioned by now, you can using Contacts Data APIs (http://code.google.com/apis/contacts/)
The other option (tho it requires more work on the users end) is to offer an upload facility where members can upload their exported contacts list. Then have a parser to handle the most common formats like gmail's CSV.
But what we really need is an uptake on OAuth
"OAuth allows the user to grant access to their private resources on one site (the Service Provider), to another site (called Consumer). OAuth is about giving access to your information without sharing all of your identity."
http://en.wikipedia.org/wiki/OAuth
On ETrade recently, I wanted to do an automated transfer from my bank account to my ETrade account (I think to get my IRA contribution in before the deadline, of which direct mailing would have taken too long and gone past that deadline). However, the way it works in ETrade is for you to give them your user/pass for your online banking account, PLUS all of the responses to those extra security questions, like your Mother's maiden name! When I saw that I was convinced I was at a phishing version of ETrade, but nope, I was at the real deal.
Jason on February 6, 2010 10:25 PMAs an aside, it strikes me as typical of Microsoft to use such user-unfriendly URLs:
Google Contacts API: http://code.google.com/apis/contacts/
Yahoo! Contact API: http://developer.yahoo.com/addressbook/
Windows Live Contact API: http://msdn.microsoft.com/en-us/library/bb463989.aspx
59xk$$mv9F
there you go.
Jason on February 6, 2010 10:25 PMWhat about web mashups like orgoo? Do you think these should not be used as you need to supply email account passwords?
Jason on February 6, 2010 10:25 PMhi give me one
Johnson Kofi on February 6, 2010 10:25 PMEven uploading your address book comprises several privacy violations, some fairly insidious:
Until technological awareness and social norms catch up, we're going to be seeing a lot of this.
Tim McCormack on October 13, 2010 8:05 PM
Though
maixiner on October 21, 2010 6:43 PM
The comments to this entry are closed.
Subscribe in a reader
Subscribe via email
|
|
Traffic Stats |