Social networking and webmail accounts
(Cross-posted from my personal blog, because it’s more relevant here anyway.)
I spent the morning looking at the security and privacy implications of a common practice on social networking sites: Importing address books. Social networking sites like LinkedIn, Flixster, FriendSter, MySpace, and Facebook depend on large numbers of subscribers to form social networks.
Each of these sites wants the most people, and the most e-mail addresses, possible. But uploading or manually typing in e-mail addresses is a pain for users, particularly the nanosecond-attention-span teens that many of them target. So they try to make it easier to import address books from webmail services like GMail, Yahoo, MSN and others.
And here’s the problem: To do this, you need to tell them your username and password, often in plain text. This is a security risk. After a chat with one of the founders at Flixter (who commented on a previous post) I decided to take him up on his suggestion to check out other social networking sites to see if, indeed, this is the rule.
The results of the research, after the jump.
