Some more on secure social networking - iHazYrCreds
The other day I added my voice to the call to end the perfidious practice of social networking sites requesting your email password.
In the discussion I made an off-hand reference to a fictitious site called iHazYrCreds. Well, it's not fictitious any longer ;-) For better or worse, you can now visit iHazYrCreds.tardate.com to find out more about the common password traps to avoid.
I'd like to see the day when asking for an email password in order to "import contacts" is deemed totally unacceptable (and negligent professional practice).
I would also welcome any moves by the big email providers (google, yahoo etc) to explicitly outlaw such use in their terms of service. I'm no lawyer, but I believe it is debatable whether it is already a violation.
read more and comment..
net.gain
..or "how to (try) and make the new economy work like the old one" I recently borrowed John Hagel III and Arther G. Armstrong's Net Gain: Expanding Markets Through Virtual Communities from a colleague for a quick read. It was published in 1997 by McKinsey & Company, and I must say it kinda shows. The book suffers from a myopic pre-occupation with the dual assumptions that:
Ah, the golden days of the internet bubble! This is an interesting read if for no other reason than to see how far we have come; how much has been learnt, and how much we have yet to learn. |
As I studied the authors' recipe for profitable community-building I found myself challenging the principle that success requires an imposition of control by an organisation: the company studies the market, decides what community should be built, writes a business case for it, and appoints the expert team to design, build, launch, and market the community.
This is an astonishing proposition given the book's initial premise:
The rise of virtual communities .. has set in motion an unprecedented shift in power from vendors of goods and services to the customers who buy them.
"Over my dead body!" I can hear the voices echoing from the boardroom - undoubtedly the prime audience for this book, which I think could reasonably be subtitled "how to (try) and make the new economy work like the old one".
The idea of a "community" that is both external to the organisation while remaining under its control permeates the book, and is perhaps the primary misconception that has taken the past 10 years to rethink and recognise for the oxymoron that it is.
This is closely related to the fundamental yet unspoken assumption of a hard boundary between the corporation and the customer/community. In parts of the book that consider the use of communities within the corporation, the emphasis is very much on within the corporation, or at most, between business partners.
My comments have been a little disparaging, and it is perhaps unfair to find fault in failing to predict the future accurately. It does mean that this book is now little more than a historical curiosity.
However, the book I would be very interested to read is a "10th anniversary rewrite". For my money, I'd say that's Wikinomics: How Mass Collaboration Changes Everything (any other recommendations? I'm keen to hear..)
For now, I think I'll let Geek and Poke have the last word...
Originally posted on It's a Prata Life
read more and comment..
'Promote Bad Security Practice' Grand Achievement Awards
As usual, Jeff cuts to the heart of the matter on Coding Horror when calling out Yelp for the astonishingly evil and unconscionable act of asking users to hand over their email passwords.
I am not sure who started this, but it has somehow scarily become accepted practice, especially among the social networking sites. Facebook, LinkedIn, Plaxo ... they all do it, and seem to think that waving some privacy mumbo-jumbo 'but you can trust US!' makes it OK. Some are particularly heinous, like Tagged, which obscure the fact that handing over your email password is optional.
As many have pointed out (see the comments on Jeff's post), this is a lazy solution to a problem that is solvable in ways that do not need to compromise user security.
Facebook, LinkedIn - these guys should know better. And I think have an obligation to do better, especially since it is becoming more and more common for a social networking site to be an individual's first experience on the net. While the old hands may have well-ingrained security awareness thanks to the evangelizing efforts of people like Steve Gibson and Leo Laporte on the Security Now! podcast, we have a whole new generation of users being taught exactly the wrong thing thanks to the misguided and irresponsible acts of the social networking sites that are requesting email passwords to be handed over.
The proliferation of this perfidious practice must be reversed! A good first step is to heap professional scorn on anyone associated with developing such a feature. Shame!
read more and comment..