OAuth Will Murder Your Children

OAuth Will Murder Your Children

Good suggestion for improving all those “such and such application wants access” pages on Twitter and Facebook. I should be able to decide whether an app can merely access my information or also update/edit it.

Don't Provide Your Email Password to Another Service

There’s a feature on some websites you might have seen recently. They offer to import your address book from a webmail service like Gmail and check to see which of your friends are already using their service. (Some will even spam your friends who aren’t without asking you, but that’s the subject for a whole different article on best practices.) This feature—asking for your Gmail, Hotmail, etc. password to check your address book—has become common practice on a lot of social network sites, and this is a very bad thing.

Don’t give out your email password to any third-party service, just like you wouldn’t ever give out your ATM PIN. It’s a bad idea, and it’s inappropriate of them to be asking for it. They’re asking you to trust their privacy policy, and they’re probably a new small company with no reputation you can look into. But even Facebook does this. With the login and password to your email account, any unscrupulous person with access to that data can very easily steal your identify by using the “I forgot my password” link on any other website where you have an account, quite possibly including your bank.

A new technology called OAuth has just made some news which will allow websites to share information like online address book contents without the need to swap passwords back and forth. This is exactly what’s needed, but it will take time for many services to evaluate and implement. Six Apart’s David Recordon wrote a good piece explaining OAuth. In the meantime, make it a practice never to type in your Gmail password anywhere but a Google site.

A Recipe for OpenID-Enabling Your Site

A Recipe for OpenID-Enabling Your Site

I have no use for Plaxo, but it's neat to see them using OpenID, as they've been untrustworthy in the past and OpenID means you don't have to give them a password.

howto: protect yourself from the craigslist experiment

howto: protect yourself from the craigslist experiment

Sex Baiting Prank on Craigslist Affects Hundreds

Sex Baiting Prank on Craigslist Affects Hundreds

Some guy posted a fake personal ad, then posted all the responses, with photos and email addresses. Waxy looks into what laws might have been broken.

Telephone Companies Could Be Liable For Tens of Billions of Dollars For Illegally Turning Over Phone Records

Telephone Companies Could Be Liable For Tens of Billions of Dollars For Illegally Turning Over Phone Records

Good luck trying to demonstrate you were harmed by this.

Neutrality of the Net

Neutrality of the Net

“When, seventeen years ago, I designed the Web, I did not have to ask anyone’s permission.”

Urban Legends Reference Pages: Inboxer Rebellion (Credit Call)

Urban Legends Reference Pages: Inboxer Rebellion (Credit Call)

The Opt-Out number is legit, according to Snopes.

How to Prevent the Credit Bureaus From Selling Your Name to Mailing Lists

How to prevent the credit bureaus from selling your name to mailing lists

Boing Boing: SmartFilter, BoingBoing, and Adult Baby - Diaper Lovers.

Boing Boing: SmartFilter, BoingBoing, and Adult Baby - Diaper Lovers.

The story of Boing Boing being censored in other countries takes a turn for the bizzare.

Boing Boing: Fourth Amendment luggage tape

Boing Boing: Fourth Amendment luggage tape

“Shipping tape that has the U.S. 4th amendment printed on it in an endless loop. […] Now, if they want to search your stuff, they have to literally slice the 4th amendment in half in order to do it.”

Official Google Blog: Google in China

Official Google Blog: Google in China

Response from Google on their decision to offer censored service in China.

Data Mining 101: Finding Subversives with Amazon Wishlists | Applefritter

Data Mining 101: Finding Subversives with Amazon Wishlists | Applefritter

Homework (after reading this): now that you know what sorts of things the public can find out about you, think about how much Amazon itself knows about you. Or Google, or Microsoft, or Yahoo!

Google Blog: "Sign up for Gmail"

Google Blog: “Sign up for Gmail”

Interesting. Gmail is now open without invitations, but you need a cell phone to sign up as their way of verifying your identity.

Dear Framers

While I understand that a right to privacy can be intuited from the Bill of Rights, we could use clearer enumeration. Case in point:

In September 2002, JetBlue Airways secretly turned over data about 1.5 million of its passengers to a company called Torch Concepts, under contract with the Department of Defense.

Torch Concepts merged this data with Social Security numbers, home addresses, income levels and automobile records that it purchased from another company, Acxiom Corp.

[…] JetBlue’s privacy policy clearly states that “the financial and personal information collected on this site is not shared with any third parties.” Several lawsuits against JetBlue are pending. (Newsday.com, “Terror Profiles By Computers Are Ineffective”)

Could someone please wake/raise the men listed here and have them work something up. Promise them good, healthy brains to eat if necessary.

A Sign on My Phone

As of today, it looks like the National Do Not Call Registry is on. Matt Thomas and I had a discussion about it last night. I had been wondering for some time whether I really did think that the registry was a legimate thing for the government to impose. I now think it is.

The Direct Marketing Association argued last week that the registry would restrict their constitutional right to free speech. It does not. The DMA is free to speak however they want. In the exact same way, protesters are allowed to picket on the street outside your house, exercising their First Amendment right. They are not, however, allowed to walk up to your front door and yell at you.

If you don’t want someone to enter your property, you just have to put a “no trespassing” and/or “no soliciters” sign up. If someone fails to heed this sign, you can call the police and have them arrested. Even without the sign, if someone comes to your door you can tell them to leave your property or you’ll consider it trespassing. Delivery men are allowed only if you’ve ordered from them, and you have to sign a form to let FedEX or UPS leave something at your door. Clearly people are not allowed on your property if you don’t want them, and this doesn’t inhibit their right to speech.

Is making a phone call in a way entering their property? I think it would have to be, but I think this point is where the Do Not Call Registry question hinges. Putting a sign on your law forbids door-to-door salesman from conducting their business, and this is an established and valid practice. The problem is that you can’t put up a “no soliciters” sign on your phone. The Registry is just legislation that draws this analogy. By this merit, I think it is an acceptable law.