Comments on: Public nuisance #1: Importing your contacts

By: Boxbe Blog » Blog Archive » Boxbe heading to Yahoo! Hack Day

Boxbe Blog » Blog Archive » Boxbe heading to Yahoo! Hack Day — Thu, 11 Sep 2008 21:43:34 +0000

[...] be adding their Address Book API very soon so that we’re not using that not-so-nice anti-pattern we keep hearing about. We’re hoping to learn more about it and other APIs that Yahoo! is [...]

Reply - Quote

By: This Antipattern is Kryptonite to the Open Social Web at Like It Matters

This Antipattern is Kryptonite to the Open Social Web at Like It Matters — Fri, 04 Jan 2008 14:57:43 +0000

[...] keep wagging our collective fingers about this antipattern of asking users to input their credentials for another service but evidently no [...]

Reply - Quote

By: Henrik Biering » Getting rid of bad habits …

Henrik Biering » Getting rid of bad habits … — Sat, 29 Dec 2007 16:23:07 +0000

[...] and comfortable in their interaction with other users.The alternative - continuing and developing todays community site practices - seems to me a scary vision for the future of identity [...]

Reply - Quote

By: Enthousiasmeren

Enthousiasmeren — Mon, 24 Dec 2007 20:27:37 +0000

Een bijzonder jaar met vele nieuwe (online) vrienden... Als dit je eerste keer is op dit blog, wil je misschien een abonnement op mijn RSS feed of mijn wekelijkse nieuwsbrief in je inbox. Dank voor je bezoek! Het jaar is bijna voorbij. En het was een bijzonder jaar voor mij. Mijn eerste volledige jaa...

Reply - Quote

By: poso.dk - om portable sociale netværk » Interessante links fundet d. 20. December

Fri, 21 Dec 2007 00:33:48 +0000

[...] Public nuisance #1: Importing your contacts | FactoryCity - DISO gruppen prøver at finde en alternativ metode til at importere kontakter - fordi det er noget rigtig skidt at udlevere brugernavn og kodeord til ens email adresse! [...]

Reply - Quote

By: Daniel Lackey

Daniel Lackey — Thu, 20 Dec 2007 20:33:28 +0000

“I’d think that Dopplr’s hCard approach is good but maybe so far only understandable to geeks.”

And therein lies the problem. OAuth is a great idea, but how do you convince Joe Shmoe that it’s worth him figuring out? Geeks will flock to OAuth inevitably after hearing about it, but they aren’t really the folks who need this. They know better than to give out info like this; Granny Jones doesn’t.

“But I think we are going in this direction anyway with things like DiSo et. al. It’s mostly a question of adoption.”
QFT

Reply - Quote

By: Christian Scholz

Christian Scholz — Thu, 20 Dec 2007 13:30:32 +0000

Indeed the security risks with these practices are obvious but it has been indeed the simplest solution for quite some time. I’d think that Dopplr’s hCard approach is good but maybe so far only understandable to geeks.

For the short term I see the best solution here to use OAuth, Google would need to step forward and enable getting your addressbook via OAuth. Having then libraries for PHP, Ruby, Python etc. for this would IMHO help quite a bit here.

OpenID is not really needed in this step I think but of course it would be great if this could be added in the same step and maybe make it automatable even more.

On the long run I’d like to see little reason to login anywhere to fetch all my contacts from x different places. I would want one place (which I choose) where my contacts are stored. When I login to some new service it should automatically discover these with me just deciding which should be transferred (maybe group based).

But I think we are going in this direction anyway with things like DiSo et. al. It’s mostly a question of adoption.

Reply - Quote

By: Oxa Koba

Oxa Koba — Thu, 20 Dec 2007 04:21:02 +0000

I have been surprised at the responses provided by customer support when this issue is raised. For example, here is what Geni, had to say:

Geni doesn't actually store the external passwords you enter after it retrieves the contacts, so if Geni was to ever be compromised, the thieves would not be able to get anything other than the e-mails addresses themselves, not the passwords or e-mail messages.

They side-stepped the issue, ignoring the potential of the web services abusing the information itself. Not to mention the lil' phishy training that users internalize in the process.

Reply - Quote

By: Dawn Foster

Dawn Foster — Thu, 20 Dec 2007 03:44:40 +0000

right on!

First, I’m not giving my password to a random social networking site.

Second, I’ll invite the contacts that I want to invite to a particular service. Yes, it may save time to import, but I don’t need a bot to send friend invites for me.

I’d consider it with your idea of basing it on OpenID, etc. where I might have a little more control over the process along with better security.

Reply - Quote

By: Andrew

Andrew — Thu, 20 Dec 2007 01:07:01 +0000

Tara’s point brings up something worth mentioning: this practice is popular because it works pretty darn well for users. People understand the goal (”avoid retyping all those damn addresses”), and the interaction model is very clear. “Upload Your address book” may be the technical anti-pattern, but it’s a very effective design pattern.

Anything that wants to compete with the current way needs to keep it *as simple* as the current way from the user’s point of view.

Reply - Quote