You’ve definitely seen these types of functions hooked up to social network sites, and it’s use is on the rise. Remember the old adage, “Never give your username and password to anyone,” well top online providers have allowed third-parties to circumvent their Privacy Policies in an effort to grow their own social networks.
Jeff Atwood from Coding Horror points out the failure to uphold privacy policies on his blog entry titled Please Give Us Your Email Address.
Basically, what Jeff points out is that when Social Networks guide coerce users into divulging their credentials to GMail, Yahoo, AOL or Live; they essentially reward a bad behavior: User’s releasing their username and password freely into the wild with no known levels of trust.
He continues on with two straightforward policies that developers and users should employ:
- As a software developer, you should never ask a user for their email credentials. It’s unethical. It’s irresponsible. It is wrong. If someone is asking you to code this, why? For what purpose?
- As a user, you should never provide your email credentials to anyone except your email service. Sites that ask you for this information are to be regarded with extreme suspicion if not outright distrust.
To that end, I want to mention that legitimate use of OpenID is a great alternative than blindly accessing a user’s account and dumping their address book into your prospect pool. I’ve used my own AOL OpenID on a couple occaisions and was quite pleased to see the “gateway” confirm my permission for the third-party to access my account. What’s so wrong with OpenID authentication that social networks have abandoned it?