funferal (jodymeme) wrote,

security and social networking

Over the past year or so I've received several invitations from online friends to join various social networking systems that I'm not yet part of (as if the handful I'm already part of isn't a little too much already.) I found it curious, at first, that some of these invitations came from folks I had long been out of touch with, or sometimes barely knew at all, and, despite the fact they were always form letters, part of me was touched: "gee, that's nice they're thinking of me." In a couple of instances early on, I actually wrote letters to these friends explaining why I didn't wish to join another social networking site at the time, and thanked them for inviting me, all the same.

Gee. I feel a little red in the face about that now. Before I joined Facebook last summer, I had no idea people had the option to give these giant networking corporations access to their email accounts so they could send out letters to everyone on their contacts list. When I realized that, it made me somewhat uneasy. I was only mildly annoyed to know that friends were essentially spamming me, but it really kind of blew my mind that people were giving these companies their passwords and essentially letting them see everybody in their contacts list. Yeah, okay, I get it, they all say "we don't store your passwords" or use the information they've gathered for any other purposes than the one you've expressly given them permission for, but... I'm really skeptical.

Now I'm getting invitations to services like Flock and Wink that will (presumably) ask for my passwords to all of my social networking accounts so they can set up one convenient mega-network for me. I actually did sign up for Wink months ago, but balked when I realized that the only way to effectively use the site would be to give up my passwords. If you get phished on Wink, does it potentially compromise all of your accounts? Are there horror stories out there of people losing a dozen social networking accounts at once? I've know several people who, once phished on MySpace, were simply SOL and had to set up new accounts. Imagine if this happened across your entire network of social networks.

This really seems to fly in the face of everything I've learned about 'net security throughout the years: you know, the standard mantras of "don't share your password with anyone" and "have a different password for every account." Yet I'm supposed to trust faceless start-up corporations with this data. I don't know much about password encryption or all the various data-mining operations these companies get up to. I refuse to add modules to my Facebook profile because I simply have to assume that many of the module developers will harvest my personal information and use it (Facebook in fact warns you before you opt-in, but most of my friends on Facebook use an add-on of one sort or other.)

But here I see thousands, millions, of wired Web 2.0 types just diving right into this stuff, signing up for Flock, giving companies access to their email, adding dodgy applications to their Facebook profiles.

What do y'all think about this? Am I being paranoid? Have you willingly given up your email account passwords and/or passwords to social networking sites to any of these companies? Should I just say, "sure, [social networking start-up], I don't know you, but I'll trust you when you say there's no harm in giving up my passwords to you?"
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your IP address will be recorded