Fill Your Password To Invite Your Buddies - Not So Fast!!


For the past many years, I’ve seen a trend that has been on a meteoric rise. Whatever new service you sign on for on the internet (especially the web2.0–oh-so-cool-you-have-to-tell-everyone-about-it ones), it gives you an option to fill in your e-mail ID and password and makes a generous offer of letting all your friends know about your new avatar and let them all join in the fun. Most of the people around me, it seems, don’t think twice before gladly accepting the offer, as is made apparent from the increasing amount of automated mails I’m getting with subjects like “Hey, don’t be left out! Join me on X” or “Hi SG, Why don’t you follow me on Y”.

I just wanted to “remind” you all (because you already know it) how important your password is. You keep it safe from everyone, suspect even your friends of trying to hack into your e-mail, and then you give it away to an “unknown” entity with so much of ease, laying so much trust onto it that you won’t even put in your biological parents.

While many of these services are genuine, but many might not be. I’m certainly against handing out your passwords to a third-party web service until it is something like google that won’t just sell you off one fine day and run off somewhere you can’t find it. But if you are compelled to do so because of some reason, I’d recommend atleast checking out what it has to say about the data it’s collecting.

Let me take an example of a new IM service that I recently came across. It’s called IMO (or imo or whatever) and is apparently quite popular because of its multiple IM service connections through a single interface. I thought of checking out its terms etc and making a mental image of how respectable / trustworthy I found it. I had listed the following things on the blog where I had found about this site. Listing them here again for you.

Following are the nuggets I found:

1. They have a blogspot blog. It takes hardly a few minutes to host ur own blog on ur own domain. Maybe they have some existing google connection but yet to discover it.(I read somewhere that some of these people worked at google in the past but that’s no reason to keep your blog on such a platform)

2. Shady privacy agreement. ** 2a** They mention that not only will they save ur username and pwd but may also save ur chats/messages etc. ** 2b** They might also share info with 3rd parties (written in a manner that they can do it on their own will) ** 2c** Transparency: They might not even tell u whats going on if they so decide.

Please don’t mention about the eliteness of their “advisor panel”. This is the biggest marketing gimmick that everyone pulls off. Many times the “advisors” don’t even know the “advised” company exists.

IMP: If a site doesn’t say anything or says all goody things in its terms, that doesn’t make it clean, but if you find suspiciousness in the terms, that definitely makes a negative mark. In Short, when your password is concerned, treat everyone guilty until proven innocent.


See also