—-
For the past many years, I’ve seen a trend that has been on a meteoric rise. Whatever new service you sign on for on the internet (especially the web2.0–oh-so-cool-you-have-to-tell-everyone-about-it ones), it gives you an option to fill in your e-mail ID and password and makes a generous offer of letting all your friends know about your new avatar and let them all join in the fun. Most of the people around me, it seems, don’t think twice before gladly accepting the offer, as is made apparent from the increasing amount of automated mails I’m getting with subjects like “Hey, don’t be left out! Join me on X” or “Hi SG, Why don’t you follow me on Y”.
I just wanted to “remind” you all (because you already know it) how important your password is. You keep it safe from everyone, suspect even your friends of trying to hack into your e-mail, and then you give it away to an “unknown” entity with so much of ease, laying so much trust onto it that you won’t even put in your biological parents.
While many of these services are genuine, but many might not be. I’m certainly against handing out your passwords to a third-party web service until it is something like google that won’t just sell you off one fine day and run off somewhere you can’t find it. But if you are compelled to do so because of some reason, I’d recommend atleast checking out what it has to say about the data it’s collecting.
Let me take an example of a new IM service that I recently came across. It’s called IMO (or imo or whatever) and is apparently quite popular because of its multiple IM service connections through a single interface. I thought of checking out its terms etc and making a mental image of how respectable / trustworthy I found it. I had listed the following things on the blog where I had found about this site. Listing them here again for you.
Following are the nuggets I found:
1. They have a blogspot blog. It takes hardly a few minutes to host ur own blog on ur own domain. Maybe they have some existing google connection but yet to discover it.(I read somewhere that some of these people worked at google in the past but that’s no reason to keep your blog on such a platform)
2. Shady privacy agreement.
2a They mention that not only will they save ur username and pwd but may also save ur chats/messages etc.
2b They might also share info with 3rd parties (written in a manner that they can do it on their own will)
2c Transparency: They might not even tell u whats going on if they so decide.
Please don’t mention about the eliteness of their “advisor panel”. This is the biggest marketing gimmick that everyone pulls off. Many times the “advisors” don’t even know the “advised” company exists.
IMP: If a site doesn’t say anything or says all goody things in its terms, that doesn’t make it clean, but if you find suspiciousness in the terms, that definitely makes a negative mark. In Short, when your password is concerned, treat everyone guilty until proven innocent.
—-
If you liked this post, then you can Subscribe to my feed
Quote of the day: “You will be who you will be. We are our choices. And we can choose to lead humanity away from this… darkness.” - Icarus/Helios
May 21st, 2008 at 8:31 am
(looks like my comment got eaten
Let’s try again)…
Good post. I think I’m the only person who reads Terms and Conditions sometimes. It’s amazing how many people just enter personal data into things without thinking about who they are giving info too.
One thing, you mention “your password”. No one should ever only have one password. I would encourage everyone to use tools like MyPasswordSafe ( http://www.semanticgap.com/myps/ ), pwsafe ( http://nsd.dyndns.org/pwsafe/ ) and/or PasswordSafe ( http://passwordsafe.sourceforge.net/ ) to store a unique password for each service. These applications are all free and/or Open Source etc. Plus using the combination of the above, you can share one password database across Linux/Unix and Windows, both GUIs and command lines.
May 21st, 2008 at 9:54 am
Hey Todd,
I also read the terms and conditions most of the times or I just use one of the several spam accounts I’ve made just for this purpose. Can also use “use-and-throw” e-mails but I don’t cuz smtimes I like the service and stick to it..
You are right about the “one pwd” thing. I use similar tools myself.
And sorry about the disappearing comments. Akismet had marked them as spam since you had more than 2 links in the comment.