James Galvin

Who decided that it was OK to send a spammy mass-invitation to everyone in your addressbook by default? Allowing some web app to access my private email account is an act of trust, and it is being abused by every site that tries to dupe me into spamming my contacts. Anyone who is thinking “it’s your fault for not reading the whole page before clicking ‘continue’”, has probably never worked in IT. You don’t log in to a server as root for the same reason the fabled “big red button” has a plastic cover over it. When you’re dealing with large amounts of contact data, you are required to take extra precautions to maintain privacy. When I was running a decent sized Moodle, I had scripts that explicitly asked for confirmation more than once so that I wouldn’t accidentally email 7,000 students.

Are you sure you want to email these 498 people?
yes
Really sure? 498 users!
yes

Most of these new web 2.0 sites have only one thing in mind: increasing the number of users in their database. So you can forget about extra precautions, by “conveniently” neglecting to show even the most basic respect for the privacy of your contacts (e.g. leaving them unselected for invitation by default) they are furthering their own agenda at your expense.

I blame Facebook for making this the norm, with apps like Flixter configured to send invitations to all of your friends by default every time you access the application (e.g., to see your movie taste compatibility with Worzel Gumimdge’s nephew). This is annoying for Facebook users (ask Doc) and will only get worse as the user base grows. What’s more worrying is seeing this crop up outside of Facebook’s walled garden. With so many web 2.0 apps now integrating with your gmail/yahoo/hotmail, it is all too easy to miss the “skip this step” button and bombard everyone you ever knew with an invitation. Today, Bernie accidentally spammed 2961 people:

Shelfari started sending invitations to many people who are stored inside of my Yahoo! address book. These are legacy addresses, some gathered from the early 90s. One hour after I pressed the button, Shelfari invited two dead people, one prisoner (he should probably read books but his warden is reading his mail), the CNN news desk, four European editors–and potentially a boatload of others who I hope I never meet.

Automatically selecting all of your contacts for invitation is very bad practice and unethical. Facebook should force the policy that all the boxes are unticked by default, and if some particularly spammy individual wants to tell all his friends about his University Diplomas app then he can tick the “select all” button, that’s OK by me. This would set a good precedent, and then we could complain about rogues like Shelfari who have no respect for privacy. I’m keeping a “name and shame” list of all web 2.0 companies that abuse your trust by deliberately setting out to spam in your name.

 del.icio.us   |    digg it

This entry was posted on Wednesday, October 31st, 2007 at 14:20 pm and is filed under Spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.