You have arrived at the web home of Noah Brier. This is mostly an archive of over a decade of blogging and other writing. You can read more about me or get in touch. If you want more recent writing of mine, most of that is at my BrXnd marketing x AI newsletter and Why Is This Interesting?, a daily email for the intellectually omnivorous.

August, 2008

Facebook Spam and Not Giving Sites Your Login/Pass

<rant> Today I got some Facebook spam. It's the first time it's happened, it came from a friend and it ended up on my wall. After Twittering about it, Ray pointed me towards these posts on the Facebook blog. So it looks like the problem lies in people giving their username/passwords out to random sites with promises of apps (or something). These sites then take control of a user's account and send out a barrage of spam. Okay, now for the rant. The reason this is happening in part is Facebook's own fault (as well as a lot of other parties). Part of the way these sites have expanded at the speed they have is by asking people to enter their email username/password and then crawling their contact list and showing users/sending out invites appropriately. By encouraging this kind of behavior, Facebook makes it seem okay to give a site (even one you trust) your username and password, which it shouldn't be. Ever. Period. OAuth attempts to solve this problem by bouncing you over to the other site for approval, rather than asking for the login info. Google has implemented a version of this, but it's still not being used by many sites (the only integration I've seen is Dopplr). Now Facebook isn't alone in this one. Every social site has a feature like this where they ask for email usernames and passwords. This is bad for business. </rant>
August 20, 2008
Noah Brier | Thanks for reading. | Don't fake the funk on a nasty dunk.