I got some random text from a relative asking me to go this website, at which point I was confronted by the following web page…

image

Ha … they want my email and password … really … why don’t I just give you my SSN, credit card numbers and keys to the house and car (I overstate but you understand the point). The Terms and Conditions was honest enough to reveal the following:

     We may temporarily access your MSN account to do a combination of the following:
          1. Send Instant Messages to your friends promoting this site.
          2. Introduce new entertaining sites to your friends via Instant Messages.

Let me forgo all the obvious concerns about giving my password and look at the storage of my password by unqualified and un-vetted third parties. The only real way they can use my password effectively is by storing it in plain text in their database, the above T&C extract also implies that they are keeping this information indefinitely.

There are a metric ton of API’s for online services that allow applications access to user resources without the need for this type of password scamming. This includes but is not limited to:- Windows Live DelAuth, Google AuthSub, Yahoo! BBAuth, Facebook Authentication API, and the AOL OpenAuth.

The T&C for this site concludes:

This agreement shall be construed and governed by the law of the republic of Panama. You expressly consent to the exclusive venue and personal jurisdiction of the courts located in the Republic of panama for any actions arising from or relating to this agreement.”

…enough said.

Technorati tags: