Monday, January 27, 2014

Is The New Daily site unwittingly exposing their users contact list?

Today I received an email from a user of my Australian dictionary files, with a link to an article on The New Daily site. The article was interesting and relevant for those interested in the Australian language. More specifically, it was about the different words we use in different states to describe the same thing. The preferred Australian English spelling dictionary is about identifying the single preferred spelling of a word in Australia where there are multiple spelling variations.

I decided to add a comment to the article. Normally I just sign up with my email address but I thought, I'm using Facebook (this is not a recommendation for Facebook) and thought I'd test submitting the comment using my Facebook ID. I was presented with the following.
The New Daily uses the Disqus service to handle comments.

Here is my concern. Why is Disqus asking for access to my friend list? There really isn't even any reason for Discus to be asking for access to my public profile or email address. Initially I thought it is OK for Disqus to have my email address because they'd need that for verification. But then I thought, do they really. If I'm verified by Facebook then there is no reason for Disqus to even have the email address.

This reminds me of when I read an article about a leading social networking site a few years ago which had 20 million users, but stated they had 400 million. How could a site have 20 million users but claim 400 million. From what I gathered, they considered everyone on their active users mailing list to be their users as well, even though 380 million users had never signed up for the service. The problem is that everyone that signed up to the service was also giving the site access to their entire address book to find friends who were also using the service. From what I could gather,  everyone in the users address book, even if they weren't users of the social networking site, were now also considered customers. The social networking site, had decided that everyone in the address book for a user was now also their customer. The only way that could be valid in my mind is they kept the contents of everyone's address book after it was scanned.

I decided there was no way I'd enter the comment and use Facebook under those terms. I cancelled and signed up using my email address and a nominated password. That means all The New Daily site and Discus received was my contact details and not the contact details of others.

If you're using a free service and something doesn't feel quite right, for goodness sake stop and think for a moment. If it doesn't feel right it probably isn't. Free services come at a cost. Often you don't know what that cost is because you aren't made aware, as they don't want you to know because that is part of their business model. If you are made aware, the real cost may be obscured by generalised legalese.

Did you sign up to Facebook or any other social networking service and give the site permission to access your address book to locate friends. If you did, that site had to upload and scan all your contacts. Do you know what they've done with the entire contact list and not just the email addresses of friends also using the service? I didn't think so. I certainly don't know, but when one social networking site claims 400 million users when they actually have just 20 million, it does beg the question. I'd be fairly certain your entire contact list is being stored somewhere on someone else's server, and you've passed on your contacts's details without asking them if it is OK.

It may not be as convenient as entering in each contact when you join a social networking site, but I believe it is rude to pass on family, friends and business colleagues contact details without their permission. Laziness is no excuse for being rude.

Hopefully people reading this article will stop and think about the new world order where no one seems to care about the information they pass on about others without their permission. We've become so selfish that basic courtesy is being exchanged for a free service.

Kelvin Eldridge
Online Connections
Call 0415 910 703 for IT support.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.