Poor man's Contact List portability

0 views
Skip to first unread message

Julian Bond

unread,
Feb 6, 2008, 11:38:48 AM2/6/08
to dataportability...@googlegroups.com
Currently I'm using GMail as my contact list. I import into GMail all
the contacts I can. eg Outlook, LinkedIn, Ecademy. Then when I sign up
to a new Social Networking site I use the "Import from GMail" facility
that they all seem to have now to find contacts who have already signed
up. I'm very, very cautious about then using the "Invite my friends who
have not yet joined" facility that always comes with it.

Are there some lessons here for the DP project to automate this?

--
Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173
Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433
Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat
Never Exceed Vehicle Capacity Load

Terrell Russell

unread,
Feb 6, 2008, 11:58:22 AM2/6/08
to dataportability...@googlegroups.com
Julian Bond wrote:
> Currently I'm using GMail as my contact list. I import into GMail all
> the contacts I can. eg Outlook, LinkedIn, Ecademy. Then when I sign up
> to a new Social Networking site I use the "Import from GMail" facility
> that they all seem to have now to find contacts who have already signed
> up. I'm very, very cautious about then using the "Invite my friends who
> have not yet joined" facility that always comes with it.
>
> Are there some lessons here for the DP project to automate this?
>

This is exactly the anti-pattern we should be trying to discourage by
using standards like OAuth. It separates authentication and
authorization. As it is now, whatever service you give your credentials
to becomes you - and you're trusting them not to store/forward your
password and/or be malicious (delete your stuff). It's unnecessary and
unsafe.

Please don't continue to put your password in forms that ask for it.

You can help this group more by complaining loudly that asking for your
credentials is not the right way to do things.

Terrell
http://claimID.com

Julian Bond

unread,
Feb 6, 2008, 12:10:52 PM2/6/08
to dataportability...@googlegroups.com
Terrell Russell <terrell...@gmail.com> Wed, 6 Feb 2008 11:58:22

>This is exactly the anti-pattern we should be trying to discourage by
>using standards like OAuth. It separates authentication and
>authorization. As it is now, whatever service you give your credentials
>to becomes you - and you're trusting them not to store/forward your
>password and/or be malicious (delete your stuff). It's unnecessary and
>unsafe.
>
>Please don't continue to put your password in forms that ask for it.
>
>You can help this group more by complaining loudly that asking for your
>credentials is not the right way to do things.

Absolutely. Which is why GMail in particular (and the other webmail
services) should support oAuth. And the people building and selling
libraries to get that data should then support it.

So how exactly do you suggest getting people in GMail, Hotmail, AOL,
Yahoo to hear that message?

tav

unread,
Feb 6, 2008, 12:17:58 PM2/6/08
to dataportability...@googlegroups.com
> Please don't continue to put your password in forms that ask for it.
>
> You can help this group more by complaining loudly that asking for your
> credentials is not the right way to do things.

Whilst I am in vehement agreement with you, the reality is that most
users (and thus service providers) are *currently* not bothered by
such actions. Authentication credentials are handed over without a
moment's thought.

Every day I get an invite for yet another social network and rarely do
I see any support for standards by them. This long tail of niche
social networks also need some DP loving -- perhaps by way of better
libraries on the common platforms (php, python, ruby, &c.)?

In contrast, the long tail of instant messaging networks is seemingly
rather nicely united/federated behind the Jabber/XMPP front. Not sure
how they managed to pull that off? Perhaps it was a matter of timing?

I think it is important for us -- in terms of defining the technical
plug-and-play architecture -- to also bear in mind to keep the whole
thing really simple. So simple that developers should be able to start
adopting it overnight. So simple that our evangelical arm can pitch
with a singular message to both mainstream and technical audiences.

Can we manage that?

--
love, tav
founder and ceo, esp metanational llp

plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369

Terrell Russell

unread,
Feb 6, 2008, 12:18:42 PM2/6/08
to dataportability...@googlegroups.com
Julian Bond wrote:
> So how exactly do you suggest getting people in GMail, Hotmail, AOL,
> Yahoo to hear that message?
>


Talk about it - make it a specific point - explain why it matters.
Build use cases where what they're currently doing is bad. Build use
cases where the flexibility of these new standards is obvious to people
who don't think about this stuff all the time.

And please stop giving out your password other places. :)


And they ARE moving on these things. It just takes time when you have
tons of users. It HAS to work when they flip the switch.

Terrell


Julian Bond

unread,
Feb 6, 2008, 12:42:54 PM2/6/08
to dataportability...@googlegroups.com
tav <ask...@gmail.com> Wed, 6 Feb 2008 17:17:58

>> Please don't continue to put your password in forms that ask for it.
>>
>> You can help this group more by complaining loudly that asking for your
>> credentials is not the right way to do things.
>
>Whilst I am in vehement agreement with you, the reality is that most
>users (and thus service providers) are *currently* not bothered by
>such actions. Authentication credentials are handed over without a
>moment's thought.

I'd better state my position. I'm horribly schizophrenic about this.

In my day job I'm programing a social network and use an invite library
from Octazen to help new members find their friends already on the
system and to invite others. It does exactly this, take an ID and
password for all the major webmail systems and get a bunch of email
addresses back. It works really well.

In my lunchtime and night job, I'm doing everything I can to help the DP
cause. And demanding OpenID and oAuth on things like the OpenSocial
mailing lists.

I guess that's realpolitik, for you. It probably makes me evil, as well
;)

This use case is pretty much core to DP.

Elias Bizannes

unread,
Feb 6, 2008, 10:13:04 PM2/6/08
to DataPortability.Action.Technical, dataportabili...@googlegroups.com
The whole issue of not having to put your password in for another
service to extract your details, ie Gmail to discover your friends for
a social network, seems like a good one to forward onto the Policy
group (this post is for them, so cc'ing them).

I like how Terrance puts it:
> This is exactly the anti-pattern we should be trying to discourage by
> using standards like OAuth. It separates authentication and
> authorization. As it is now, whatever service you give your credentials
> to becomes you - and you're trusting them not to store/forward your
> password and/or be malicious (delete your stuff). It's unnecessary and
> unsafe.

People should have the right to not compromising their security and
identity, when porting their data.

http://groups.google.com/group/dataportabilityactiontechnical/browse_thread/thread/246121352dad8fec

Good one.

Elias Bizannes

unread,
Feb 6, 2008, 10:14:19 PM2/6/08
to DataPortability.Action.Technical
I mean Terrell, sorry mate!

Craig

unread,
Feb 18, 2008, 4:49:09 PM2/18/08
to DataPortability.Action.Technical
Does anyone know if Octazen retrieves postal addresses and phone
numbers in addition to email addresses or are email addresses only
retrieved?


On Feb 6, 11:42 am, Julian Bond <julian_b...@voidstar.com> wrote:
> tav <ask...@gmail.com> Wed, 6 Feb 2008 17:17:58
>
> >> Please don't continue to put your password in forms that ask for it.
>
> >> You can help this group more by complaining loudly that asking for your
> >> credentials is not the right way to do things.
>
> >Whilst I am in vehement agreement with you, the reality is that most
> >users (and thus service providers) are *currently* not bothered by
> >such actions. Authentication credentials are handed over without a
> >moment's thought.
>
> I'd better state my position. I'm horribly schizophrenic about this.
>
> In my day job I'm programing a social network and use an invite library
> fromOctazento help new members find their friends already on the

Julian Bond

unread,
Feb 19, 2008, 3:24:18 AM2/19/08
to dataportability...@googlegroups.com
Craig <craig...@gmail.com> Mon, 18 Feb 2008 13:49:09

>
>Does anyone know if Octazen retrieves postal addresses and phone
>numbers in addition to email addresses or are email addresses only
>retrieved?

Only email addresses.

--
Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173
Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433
Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat

Keep Dry And Away from Children

Julian Bond

unread,
Feb 19, 2008, 3:31:04 AM2/19/08
to dataportability...@googlegroups.com
Craig <craig...@gmail.com> Mon, 18 Feb 2008 13:49:09
>Does anyone know if Octazen retrieves postal addresses and phone
>numbers in addition to email addresses or are email addresses only
>retrieved?

Sorry, my other post was not the whole truth. You get name+email but
that's it.

Outlook CSV obviously has a lot more. Some of the services that export
Outlook CSV export some other fields. but what you get varies widely
between services.

--
Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173
Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433
Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat

Reply all
Reply to author
Forward
0 new messages