info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: lawful way to import contacts from third party email services
30 views
Skip to first unread message
Message has been deleted
John Levine
Apr 25, 2013, 5:02:52 PM4/25/13
to
In article <ed1b4e0f-572c-4fd3...@googlegroups.com>,
<johny...@gmail.com> wrote:
>Hi everyone, I'm posting for the first time here, so if I'm OT here, please guide me to the relevant newsgroup.
>
>We're building a browser based SaaS application (where the website itself is the application) in which
>we need to provide a feature to import contacts from user's gmail / hotmail / yahoo accounts etc.
>
>Which of the two below is a lawful way to do this?
It's impossible to answer this question without knowing what country
you're in,
In the US, there's basically no privacy law other than HIPAA about
medical information and a few oddball statues like the video rental
one. In most of the rest of the industrialized world (Europe, Canada,
Australia, etc.) there are privacy laws that make it flatly illegal to
maintain dossiers of information about individuals without the consent
of the subjects.
Assuming what you're doing is legal where you are, the large webmail
systems all have APIs to access their address books. In several cases
they use something like oauth to let your user authorize you to look
at his or her address book without giving you the password. Keep in
mind that giving you their password is invariably a violation of their
terms of service.
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
<johny...@gmail.com> wrote:
>Hi everyone, I'm posting for the first time here, so if I'm OT here, please guide me to the relevant newsgroup.
>
>We're building a browser based SaaS application (where the website itself is the application) in which
>we need to provide a feature to import contacts from user's gmail / hotmail / yahoo accounts etc.
>
>Which of the two below is a lawful way to do this?
It's impossible to answer this question without knowing what country
you're in,
In the US, there's basically no privacy law other than HIPAA about
medical information and a few oddball statues like the video rental
one. In most of the rest of the industrialized world (Europe, Canada,
Australia, etc.) there are privacy laws that make it flatly illegal to
maintain dossiers of information about individuals without the consent
of the subjects.
Assuming what you're doing is legal where you are, the large webmail
systems all have APIs to access their address books. In several cases
they use something like oauth to let your user authorize you to look
at his or her address book without giving you the password. Keep in
mind that giving you their password is invariably a violation of their
terms of service.
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
Message has been deleted
deadrat
Apr 26, 2013, 2:51:24 AM4/26/13
to
On 4/25/13 11:34 PM, johny...@gmail.com wrote:
> On Friday, April 26, 2013 3:39:35 AM UTC+5:30, deadrat wrote:
>>
>> with a proper line length.
>
> By that logic you should drain confidence in Google as their service,
> Google Groups didn't split the lines as you expected.
You're using Google Groups and you're not too embarrassed to admit it?
My confidence is completely gone.
>> (where the website itself is the application) in which we need to
>>
>> provide a feature to import contacts from user's gmail / hotmail / yahoo
>>
>> accounts etc.
>>
>>>
>>
>>> Which of the two below is a lawful way to do this?
>>
>>>
>>
>>> 1. User types in his gmail username and password in our application (which is running in the browser). The browser communicates these to the backend server. The backend server logs into the user's gmail account and imports the contacts.
>>
>>>
>>
>>> 2. User types in his gmail username and password in our application running in the browser. The browser uses the gmail API (assuming there's one) to log into the user's gmail account and subsequently imports the contacts. The browser communicates the contacts to the backend server for permanent storage.
>>
>>>
>>
>>> We've not yet researched into the APIs but this post is to get a general understanding on what's lawful, and what are the pros and cons of each approach. And perhaps there are other approaches?
>>
>>
>>
>> There's certainly a gmail API, but tell us what you think might be
>>
>> illegal about either scheme.
>>
>
> I had found another newsgroup later where the question was answered well:
> https://groups.google.com/forum/#!topic/misc.legal.computing/gy6u6bgLm3E
Sadly, no.
You have a response from a Mr. Levine who opines on privacy laws, but
it's difficult to see how you could violate the privacy (in the legal
sense) of someone who gives you permission to access his contact list.
Mr Levine also says, "Keep in mind that giving you their password is
invariably a violation of their terms of service." A quick look at the
gmail terms of service reveals that this statement is untrue. Even were
it correct, the violator of the terms of service would bear the
consequences, not you.
Out of idle curiosity, I'll ask again: What laws or torts did you
think it might be possible to violate by accessing information with the
permission of the owner?
>
> Thanks
> John
>
> On Friday, April 26, 2013 3:39:35 AM UTC+5:30, deadrat wrote:
>> On 4/25/13 1:35 PM, johny...@gmail.com wrote:
>>
>>> Hi everyone, I'm posting for the first time here, so if I'm OT here, please guide me to the relevant newsgroup.
>>
>>>
>>
>>> We're building a browser based SaaS application
>>
>>
>>
>> I'd have more confidence in your application if you could post messages
>>
>>> Hi everyone, I'm posting for the first time here, so if I'm OT here, please guide me to the relevant newsgroup.
>>
>>>
>>
>>> We're building a browser based SaaS application
>>
>>
>>
>>
>> with a proper line length.
>
> By that logic you should drain confidence in Google as their service,
> Google Groups didn't split the lines as you expected.
You're using Google Groups and you're not too embarrassed to admit it?
My confidence is completely gone.
>> (where the website itself is the application) in which we need to
>>
>> provide a feature to import contacts from user's gmail / hotmail / yahoo
>>
>> accounts etc.
>>
>>>
>>
>>> Which of the two below is a lawful way to do this?
>>
>>>
>>
>>
>>>
>>
>>> 2. User types in his gmail username and password in our application running in the browser. The browser uses the gmail API (assuming there's one) to log into the user's gmail account and subsequently imports the contacts. The browser communicates the contacts to the backend server for permanent storage.
>>
>>>
>>
>>> We've not yet researched into the APIs but this post is to get a general understanding on what's lawful, and what are the pros and cons of each approach. And perhaps there are other approaches?
>>
>>
>>
>> There's certainly a gmail API, but tell us what you think might be
>>
>> illegal about either scheme.
>>
>
> I had found another newsgroup later where the question was answered well:
> https://groups.google.com/forum/#!topic/misc.legal.computing/gy6u6bgLm3E
Sadly, no.
You have a response from a Mr. Levine who opines on privacy laws, but
it's difficult to see how you could violate the privacy (in the legal
sense) of someone who gives you permission to access his contact list.
Mr Levine also says, "Keep in mind that giving you their password is
invariably a violation of their terms of service." A quick look at the
gmail terms of service reveals that this statement is untrue. Even were
it correct, the violator of the terms of service would bear the
consequences, not you.
Out of idle curiosity, I'll ask again: What laws or torts did you
think it might be possible to violate by accessing information with the
permission of the owner?
>
> Thanks
> John
>
Message has been deleted
0 new messages