Spock’s Scary Signup

Jeremy Zawodny’s post on the Spock signup process prompted me to write about another scary step – when you want to claim your profile.

I searched for myself, found myself (that’s a relief), and clicked to claim my profile and said I didn’t have an account. I got the page below:


In this case, I’m being asked to provide my login credentials (over HTTP, not HTTPS) for another site, and there’s no information at all.

Does Spock store these credentials? Does it use them to crawl anything private on my account? What if I change those credentials? And is “sit back” supposed to make me feel relaxed as you crawl through my data? I’m not relaxed.

It’s likely that their use is benign (although they’re still spoofing me on LinkedIn), but there’s no way for me to know that. Most of the users of the Twitter API, for example, message appropriately.

Those ****s you see above? Fake password that I tried on day of launch. Page 404’d anyway.

(Mentioned this to Dave McClure, who’s on their advisory board, during Gnomedex: hoping they do something better here.)

(Disclaimer: my employer and Spock are both in the People Search business. Rising tide lifts all boats.)


2 Responses to “Spock’s Scary Signup”

  1. Dave McClure Says:

    thanks for the feedback Scott… i’ll pass it along.

  2. Scott Ruthfield Says:

    great – wish them well!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: