Jeremy Zawodny’s post on the Spock signup process prompted me to write about another scary step – when you want to claim your profile.
I searched for myself, found myself (that’s a relief), and clicked to claim my profile and said I didn’t have an account. I got the page below:
In this case, I’m being asked to provide my login credentials (over HTTP, not HTTPS) for another site, and there’s no information at all.
Does Spock store these credentials? Does it use them to crawl anything private on my account? What if I change those credentials? And is “sit back” supposed to make me feel relaxed as you crawl through my data? I’m not relaxed.
It’s likely that their use is benign (although they’re still spoofing me on LinkedIn), but there’s no way for me to know that. Most of the users of the Twitter API, for example, message appropriately.
Those ****s you see above? Fake password that I tried on day of launch. Page 404’d anyway.
(Mentioned this to Dave McClure, who’s on their advisory board, during Gnomedex: hoping they do something better here.)
(Disclaimer: my employer and Spock are both in the People Search business. Rising tide lifts all boats.)