Facebook's paranormal friend recommendations *whoo-oo-ooo!*

[eponymousarchon]

Okay - this is freaky [Update, I think I've partly figured this out - but it's still scary and possibly worse - see below]

One of Facebook's more-fun features (I find) is the 'Suggestions Friends' page, wherein Facebook looks at your friends and who they friend and looks for patterns that suggest people that you might know and want to friend.

Comments

Please read all my mail? No thanks.

[quaestor23]

Sorry I can't understand why people give their webmail password out to other sites. It's like giving root access to someone who wants to chown a file. ie you are giving away WAY more power than the task actually requires.

An approach adopting the precautionary principle would be to dump your addressbook, from where you can add candidate email addresses to Facebook's Foe Finder or whatever. For the vast majority of people this is likely to amount to maybe 20-50 addresses: a few minutes of cut-n-pastery.

Give it the password, and it can grab a copy of every email you've sent and received and, potentially, do pretty unspeakable things with them... that information is gold dust to marketers and they will pay sufficient for it that morals or privacy codes go out the window (all it takes is one employee, qv T-Mobile)... Even if they don't do anything with them, they may just keep them hanging around, increasing the attack surface by which someone might be able to hack in and steal them... No no no no. The minor convenience of automatically spamming your friends, and a larger number of completely irrelevant people, to say "hi I'm on $social_networking_site", is not worth the risk of such valuable data.

I raised a quizzical eyebrow when I first saw one of these "give us your password for some other site that's nothing to do with us" boxes, because isn't divulging your password in this way contrary to the terms of use of most sites? And as a general rule, people ought to be of the mindset that typing your password for site A into site B is something you NEVER DO. These friend-finder gadgets are legitimising what should be a wholly illegitimate idea. Phishing has probably never been so easy.

Twitter has it right. An API for remote access, but you don't (or shouldn't anyway) need to type your password into any other site, just be logged into Twitter, which will ask your permission.