You might like

31 Responses to sign-up rush exposes risky behaviour of social networkers

  1. Lee Cronin ✯ · 1636 days ago

    Could it be a planned new social networking site which is aiming to take over from facebook / twitter? Signing up like this would make it easier to migrate to a new social networking site. It would also allow a mass campaign when everyone's profile would simultaneously post messages about the great new site.
    If it offered better privacy - such as the ability to to control on an app by app basis on who sees posts made by that app, I'd consider moving.
    But like you say until we know for sure, it's not worth the risk. Maybe they are worried Facebook or Twitter will stop them before they can launch their idea.

  2. @rolfvb · 1636 days ago

    Graham - your general point is very well taken. People are way too willing to allow apps access to their data, the data of their friends & the ability to post on their behalf.

    IN THIS CASE however, Joe is absolutely the real deal. A true champion of our digital rights. Perhaps with a bit more Googling, you could have seen that for yourself, rather than trigger un-necessary alarm and question his name publicly in this instance. I hope and trust you tried to make contact with him before posting this. He is not at all hard to contact.

    I agree that he probably should have anticipated posts such as yours and provided a little more detail himself - in advance. I've emailed him about your post and i'm sure he'll show up here one's he's up and about CA time.

    • Thanks for the comment.

      Like I said, chances are that the website has good intentions and that Joe is a nice chap.

      The point is that people are signing up without thinking about what they are doing - as they have no information of what they are signing up for, and how they are allowing their social networking accounts to connect with an unknown third party service.

      I'm not saying that this third party service is good or bad (like the rest of the planet, I have no way of telling) - but users' behaviour in this instance leaves much to be desired and illustrates just how easy it is for rogue applications to spread.

    • Moreevilthanu · 1636 days ago

      Why should we trust your word on it any more than his? I DID Google it and know no more than I did 10 minutes ago except that he thinks he can kill me for knowing what the hell he's doing.

      Let him f**king try.

      • He isn't saying "don't ever sign up for this service", he's saying "don't sign up for this service, or any service, until you know what it's doing with your information." There's no reason one cannot wait a little until we all know what does.

      • Paul Ducklin · 1635 days ago

        As pointed out to us, the bit on the site which said "we're in ninja stealth mode so we can't say anything about ourselves or we'd have to kill you" (or words to that effect) has now been removed.

        I agree with you. The "if I tell you I'll have to kill you" joke wasn't funny when Tom Cruise said it in Top Gun, and it's gone downhill in the 25 years since. As an official statement in a company's "About" comments, appearing close to the bit about how important privacy and control are, it was odiously out of place.

        Anyway, it's gone now.

        For fun, see:

      • jennifer · 1635 days ago

        Yes...I am reading some of this info. and all I have been trying to find out is "How do you know who visits your profile" People are posting that to facebook. I do not know if that is a scam, but the "police security" is going to know? There is no app for this as far as I know, but you have to sign up, and purchase by the month...what is your take

    • Mrs. W. · 1636 days ago

      I felt the same way about Quora. If I'm presented with a page that asks me to register and log in with no obvious link to let me check out the functionality of your site, I'm suspicious. If I dig around, it's on every other page -- why not on the homepage?

      Maybe you have invented the greatest thing since sliced bread, but it seems more likely that it's a ploy to claim higher subscription numbers than you're worthy of. And if that's what you're doing, I refuse to be counted.

      So many websites have no functionality to delete your account once they are opened, and I have to think claiming a subscriber base is part of it. I have no doubt that Facebook hides the link to delete your account for this very reason.

      If you're the real deal, act like it instead of manipulating people's curiosity. Be transparent. And if you're a user, refuse to be manipulated.

  3. Posting a comment here to ask about the aforementioned regaling of my account keys by allowing earlier, has entailed ironically handing the keys to my Twitter account to IntenseDebate by Automatic. #potkettle?

    • You can comment as a guest on the Naked Security site (and many people do), which means that you don't have to associate a Twitter or Facebook or WordPress or IntenseDebate account with your comments.

      Of course, some people choose to login via one of those services (which can mean they can get a snazzy avatar and some other benefits).

      But at least IntenseDebate is pretty transparent about what it is...

  4. If you don't like the web app, why even complain because you can just easily say no and not signup or allow them to see your information. The internet is like the streets of a bad neighborhood. You might or might not be mugged or robbed. In real life, anyone with the common sense would say no and stay away from that neighborhood. The same with the internet, be smart and stay away from something you consider dangerous. It's that simple! But it's your choice to do it or not, so complaining or warning people with said accusations will just make them do what you're asking them not to do. I have a strong opinion on this but judging a book by its cover isn't right. So I could go either way with this article but for the moment I'll do the smart thing and wait until they release more info.

    • Paul Ducklin · 1635 days ago

      Actually, the internet isn't much like the streets at all. Real-world analogies involving roads almost always get you into trouble - as soon as you make them, you're stuck with issues like, "Should we have internet driving licences? Precise regulation by public servants? Toll roads? Congestion charges? Should we have left-turn-on-red by default, or not?"

      As for judging book by its cover - in this case, there IS only a cover. So you must judge by that. You can only ask "About" on the main page, and that tells you that "We believe privacy, control, and portability are requirements, not features."

      The key words here - privacy and control - are coloured red to make them look both important and clickable. Apparently, however, to this site they are neither.

      Incidentally, you agree with Graham - his point was not to judge too early, but to wait until you have enough info, a useful caution which thousands seem to have abandoned in this much for encouraging this behaviour by warning about it :-)

      • I agree with what you are saying, but that pointless sarcasm at the end threw me back. lol just kidding. I can rant sometimes to where it feels like I'm running off subject, so please don't take that in a bad way. My question is though, why not leave a situation like this run its course to where it could fail our succeed? My point is, the website looks official in a way but seriously needs more attention to information. In other cases websites that are scams look crude and far out from being what they are actually preaching. So, confidentiality is up to the user who clicks on the share button or gives out their email address. It's a dog eat dog world, trying to stop it with making attention to it won't fight the fire. In the aspect of Facebook, only they can try to stop scams via their web service. The same goes out to Google, and MySpace, and maybe even your own personal site. You just can't bring the warning to the user, because the user will go back and ruin the message that's out there to help them. The way to stop this process of scamming is to go to the source!

        • Mrs. W · 1634 days ago

          But there are some scams, most notably some of the banking phishes, that look completely legit. The point is that users need to replace the old heuristic in their head that just because a site or an e-mail looks slick means it is good and safe. Simple appearances can go a long way towards lending people credibility and authority, whether or not they deserve it. Con men often invest in nice clothes. FakeAV companies often create professional looking "products."

          We need to be asking: do I know who is (really) asking for the information, and do I trust them for good reason?

          Where's this guy's CV? What have the principals done in the past (details, please). Where are his references? The decision to give data or credentials over to a website should be like a job interview. If the person comes highly recommended from a trusted other, fine. If not, can he really do the job?

 is also manipulating one of our biggest weaknesses by employing the scarcity principle (get your name before it's too late!).

          Personally, I'm a late adopter, so I wait for these trusted others to put their word in. I don't jump on every bandwagon that rolls by offering the latest and greatest, especially when I am so obviously being pressured to do so.

  5. Kyle Monk · 1635 days ago

    I don't know why everyone is getting their panties in a twist, this article makes a very valid point.

    You are handing over access to one (or all) of your social networks with no knowledge of what it is doing with said account (bar spamming a link to itself everywhere). Very rash if you ask me.

    Calm down people

  6. jamEs · 1635 days ago

    You do make a good point, and I will admit to being one of those who rushed out to signup. I find my mentality is that there are so many new social apps out there that I want to get in on the ground floor. As you can see with platforms like Twitter, usernames are at a premium, so acquiring a desired username on the next up and coming service is something that appeals to me.

    From my perspective, a premium domain name, good layout and typography, passed the sniff test for me.

  7. svcghost · 1635 days ago

    Whatever it is, it's pretty sad that so many people are signing up for it and allowing it access to their FB and Twitter accounts. But that's how the majority of social network users are for now. Maybe in 10 years the majority will be naturally practicing safe computing.. but until then we'll continue to see tinyurl links and MUST SEE NOW facebook pages on a daily basis.

  8. Very valid point - too bad i signed up just before reading this article. It did cross my mind, but i thought: i'll do it with my twitter account. I use it all the time to post links and article of interest, but there is nothing really private about it - whereas my facebook account is. So i signed up with twitter, feeling it's public data anyway. Am i being naive?

  9. @rolfvb · 1635 days ago

    Not sure if this privacy policy was already there yesterday - I had to scroll down to find it. Anyway - I think it addresses your concerns.

    • Mrs. W · 1635 days ago

      Who cares? A privacy policy is only as good as the people/company who stand behind it. Anybody can buy a domain name and publish any old crap; it doesn't have to be true.

  10. aalaap · 1635 days ago

    This post opened my eyes! Thanks!

  11. Steven Groves · 1635 days ago

    Looked a bit deeper myself - legit group IMHO; ironically focused on the VRM / consumer privacy segment and working on a formal rollout at SXSW - more here

    Now that all being said Grahams point about ppl giving away their info and account access blindly - he's right, it's not the right way for consumers to act, but they do it. BTW, they did comment about Grahams article in their post too so, yes, social media is working very nicely today.

    Joe, Drummond, Dean & Marc - let's see what this baby has under the hood...

  12. @rolfvb · 1635 days ago

    It's all explained here folks:

  13. I used LinkedIn then quickly killed its access on the LinkedIn Account Settings page for Application Access :

    Suprisingly, I didn't see this link come up when I did a Google search. Maybe it'll help others...

    Valid point by author for non-savvy Internet users.

  14. Take a look at if you're worried about or Facebook in regards to online privacy. It's a peer-to-peer social network that never transmits or stores your data on their servers.

    • Mrs. W · 1633 days ago

      This begs the question: and who the hell are you?

      I mean, really, did you read the post or the comments thereon? You have no privacy policy either, and there's no name associated with your service that anyone can go have a look at. No press releases, no PR, no reviews, no nothing.

      Methinks you're next in line for a blog post calling you out. Assuming you're big enough to bother. . .

  15. Gary · 1630 days ago

    @rolfvb - clear as mud. I think it is absolutely shocking that nothing more than a blog post, a presentation at #sxsw and a "nice guy" twitter feed at @simple 10 has 10,000 people signing up to give access - Graham's point is absolutely correct and that is users should not be handing out access to their account until they know what the service is actually doing that they are handing the information over to.

    But by now I should know better...

  16. Gary Rowe · 1409 days ago

    The fact that people give up identifying data and access to their social grid is certainly a concern, especially if you don't know who it is or what they are doing. I know the people at and they have very high integrity and are actually doing something that could be useful in navigating the social web. They are establishing a social vouching and discovery infrastructure across all major social networks. The product is still in beta but you can find out more at

    Gary Rowe

  17. I like because it allows me to "touch" and organize and see how many VCs, founders and startups are following me. @simple10

  18. I joined after it was recommended by someone I trust. Ironically, that is what is all about... credentialing people through first-hand knowledge.

    Graham makes a good point, though. I haven't taken my social identity as seriously as I should. As a social media explorer, I have to try out these sites. From now on I am going to use my junk account to take my first steps.

    Thanks, Graham, for waking me up. (I'm still a fan of though).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley