Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Connect.me sign-up controversy continues – have your say!

10 Mar 2011 16 Facebook, Law & order, Privacy, Social networks, Spam, Twitter

Post navigation

Previous: Connect.me sign-up rush exposes risky behaviour of social networkers
Next: Update your Apple devices to iOS 4.3, or risk malicious code attacks
by Paul Ducklin

Connect.meGraham Cluley’s recent article about stealth-mode social networking newbies Connect.me has stirred up a lot of controversy.

The Connect.me site has exactly two pages – at least, it does if you don’t sign up. The main page simply invites you to Reserve your username and get early access; this page takes you to a second page which simply says Login with [Facebook] [Twitter] [LinkedIn]. That’s how you login, even if you’re an existing user.

Oh. There’s a link on the main page which opens up a half-screen of About text. The important part of this is: “We believe privacy, control, and portability are requirements, not features.” The highlighted words look as though they’re links to further information, but they’re not.

Graham’s article provoked numerous comments agreeing with us – some said that a site which asks you to sign up with no indication of (indeed, which deliberately suppresses) its proposed business is Just Plain Wrong. But others roundly said that we were unfair, and ought to have given these newcomers time to show us what they were all about before expressing an opinion.

Well, we've finally had a response from someone called Drummond Reed, claiming to be from Connect.me.

I'm going to continue the controversy on Graham's behalf, by quoting and responding to Mr Reid.

Then I'll ask you, our Naked Security readers, to vote on the issue.

Here we go.

Hi Graham, this is Drummond Reed from Connect.Me. Great post! We couldn't agree more about the need to address privacy concerns around social sign-in.

Hi, Drummond.

If you agree, why don’t you make a point of showing that you agree, and that you care, on your site itself? (Your site now has a privacy policy – and not much else about what it’s up to – but you added it only after the controversy broke.)

Your post seemed to have help fuel the sign-up rate at Connect.Me today.

That’s nice for you. Ironic, of course, but nice for you. In return, could we ask you to return the favour by saying something meaningful on your site about what you plan to do with the information you collect?

What will you store? Where will you store it? How do you intend to use it in future? Most importantly, how do I contact you to withdraw my permission to keep it? And how long will you take to delete it?

It will be great fodder for conversation at SXSW this weekend.

Have a good time, Drummond. (I’m sincere with that wish.) But talk is cheap. And SXSW isn’t about security, privacy and on-line identity, is it? It’s about musical and filmic content – creating it and publishing it.

How about coming to a security conference as well, and throwing yourself into the conversations you get at that sort of event? If you can make it to Infosec in London, England, in April (or to AusCERT in Queensland, Australia, in May) I’d like to invite you to the Sophos stand.

We’ll love to have someone from connect.me take part in a panel discussion on our stand – and we’ll buy the beers.

To put any fears to rest, we're not scammers. We're people from the Internet identity and privacy space working to help make a better, safer social web.

Thanks. That makes me feel better. I think.

But I’ve read words that are equally earnest, and which sound just as sincere, from Advance Fee Fraudsters, from peddlers of fake anti-virus, and from those call centres which say they’re from Microsoft and they’ve phoned especially to help.

The point is that if you really care about privacy, you shouldn’t ask people to enter into any sort of on-line social contract without explaining who you are, what your intentions are, and what mechanisms you have in place – now and for the future – to protect that privacy.

In fact, it’ll almost be worse if you guys really do turn out to be legitimate. Because the tens or hundreds of thousands of users who’ve taken a risk on you and got away with it will be more inclined to take risks again. Next time they do, it probably won’t be Drummond Reed, Nice Guy of the Net.

Please be more open and less marketroidistic! I suspect we agree about the end result. But not about how you have gone about reaching it.

And now, Naked Security readers, what do you think? Please vote in our poll:

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Home

Sophos Home

Protect personal PCs and Macs
Hitman Pro

Hitman Pro

Find and remove malware
Sophos Intercept X for Mobile

Intercept X for Mobile

Protect Android devices

Post navigation

Previous: Connect.me sign-up rush exposes risky behaviour of social networkers
Next: Update your Apple devices to iOS 4.3, or risk malicious code attacks

16 comments on “Connect.me sign-up controversy continues – have your say!”

  1. Matthew Ross says:
    March 10, 2011 at 6:32 am

    Seems like the shortest privacy policy that I've ever read. Almost like someone who didn't have a law degree wrote it. Usually I skim those because of all the "We" and redundancy statements they make. And also cause they are like 10 to 20 pages long. They also usually longer for the social websites because of all of your information they take in. I could have even written what is on their website.

    Reply
    • Paul Ducklin says:
      March 10, 2011 at 7:02 am

      A short privacy policy isn't necessarily bad 🙂 (It may be contraindicated in a world in which the other guy can come at you with a lawyer, but there you go.)

      But this is the bit which worries me:

      "At this time, we use Social Connectors such as Facebook Connect, Twitter and LinkedIn for two purposes only:

      1. To provide a simpler login experience for our users
      2. To allow our users to share news, updates or information about themselves or Connect.Me"

      So you login to connect.me with an existing "social connector"- e.g. to Facebook – so that you can, ah, use that "social connector" to do exactly what it's already intended for, viz. "to share news, updates or information about themselves or Connect.Me" (or, indeed, to share news about anything you like).

      If that is indeed the ONLY purpose, aside from simplicity, for which they rely on your Facebook, etc. login, then…help me here, guys…

      …why not just log in to Facebook, etc. and be done with it?

      Reply
  2. svcghost says:
    March 10, 2011 at 7:03 am

    I don't think boycotting it will really work. Also, I can't see a law prohibiting this capable of existing. People will always be trying to do similar things (whether safe and legitimate or for mal-intentions). It's the layman that needs to be trained to not be so gullible, carefree, and oblivious. They seem to never learn though. I think info security and safe computing will become increasingly popular among these people as time goes on and as we rely more on technology / incorporate it more into our daily lives.

    Reply
  3. @scam_detectives says:
    March 10, 2011 at 8:56 am

    Who owns Connect.me? The privacy policy states that the site is owned by "Respect Network Corporation" based in San Francisco.

    Google the Corporation and you get exactly one result – connect.me!

    A whois search reveals an address of 321 11th Street San Francisco, which is a multi-occupation office building, but there's no mention of a website/identity for "Respect Network Corporation"

    Is there no requirement in the US for a business to provide accurate contact details on it's website?

    As for the comment "We're not scammers" – That ranks alongside "this transaction is 100% risk free" as perhaps the biggest indicator that something's amiss. When did Facebook ever advertise "we're honest folks, honestly!"

    I'm all for startups creating a buzz about their offering, but not by witholding vital information and undoing the work done by sites such as Naked Security to educate people about protecting their online privacy.

    Reply
  4. J12 says:
    March 10, 2011 at 9:30 am

    "To put any fears to rest, we're not scammers. We're people from the Internet identity and privacy space working to help make a better, safer social web."

    Wow, thats the most vague statement ever. Somewhere, someone is just celebrating their win at buzzword bingo.

    I'm not signing up with these folk till I know more, no way …

    Reply
  5. Richard Wall says:
    March 10, 2011 at 9:37 am

    To a certain point the user that signs up to such a site is responsible for their own actions. Some scam site could post "I'm a SCAM" and people would probably still sign up. It’s like that classic pop-up that asks you to insert your card and bank details to check if you've been a victim of on-line fraud.

    On the other hand I am quite curious as to who and what these guys are/up to and the only way were going to find out is wait and see. It is possible that they aren't the most intelligent bunch and don't realise that they look like a scam.

    —Anyway I'd be up for signing up and reserving my name using a fake account so they don't have any personal details. All the fun with none of the risk.

    Reply
  6. Arthur Brock says:
    March 10, 2011 at 10:07 am

    For what it's worth, Drummond has been heavily involved in identity and privacy projects for quite a while. His work on XDI/XRI, i-Names, i-Numbers and link contracts is one example of a group finally getting most of it right.

    All that stuff was structured for YOU to own and control all your data, manage it in one place and share it via revocable link contracts with others instead of having to enter and update it in hundreds of different places. I've built some of their principles into some of my own tools and platforms.

    I don't know much about connect.me, but personally, I have enough trust in Drummond not to have concerns. I signed up for i-Names and have been pretty happy about that, but I haven't even signed up on connect.me yet, so I really have no idea why thousands of people who don't know Drummond would be storming the field to give away their social contact information.

    I thought they were only inviting friends, setting up viral twitter posts may have been premature.

    Your words of caution are quite sensible.

    -art

    Reply
    • kookoo4kokopuffs says:
      January 9, 2012 at 11:25 am

      after you have your friends and family all in one place its going to be easier for these scammers and the government to find and identify you. The scam is probably just getting a real census of the ppl in the world before the government makes the decision as to population control,And how thier gonna get rid of everybody. Scary but i read sumin last year about whats to come in the future.,with the Government and technology and it was scary and wish i'd never put anything on the internet.

      Reply
  7. @almagpie says:
    March 10, 2011 at 10:29 am

    Did anyone see the episode of BBC drama Hustle recently about the nasty football agent? SPOILER ALERT for those who have not yet watched it off their generic personal video recorder… but…
    The twist at the end was that Ash (Robert Glenister's character) had a bump on the head which made him unable to tell a lie. Ridiculously convoluted plot twist aside, the con still succeeded, despite him saying to the "mark": "Don't give us your money, you'll never see it again, it's a con". The mark was so greedy and gullible he assumed this was a huge joke and transferred half a million smackers right there and then.
    So yes, greed, ignorance, desire to get ahead of your peers, vanity…. will all make people take stupid risks even against the strongest good advice. Human nature is a wonderful, bizarre and deeply flawed thing!

    Reply
  8. Anne Thomas Manes says:
    March 10, 2011 at 1:52 pm

    Here's what Drummond Reed has to say about the connect.me launch on his blog: http://www.equalsdrummond.name/?p=418
    I know and trust Drummond, so I plan to track connect.me. But I'm not willing to sign up for it yet. I find it very ironic that he would execute this type of stealth launch–demanding my twitter credentials to reserve a connect.me name. Perhaps he's gathering data about people's disregard for privacy protection.

    Reply
    • svcghost says:
      March 11, 2011 at 12:42 am

      I highly doubt that those behind connect.me are running some case study to show how people are careless with their data. I also doubt that, if they WERE doing this, it would stop people from continuing to be so careless.

      Reply
      • disconnect.me says:
        March 11, 2011 at 12:57 pm

        I agree that it is unlikely to be a case study of this kind, but that doesn't stop me wishing it were.
        They could then automatically port all the accounts onto a sister site (with a name such as "scam.me"?) as a kind of one-stop shop for those who make their living from happy clickers – it would be deserved, educational, funny & practical.
        #7 on the ToS certainly grants them the rights to at least make a 'gullible gallery' of mug shots 🙂

        Reply
  9. homerbufflekill says:
    March 10, 2011 at 7:40 pm

    It's cool baby, I'm from the internet.

    Reply
  10. Shava Nerad says:
    March 11, 2011 at 12:06 pm

    SXSW Interactive has been running since at least 2006, and does deal with privacy/security/identity issues at least peripherally. Twitter premiered there in 2007, and it’s a conference a lot of services like to use as a launchpad from stealth-mode.

    Reply
  11. @bikehugger says:
    March 11, 2011 at 6:50 pm

    Stupidest thing they've done is presume we care about stealth mode and launch at SXSW.

    Reply
  12. Troxler says:
    July 11, 2012 at 6:41 pm

    If anything, this has been a simple failure in disclosure of business practices and the underlying business model. Being in stealthmode is no excuse for lack of transparency, however.

    Seems that Connect.me is looking to bridge the divide between consumers and restrictive legislation around privacy. Instead of the typical black v white posturing between legislators and consumer advocacy groups, Connect.me is creating a grey space where consumers can gain greater explicit control over how, when and why marketers interact with them across devices and experiences.

    Consumers gain the ability to turn the tap on and off on their own terms. They gain the advantage of (hopefully) higher value (read relevant) communications.

    Marketers gain access to a high-value, highly segmented audience that are self-qualified through explicit opt-in.

    I don't know about you – but would you prefer politicians develop *your* personal privacy policy or would you want to manage it yourself. Understandably, this is a big leap of faith to entrust your data to a private sector enterprise; but the benefits could outweigh the risks.

    Reply

Leave a Reply to svcghost Cancel reply

Recommended reads

Nov12
by Paul Ducklin
0

S3 Ep6: How not to get scammed [Podcast]

Nov18
by Paul Ducklin
2

Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world

Dec07
by Paul Ducklin
7

German divers find Enigma crypto machine on seabed

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2021 Sophos Ltd. All rights reserved. Powered by WordPress.com VIP