Also Yaari.com has changed its user interface and now sharing email password is not mandatory, though you're tempted to do so. This is a good development and my below post is now rendered somewhat redundant.
------------- Original Post begins -----------------
An observation which I call a side effect of Web2.0 concept, many of the community websites are openly misusing web service technology to increase their member base by invading everyone’s privacy under false identity.
If the opening sentence appears confusing, read this:
You get a mail which says “ABC wants you to join Yaari.com, click here to Join Yaari.com else ABC may think you said NO to his/her request” (See image). You know that person, so click YES or ACCEPT and you’re taken to registration page of that website, where you’re required to enter your email password besides other details. Without knowing the impact, you provide your email password as well and proceed with browsing the site. Next moment, everyone in your email contact book get an invitation, saying you’ve invited them to join YAARI.com…Later say while chatting, you tell ABC that you’ve accepted his/her Yaari.com invitation, he/she says he/she never sent you any invitation at all.
If you’ve experienced above scenario, you might be wondering why this is happening or what is going on. This post gives you full details.
What is happening behind the screen?
With the advent of technology, application to application communication has become extremely easy. Once you enter your email password at Yaari.com (or any other such sites) following happens:
YAARI.com will electronically approach your email service provider and says the following: “See, I’ve been authorized by Mr. ABC to enter his/her mailbox and collect email IDs in his/her address book. I have his/her password as well, if you wish to verify. ”
The email client is thus fooled into believing that you’ve really authorized Yaari.com (because password is found valid) and gives all email addresses in your address book to Yaari.com. Next moment Yaari got what it wanted, it sends invitation to all these addresses under your identity saying you want them to register at Yaari.com (while you’re not even aware what is going on). Most of them register with Yaari, give their email passwords and the chain grows exponentially.
This ill mannered behavior is quite common in most of today’s community websites, who desperately need member base to survive and not many people will register at these sites under normal conditions, since there’s nothing much unique about them or there’re dozens of other websites are in place already offering similar services. So they resort to this kind of cheap tactics.
How come most reputed email service providers like Gmail, Yahoo and MSN be so careless and let such blunders happen?
This happens because they are service enabled. The original intention of enabling web service was to facilitate application to application interaction, so that the need for manual intervention is eliminated and life gets simplified for end user. There are enough authentication mechanism in place but above said websites cunningly bypass these measures.
Besides yaari.com there’re several such websites which are involved in similar fraud. Some of them are Gazag, desktopdating etc (Gazag atleast allows you to skip the step of sharing your email ID)
Just to check how responsive they are, one month ago I sent to two mails to Yaari…One to firstname.lastname@example.org asking them to allow me explore their site without having to share my email password, other to email@example.com asking them why is that I’ve got an invitation while my friend says he never sent any invitation. As expected, I’ve not received any response till date.
Further, if you care to read carefully, it is very much official that Yaari is intruding privacy. Below is the text which appears right below Yaari registration page. (How many of us ever read terms of service and privacy policies anyway?)
Because you’ve bothered to register they have taken for granted that you like their site very much and want to invite all your contacts to join you at yaari…That is really an extremely ill mannered behaviour.
Thumb rules while registering with Social networking sites:
1. Invite your friends to a site IF and ONLY if you’ve explored the sites fully and like it very much or find it really useful.
2. If you get an invitation, spare a moment and cross check with your friend if he/she has willingly sent that invitation.
3. Ideally a site should allow you to register first and then prompt you to invite your friends. If it is insisting you invite all your friends even before you complete the registration process, in all probability this site is not worth registering. (Because they doubt you’ll never invite any one after registering, hence forcing you to share your email passwords.)
4. Do not fall for temptations like iPod or other gifts some sites might be offering for referring friends. 99% cases you won’t be getting any. Decide which one you value more-a friend whose email ID you’ll be compromising upon or the small gift you may win…
5. We practically don’t need dozens of social networking sites. One or two at the most would be more than sufficient.
6. Think 100 times before sharing your email password with unknown sites. It invades others privacy at the risk of your credibility. Imagine the embarrassment it will cause when such invitations go to your boss, clients, business contacts etc…
Related: Orkut and Employee Productivity| Orkut as a marketing tool* Missing features in our social networking sites * how google can make orkut a better place