This post is written for www.enidhi.net If you're reading this on other sites, the site is copying my content.

Friday, August 31, 2007

Yaari, Desktopdating and other ill mannered websites

Major Udate: Aug 2008: Lots of readers are landing here while searching for desktopdating. This post has no information as to what desktop dating is. Last year while I was writing this post, www.desktopdating.com had a decent login page which invited visitors to signup by giving their email ID and email password (subsequently spamming all contacts in their addressbook). At present this site shows links to some adult content and should be avoided.

Also Yaari.com has changed its user interface and now sharing email password is not mandatory, though you're tempted to do so. This is a good development and my below post is now rendered somewhat redundant.

------------- Original Post begins -----------------

An observation which I call a side effect of Web2.0 concept, many of the community websites are openly misusing web service technology to increase their member base by invading everyone’s privacy under false identity.

If the opening sentence appears confusing, read this:
You get a mail which says “ABC wants you to join Yaari.com, click here to Join Yaari.com else ABC may think you said NO to his/her request” (See image). You know that person, so click YES or ACCEPT and you’re taken to registration page of that website, where you’re required to enter your email password besides other details. Without knowing the impact, you provide your email password as well and proceed with browsing the site. Next moment, everyone in your email contact book get an invitation, saying you’ve invited them to join YAARI.com…Later say while chatting, you tell ABC that you’ve accepted his/her Yaari.com invitation, he/she says he/she never sent you any invitation at all.
Yaari.com invite
If you’ve experienced above scenario, you might be wondering why this is happening or what is going on. This post gives you full details.

What is happening behind the screen?
With the advent of technology, application to application communication has become extremely easy. Once you enter your email password at Yaari.com (or any other such sites) following happens:
YAARI.com will electronically approach your email service provider and says the following: “See, I’ve been authorized by Mr. ABC to enter his/her mailbox and collect email IDs in his/her address book. I have his/her password as well, if you wish to verify. ”
The email client is thus fooled into believing that you’ve really authorized Yaari.com (because password is found valid) and gives all email addresses in your address book to Yaari.com. Next moment Yaari got what it wanted, it sends invitation to all these addresses under your identity saying you want them to register at Yaari.com (while you’re not even aware what is going on). Most of them register with Yaari, give their email passwords and the chain grows exponentially.

This ill mannered behavior is quite common in most of today’s community websites, who desperately need member base to survive and not many people will register at these sites under normal conditions, since there’s nothing much unique about them or there’re dozens of other websites are in place already offering similar services. So they resort to this kind of cheap tactics.

How come most reputed email service providers like Gmail, Yahoo and MSN be so careless and let such blunders happen?

This happens because they are service enabled. The original intention of enabling web service was to facilitate application to application interaction, so that the need for manual intervention is eliminated and life gets simplified for end user. There are enough authentication mechanism in place but above said websites cunningly bypass these measures.


Besides yaari.com there’re several such websites which are involved in similar fraud. Some of them are Gazag, desktopdating etc (Gazag atleast allows you to skip the step of sharing your email ID)

Just to check how responsive they are, one month ago I sent to two mails to Yaari…One to help@yaari.com asking them to allow me explore their site without having to share my email password, other to abuse@yaari.com asking them why is that I’ve got an invitation while my friend says he never sent any invitation. As expected, I’ve not received any response till date.

Further, if you care to read carefully, it is very much official that Yaari is intruding privacy. Below is the text which appears right below Yaari registration page. (How many of us ever read terms of service and privacy policies anyway?)

“By registering for Yaari and agreeing to the Terms of Use, you authorize Yaari to send an email notification to all the contacts listed in the address book of the email address you provide during registration. The email will notify your friends that you have registered for Yaari and will encourage them to register for the site. Yaari will never store your email password or login to your email account without your consent. If you do not want Yaari to send an email notification to your email contacts, do not register for Yaari.

Because you’ve bothered to register they have taken for granted that you like their site very much and want to invite all your contacts to join you at yaari…That is really an extremely ill mannered behaviour.

Thumb rules while registering with Social networking sites:

1. Invite your friends to a site IF and ONLY if you’ve explored the sites fully and like it very much or find it really useful.

2. If you get an invitation, spare a moment and cross check with your friend if he/she has willingly sent that invitation.

3. Ideally a site should allow you to register first and then prompt you to invite your friends. If it is insisting you invite all your friends even before you complete the registration process, in all probability this site is not worth registering. (Because they doubt you’ll never invite any one after registering, hence forcing you to share your email passwords.)

4. Do not fall for temptations like iPod or other gifts some sites might be offering for referring friends. 99% cases you won’t be getting any. Decide which one you value more-a friend whose email ID you’ll be compromising upon or the small gift you may win…

5. We practically don’t need dozens of social networking sites. One or two at the most would be more than sufficient.

6. Think 100 times before sharing your email password with unknown sites. It invades others privacy at the risk of your credibility. Imagine the embarrassment it will cause when such invitations go to your boss, clients, business contacts etc…


Related: Orkut and Employee Productivity| Orkut as a marketing tool* Missing features in our social networking sites * how google can make orkut a better place

18 comments:

Shrinidhi Hande said...

Comments received for this post at Mouthshut.com:

Rohan07 said:
Sep 01, 2007 10:39 AM

Thats a Good 1 to spread awareness among the masses...i appreciate your work...

Chintu25 said:
Sep 01, 2007 10:52 AM

Hi Shrinidhi (can i call u shrini)

Again an informative review...& yes we get these kind of mesaages when we log on to our e mail...yesterday only i have joined Facebook (social networking site) and they did the same thing...logged onto my mail and addressbook...but the only difference was that i had to choose whom to send an invitee to....

Anyways with so many sites floating around one needs to be very careful with E Mails coming from unknown ID’s.
Thanks for the useful info shared....

Keep writing :)
Smita

enidhi said:
Sep 01, 2007 11:00 AM

Rohan,

Thanks for the comment.

Smitha: You can call me Shrini or nidhi or enidhi or any other way you prefer....

Yes, some sites do offer an option of selecting the contacts whom you want to send invitation. But Yaari clearly says ’’Do not register with Yaari if you dont want us to send invitation to all your contacts.’’

Thanks again.

Paulsb02 said:
Sep 01, 2007 12:09 PM

Hai Shri,

That is a wonderful write up, an eye opener. I even noticed that sites like yahoo.com in their privacy policy at the time of registration that once you are a yahoo family member there is no secret between us. Which means we cannot keep any secrets where they can keep all our secrets as their asset and their secret as secret.

True. The social networking web sites are starting from every corner and they all want more customer base to attract advertisers. Even some of they use the email ids to sell to advertising agencies.

In one of such site’s policy says, we will place a cookie in your computer and the feedbacks may be used by the advertisement agency or their associates for which we are not responsible.

I used to get some spammers in my spam search and when I visit their web sites, they says, if you don’t want to receive this cookie again, please click here. However, the trick is, in further reading, they says, there is another file we have loaded into your computer and you have to delete and unless you visit the site of our customer again, you will not get another cookie from us.

This is simply rediculous. A serious national and international waste of time and effort.

Your review is good.

kit

Paul







hakoonamatata said:
Sep 01, 2007 12:28 PM

Very useful information shared by you here. I hope Facebook.com is not doing the same, as I keep getting mailers using my known friends names, via Facebook to add something or the other.
asterix786 said:
Sep 01, 2007 01:07 PM

Nidhi: Good one. But i guess, u can’t put a case against websites like yaari because of that fineprint below their registration form. Beware and be aware is the mantra.
asterix786 said:
Sep 01, 2007 01:10 PM

Hakoonamatata: No, dude. Facebook isn’t resorting to that. Try this as a test. Whenever u upload a new application, it asks you to invite atleast 10 people to install it. You can either install it or skip it. So when you get invites from facebook, they are from your friends who have chosen your name (or the application chooses the names randomly but your friend needs to whet it anyway; most times, you don’t bother to check who all it’s checked and click ’send’ anyway since all r frends anyway).
hakoonamatata said:
Sep 01, 2007 01:36 PM

asterix

Hi, Thanks for responding. Yes that’s what must be happening.
Editenidhi said:
Sep 01, 2007 04:55 PM

Paul,

Thanks for that detailed comment. Without a sizable userbase, no advertiser will take them seriously.So they resort to all cheap and dirty tricks....

Hakoonamatata: As asterix has clarified, facebook is relatively better in this aspect.

Asterix: Yes, their fine print is clear but 99.99% of us never ever read those terms of service or privacy policies etc...We need to make people aware...
alk_ranjan said:
Sep 01, 2007 05:33 PM

and i thought all those

’’your friend sent you an invitation to join’’ was because i had so many good friends around

sob sob : (

enidhi said:
Sep 01, 2007 09:09 PM

Ranjan,

what can I say... Giving this false comfort (that so many people are thinking of you) is good sometimes?

chinthana said...

hey nidhi.. :) good job!!!! thanks for spreading social awareness....

Chinthana

Shrinidhi Hande said...

Thanks Chinthana for visiting the blog and commenting. And thanks for sending that Yaari invitation (unknowingly) that made me write this blog...

Logesh TamilSelvan said...

very true..
ther is lot more yaari's, which actually floods my mailbox..

Shrinidhi Hande said...

Thanks for the comment Logesh...

Nitin Nigam said...

Hi srinidhi,
I have added ur blog to my "Blogs i visit Often" list

Shrinidhi Hande said...

Nitin: I've linked you too...

Geetha said...

Hi Srinidhi,

It is a very valuable information.
I got an invitation from yaari and desktop dating. But I checked ur blog before accepting the invitation. Thanks for ur timely information.

Geetha Priya

Geetha said...

Hi Srinidhi,

That was really a worthy information. I happened to get many invitations from yaari and desktopdating. But before accepting the information I checked ur blog. Thanks for creating awareness.

Geetha Priya

Shrinidhi Hande said...

I'm happy my post was of some use...

Ravi Kumar said...

Hi there,

Good post on Yaari.com.

I have also read that particular clause in their sign up terms and conditions, though I only did so after I had been suitably mortified with some of the invitations that got sent out.

I would like to contend that the mere fact that such a clause exists, while legally covering Yaari, does not change the fact that what the company is doing is unethical.

I also have accounts with another networking site, LinkedIn, and I have provided them my ID and password for some of my mail accounts. They do not use that to send invites to all people in my mailbox, without my knowledge. Instead, invitations are only sent to those I explicitly choose to send them to. Therein lies the big difference between the patently unethical, if legally defensible, methods of Yaari and the acceptable approach that LinkedIn takes.

Shrinidhi Hande said...

Ravi Kumar,

Yes, as long as the site lets us select whom all we want to send invitation it should be acceptable...

Thanks
Nidhi

mandy said...

Thanks for the thorough explanation. Accidentally someone in my family (70+ years old) accepted a friend's invitation from desktopdating. I am not sure if she registered or not because if I pretended to forget the password and put her email address, her email was not in their database. In fact, all people in her contact list got some invitation. What is bad that those invitation are from her email address. I saw "Yahoo! DomainKeys has confirmed that this message was sent by desktopdating.net." after her email address (FROM field). I concern about people who know that this is not from her will click SPAM, and whenever she sends email to them, it will go to SPAM folder. Do you know how to stop them from sending email to anyone in her contact list? Thanks.

Shrinidhi Hande said...

This review has received a comment after long gap...though so many people visited here, hoping this review would explain them what desktopdating is... Even I don't have a clue...

@Mandy,

One option could be this-
Create a dummy account in Yahoo... Login to Desktopdating-check in profile settings if there's an option to change email ID. If yes, give email ID and password of the newly created ID. May be it will stop spamming old id and start sending spam to new dummy ID...

Not sure if that will work-just give a try.

thanks and regards
Nidhi

Anonymous said...

i easily enjoy your own writing taste, very useful.
don't quit and keep penning as it simply very well worth to read it.
impatient to read much of your current content pieces, have a great day ;)

Sergey said...

Thanks for the clean and useful explanation.

I am amazed that one would give out an E-mail PWD.

Shrinidhi Hande said...

Anon, Thanks

Sergey,

Lot of applications need your email password these days...

Anonymous said...

Noble host to responsibility, invaluable site, advice on the part of your current make a success, persist with, fellows!

LinkWithin