rebecca's pocket

» Oh Dear God, it's a yarn CSA. How far up my alley is that? I don't know if I can resist this.... Update: Dear reader, I joined it. / (1) Comments / [ 01.03.08 ]

» The universe once again conspires to delight me by combining two of my passions to bring us the Knitted Companion Cube. Geek crafters, start your needles. (thanks, jjg!)  [ 01.07.08 ]

» Why JK Rowling doesn't have a leg to stand on in her copyright lawsuit against the Harry Potter Lexicon. Adaptations are protected; discussions are not.

Update: Dineen writes: "Hey Rebecca! Can't post on Slate or register on your site at the moment, but wanted to let you know that she does actually have a leg to stand on. Read the unfortunate decision in Castle Rock Entertainment, Inc. v. Carol Publ. Group, 150 F.3d 132 (2d Cir. 1998), aka, the Seinfeld Trivia case. Someone created and published an unlicensed book of Seinfeld trivia, with details about characters and lines in the show, arguing that doing so was fair use and merely a compilation of facts. The court held that the facts about the show weren't really facts, but rather expressions of the creators' imaginations, and the most important fair use factor of effect on the market was in Seinfeld's favor since they had plans for their own derivative books based on the show. See also Twin Peaks v. Publications Int'l, Ltd. 996 F.2d 1366 (2d Cir. 1993), which was plot summaries and quotations from the TV show Twin Peaks - again, the court held that the amount of material taken from the original was substantial and adversely affected the market for authorized books about the show, and so denied a fair use defense to copyright infringement."

"I don't necessarily agree with it, but there is strong precedent in her favor."

Sorry about the inability to comment, by the way. I just can't make it work.  [ 01.10.08 ]

» 50 things I've learned in 50 years, a partial list in no particular order. Surprisingly, I agree with most of these. (via br)  [ 01.15.08 ]

» Kevin Kelly points to JaseZone, a new "social network" that creates profiles by scraping the pages of other social networks and then, on behalf of the "user" thus generated, invites that person's connections in the name of that person to join the network.

This reminds me of my experience with another new "social network", Spock. I created a page for myself on Spock after receiving some sort of invitation, and then found another page made with information scraped from MySpace. After prompting the site several times to combine the two profiles - with no result - I found a link that said "claim this page". When I clicked it, it asked me for my MySpace login and password, so it could confirm that I owned the MySpace page.

Let me repeat that: it asked for my MySpace login and password.

Since I was doing about 6 other things at the time, I unthinkingly (and very, very stupidly) typed in the information before I realized the site was asking for my login and password to another site - in other words, phishing. (I immediately changed my MySpace login and password, of course, but I never, ever should have made this mistake at all.)

Spock immediately merged the information into the other page, for what it's worth, but I've been thinking ever since then - what's to stop anyone from creating this kind of an application specifically to collect people's logins and passwords? Nothing, nothing at all.

And considering the mania for signing up on every new social network that appears - and how easily even I fell into this trap - perhaps it would work.

My advice to everyone reading this is to stay far, far away from both JaseZone and Spock - and warn your friends to do the same.

Update: Patrick writes to say:

I thought I might be able to offer a little bit of clarification about your experience with Spock. The reason why we ask for your Myspace credentials is to confirm who you claim to be and that we do not store any of your password information. Since you attempted to claim an additional search result we ask that you provide the information inorder to bypass a customer service review. While you can technically do this process without offering your credentials, this can often take more time and by offering your credentials you're able to quickly merge multiple search results. The reason why you had more than one search result is probably because your are on multiple social networking sites and used different e-mails.

Please note that Spock is primarily a search application that organizes people search in an easy to view and search format. If you have any additional questions please feel free to contact me at patrick@corp.spock.com

So there you have it. However, you should never, ever give anyone your login and/or password to another site. You really never do know who is on the other end of that webpage, and the people at Spock should know that.

Phishing is a widespread, criminal practice. Responsible websites should work to educate their users about good Web hygiene, not encourage them to blindly trust anyone who asks for information that should never be revealed.  [ 01.24.08 ]