On Thu, 23 Jul 2009 19:56:32 +0100, David Gerard wrote:
From: Sage Ross ragesoss+wikipedia@gmail.com Date: 2009/7/22 Subject: [Wikitech-l] Watchlistr.com, an outside site that asks for Wikimedia passwords To: wikitech-l@lists.wikimedia.org
I'm not sure what to do about this; it seems like a good idea but a major security risk: http://www.watchlistr.com/ is a site that creates aggregate watchlists across multiple projects. See http://en.wikipedia.org/w/index.php?title=Wikipedia:Bounty_board#Transwiki_w... l
Aggregators are a longstanding tradition in Web services; there are several of them around that get users to provide their passwords to banking and other financial sites (something with likely greater risks than one's Wikipedia password) so that they can show the user aggregated information such as net worth. Social networking sites also often seek to get one's password to other social-networking, messaging, and e-mail services so that contact lists and status updates can be shared.
These services are at once very useful and very scary; one needs to have more trust in the sites that one gives one's passwords to than any web operator is likely to deserve.