On Thu, 23 Jul 2009 19:56:32 +0100, David Gerard wrote:
From: Sage
Ross <ragesoss+wikipedia(a)gmail.com>
Date: 2009/7/22
Subject: [Wikitech-l]
Watchlistr.com, an outside site that asks for
Wikimedia passwords
To: wikitech-l(a)lists.wikimedia.org
> I'm not sure what to do about this; it seems like a good idea but a
> major security risk:
>
http://www.watchlistr.com/ is a site that creates aggregate watchlists
> across multiple projects. See
>
http://en.wikipedia.org/w/index.php?title=Wikipedia:Bounty_board#Transwiki_…
> l
Aggregators are a longstanding tradition in Web services; there are
several of them around that get users to provide their passwords to
banking and other financial sites (something with likely greater
risks than one's Wikipedia password) so that they can show the user
aggregated information such as net worth. Social networking sites
also often seek to get one's password to other social-networking,
messaging, and e-mail services so that contact lists and status
updates can be shared.
These services are at once very useful and very scary; one needs to
have more trust in the sites that one gives one's passwords to than
any web operator is likely to deserve.
--
== Dan ==
Dan's Mail Format Site:
http://mailformat.dan.info/
Dan's Web Tips:
http://webtips.dan.info/
Dan's Domain Site:
http://domains.dan.info/