Owner, viewer, friends, friends of viewer ... all that info is readily  
accessible and can easily be stored on a server with a simple ajax  
request.

I'd imagine this plays out like computer software has .... only  
trusted (and audited) gadgets are included in the social site's list,  
and a big warning about external non-trusted sources on adding custom  
gadgets (which is already a shame for the garage gadget makers).

But as we know end-users don't care to contemplate to much about  
security, they just want to do their thing, so a vast majority won't  
notice the warning, and some email and data stealing gadgets will make  
their way to all the social sites.

But hey, maybe someone less cynical about security then me will have  
some great ideas to combat this, but i think it will probably end up  
that to privacy sensitive / easily abused information (such as email  
addresses) will be taken out of the Person object, and instead you get  
an server side API for sending emails to a Person, without ever seeing  
what the email addy was..

ps Didn't we go thru the same thing with CC information a decade ago?  
Now for the vast majority of CC actions, the information is contained  
within the transaction provider (paypal, ogone, bibit, etc) and that  
info never touches the transaction recieving side; So i imagine thats  
the way this will go too.

        -- Chris

On Nov 5, 2007, at 11:44 AM, [EMAIL PROTECTED] wrote:

>
> Good point. It would be easy enough to make any kind of widget that
> stores VIEWER information, such as name, profile url,  image and maybe
> even email.
>
> Spam tool if I ever heard of one. It will be interesting to see if
> anyone has any ideas to combat this.
>
>
> 

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"OpenSocial Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to