Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

AddThis.com - great or dangerous? (maybe both!)

  • 21-08-2009 3:14pm
    #1
    Registered Users, Registered Users 2 Posts: 26,289 ✭✭✭✭Mrs OBumble


    Hello - I haven't been following this forum, but it seems like the best place for my question - mods, please move if not.

    Anyway, this morning I posted the following to the support forum on [url]www.addthis.com:[/url]
    I spotted the AddThis button on a newspaper site yesterday, loved it, and used it to put a newspaper article onto my blog (in blogger) and Facebook.

    Then I saw the bit about getting a button, and realised it could add it to another blog I'm going (which is actually a web-site that I wanted to publicise). So I signed up, made a button and it's working well.

    But last night I had a horrible thought: to update my blog with the newspaper article, I needed to enter my blogger (ie Google) password. The way Google is going, that password is now the key to a LOT of things in my life. I should never have been silly enough to enter it ANYWHERE except on a Google site that I navigated to with my very own fingers - just like banking, don't click the (sometimes malicious) links!

    But you do appear to have some very reputable people hosting your buttons. So maybe I'm being paranoid, and there's a very simple explanation to how security is being maintained.

    Comments?

    I tried searching for the topic, but didn't get anything useful back. Just to re-iterate, my concern isn't around whether your code introduces vulerabilities into my code, it's at the far more fundamental level of whether you store the passwords that I enter.

    Oh - and yes, I have changed my Google password, just in case!
    The reply that came back (from someone described as an addthis employee) is:

    We do our utmost to protect customers privacy, including their passwords. We in no way publicize any passwords we receive from users, so you can rest assured that your login credentials will be safe. You can view our complete Privacy policy here - http://www.addthis.com/privacy

    I'm glad you liked the service, and if there is anything we can assist you with, please let us know.

    I was vaguely hoping for a reply that they had negotiated to use secure API's from each of the social-networking providers, and that one of the features of these was independent (in some way) assurance that AddThis does not ever store third-party passwords.

    But that's not what I'm hearing in the response.

    So, what say ye? Is AddThis a great idea with a fatal flaw, or am I being paranoid?

    And should I take it their button off my site?


Comments



  • I doubt that a service this large would be up to anything bad. However, I also doubt that they've negotiated any usage of their API's. For some reason, I can't see Google agreeing to that.


Advertisement