cool free service or evil data miner?

Posted on Feb 11, 2008 by kjarrett 46 Comments

Good morning all,

After reading a cautionary email message in bit.listerv.edtech about a free new service called Grouply, I became intrigued and decided to check it out…


It certainly LOOKS like a legit (and potentially very helpful) web 2.0 application! They’re TRUSTe certified, they got a positive review on TechCrunch, and they even have a FAQ that directly addresses some of the concerns that have been raised on the Internet about them. More importantly, the concept is very powerful; it’s basically a social networking mashup of your Yahoo! and Google Groups, offering to turn your mishmosh of multiple groups into a seamless, single-site experience. But wait, there’s more…

Grouply allows you to get all of your group updates in a single email; consolidates all your group information on a single website; dramatically reduces the size (measured in line counts) of ‘digest’ emails, making them easier and faster to read; allows for cross-group calendaring; tagged searches; dynamic user profiles; and ‘what’s popular’ and ‘who’s active’ functions to keep tabs on hot topics and prolific members of your network. Take the tour yourself. For people who subscribe to and manage a lot of Yahoo! and Google groups, Grouply could be a godsend.

So what’s the problem?

In order for the service to work, you have to give them your Yahoo!ID and password. All of a sudden, visions of address-book spammers like Quechup come racing to mind, but we’re not talking here about a service using your address book to grow their business. No, it’s a potentially a LOT worse than that. To be honest, I’m not sure the founders of Grouply have thought this through very well.

Consider for a moment what information is controlled by your Yahoo! credentials … like all your Flickr photos; your Yahoo!Finance account information; your Yahoo! Security Key; all your Yahoo! profiles and identities; your OpenID key; your home address and telephone number; your Yahoo!Wallet information, even your Yahoo!Auctions account.

Yep. Once you’ve given out your password, they have access to all of that, regardless if they have NO INTENTIONS WHATSOEVER of using it. Grouply tries to allay fears about potential misuse of your credentials in this part of their FAQ but to anyone with a modicum of concern about their data privacy, this is a HUGE red flag. Doesn’t matter what they say. (Can you say ‘rouge employee?’) Fact is, you’ve given out your password. What happens next?

If all goes well, you’ll enjoy the new service and its cool features. You’ll save time, build your network, and access information more easily. You’ll start leveraging Groups in ways you hadn’t before. It’s all good!

If all DOESN’T go well – and your Yahoo! identity is somehow compromised, despite the ample protections they claim to have in place – what then?

There’s more, though. As I understand it, joining Grouply effectively overrides the privacy and other settings you’ve put in place on Yahoo!Groups you’re managing. Content becomes available, email addresses of subscribers become visible, everything becomes part of the network. For people using Yahoo! Groups as a secure communication area for business or their organization, this could be a problem. I don’t belong to any groups that I wouldn’t write about here, but I have created MANY private groups for clients, colleagues and school associates for projects. I wouldn’t want these private groups’ content brought into the open; that’s why we made ’em private!

Seriously. I don’t design web applications and I’m not a venture capitalist. I’m certainly no data security expert. Heck, I’m a classroom teacher. I spend my day surrounded by adorable schoolkids in my computer lab. But I’m also a longtime Yahoo! user and someone who knows their way around the web. There’s no way in a million years I’d ever give my Yahoo! credentials to a website like Grouply. Just my choice. Your mileage may vary!

Here’s my question for the founders, who will probably find this blog and hopefully comment.

I’ve seen various web 2.0 services request for “authorization” to use my Yahoo! stuff, like my Flickr photos. This is handled completely differently; I sign into my Yahoo! Account page and securely give applications permission to access my DATA but not my ACCOUNT DETAILS. Big difference. Is there a reason you could not have used a similar approach? *THAT* would make this service a slam-dunk.

To the curious, though, there is a way to try this service. Just create a second Yahoo! identity, and use it only for messaging. Sign up for all your groups again using that identity. It would be kinda inconvenient, but, you could get a sense for the real value of the service without putting anything at risk. What do you think?

I’ll close with this thought. Conceptually, this is an EXTREMELY cool idea. I love the social networking implications and I love saving time. But what about the risks? If you don’t have a lot of personal information tied into your Yahoo! account,by all means, go for it! If you do … I recommend you think twice.

Hope this helps,