18 comments

[ 217 ms ] story [ 475 ms ] thread
If they had proper customer service it might have been caught and dealt with. Now instead it's on the frontpage of Hackernews.
I don't know if CS could have solved this - it's not as if the spam was a mistake/glitch. "Proper" customer service would not have made the spamming any more palatable.
"I'm very sorry about that. We'll give you a full refund, and our next version will fix this."

Would he have written the same blog entry now? It's slightly fashionable to call out good customer service -- perhaps the entry would be about how they screwed up and completely redeemed themselves.

"I'm very sorry we conspired to use your private data to spam your friends. Here's a full refund, and now that our pants have been caught around our ankles, we will stop doing this."

Has a different ring to it. Good customer service will absolve accidental Bad Things(tm), not malicious acts.

Never ever give up your email password to a 3rd party you don't really trust. My only exception is Mint.com so far, not even Facebook or LinkedIn.
That was my first thought - but to me it sounded more like they were contacts already downloaded to his iPhone, or the contacts file you can download from GMail for your own personal backup. I don't think he gave them his password - unless I'm mistaken?

edit: in any case, your advice is still right on the money, and I'd have to second it!

Sounds like iDrive spammed every contact on his iPhone, and because of the fact/coincidence that he has gmail set to save every person you ever send an email to as a contact, AND because of the way he is using gmail on his iPhone, this became "iDrive spammed my gmail address book".

If a company is selling a service (iDrive) which is basically "store your contact data on our services, trust us with this data", it's pretty shitty for that company to then turn around and market to the contacts in that data. It's probably in their TOS or something, but it still feels like an abuse of trust.

I wrote that a while ago here and got flamed for it in a pretty heavy way. I really object against any third party applications or websites that ask you for your credentials, it is asking for abuse.

The more people get conditioned to supply their credentials to parties other than the original service the more we'll see this kind of problem.

Not to mention that doing so is most likely a violation of their TOS...
Do you give your password to Outlook?
A client application that runs on your own pc and a third party website are two different animals.
Each with their own types of vulnerabilities.

I wonder how many non-techies (the masses) have had their Outlooks ripped vs how many been ripped off by web 2.0 site participation?

What the heck does Mint need your email password for?
they don't, they do use your banking service passwords though.
I got a few of these emails from IDrive yesterday (one pimping IDrive, and the other pimping IDrive lite), and I was wondering what the hell was going on. At least now I know they've earned their place in my spam folder.
It sounds like Apple would be the right people to complain to. Just pull the app from the App Store, then let IDrive appeal.
Apple gets bashed for being too selective in approving apps.

Instances like this will raise the ante on the approval/rejection process. Pretty tough to vet the ethics of the company behind the app as a part of it, eh?

I assume people want an iPhone because Apple restricts what you do with it. This is a perfect time for Apple to do some restricting.