1. It knows better. That’s really simple.
2. Plaxo has a bad reputation about spamming people’s contacts. While this is a thing of the past, Plaxo still suffers from it and some people still make unfounded allegations. Scraping plays into the hands of those people.

That said, I agree with Jeremy’s point with two additional questions and one statement:

1. What’s the delta between how things are today with your scraper and getting to a point where you can simply use PoCo? If you’re waiting on the service providers to adopt the protocol (clearly it needs to get finished in the mean time!), how far away are we from seeing live support? Two months? Three? Six months? Perhaps providing a non-binding timeline, and the things it depends on, would help to assuage these claims of hypocrisy. At least you’re doing something about it.

2. Why don’t you at least offer optional support for the delegated authentication protocols provided by all of the major service providers in the meantime? At least the solutions exist today and would show a genuine commitment to making it possible for people to have control over how they provided access to their data.

3. While I’m an advocate against the password anti-pattern like the rest of you, I do think that giving up your account credentials to sites and companies you trust is not always a bad thing. It certainly isn’t an ideal solution, and in fact makes for lazy developers, but if you trust a company, say, with your credit card number and secret code, that’s hardly different than trusting a company with your email credentials. If people make an informed decision about trusting Plaxo and hand over the keys to their accounts, that’s their decision. How they become informed, is another topic, though — and the greater point about teaching people bad security hygiene still stands.

John, I’m sorry but it *is* hypocrisy. As it is now, you are scraping email addresses differently for each email provider—that is as much work (if not more) than implementing using the APIs now provided by each provider.

More importantly, the ethical issue here is that you are telling people it’s perfectly okay to hand over their email passwords to anyone who asks. That may make “business sense” but “business sense” does not trump moral responsibility.

John, you and Joseph know better than this. It is precisely because you know better than this that I was so disgusted by Plaxo’s continued support of the password anti-pattern. Hence, my account deletion.

Bin ich froh wenn PHP irgendwann mal nicht mehr verwendet wird.

But why is screen-scraping the easier method? Because there are a bunch of classes around there ready to implement. And if a service like Plaxo is using such functionality it becomes “state of the art” for other sites and companies, because users are habituated to use them… so I think using other standardize ways to import contacts like XFN/hCard, Foaf or vCards is much better than using the “password antipattern”. We have to educate our users first, because they have to use the things we build!

And that shouldn’t be an attack to what plaxo is doing, because I love what you guys have done with “Portable Contacts”, “The Social Web TV” and your dedication to many other “Open” solutions… but the “password antipattern” can’t be an alternative!

I am well aware of Joseph’s demos of Portable Contacts working with Gmail. I have linked to your article about it. I am also not suggesting that web services like Plaxo should develop code for every single API out there. Like you have written above, that doesn’t make (business) sense. OAuth and Portable Contacts are the way to go. There is no diagreement between you and me.

I admit that the title of the posting is provocative - but that’s been the intention - and I understand that you take issue with being called “hypocritical”, however just “a little bit”. Though believe me, we’re both supporting the same cause.