Josh Quittner is a well respected tech journalist and he’s been in this game for a long time. Before corporate America knew what the Internet was, he was one of the first to recognize the opportunity in domain name squatting. So I can respect that.

However, I read an article in Fortune magazine titled: Who Owns Your Address Book?
Josh heavily criticizes Microsoft for being a closed platform and not embracing open standards that encourage data portability. Then he jumps on the bandwagon and claims that this is why Microsoft is losing the Web race to Google and Yahoo. Here’s an excerpt:

“But Microsoft, while publicly embracing the idea of openness, has been saying something different behind the scenes. Since last summer, lawyers representing the company have been sending cease-and-desist letters to startups that offer new users the ability to import their Microsoft Hotmail contacts.”

Basically he’s labeling Microsoft as idiots because they don’t allow little social networking sites to access and export contacts from Hotmail. OK. Fair. But then he writes off Microsoft’s defense and sarcastically comments:

“Microsoft insists that its primary concern is our security.”

Right here is where I disagree with Josh.

What Josh doesn’t know is that it IS a huge security flaw. These sites take your Hotmail password and log into your account. They then look at your address book and parse the HTML for your contacts. Lesson of the day Josh, this is called screen scrapping. The problem is not that these sites are screen scrapping. It’s the fact that they are getting your information in such a behind-the-back fashion.

Users are unknowingly giving these no-name sites their Hotmail credentials! If this site saves your password then they’ll create a huge database of Hotmail logins. And what’s the worst that can happen? Oh dunno, maybe that penny developer that they hired decides to ’stick it to the man’ and post the database all over the Internet. Now all hell breaks loose because now anybody can log into those users’ Hotmail. And who’s fault is it? What company do all those users go crying to? MICROSOFT of course. So it is within their best interest to stop this kind of behaviour. That’s the only way to protect their users because they can’t trust that all sites will handle Hotmail credentials with care.

This is exactly why Visa and Mastercard do not allow retailers to store credit card numbers in their system. A prime example is when Winners and Homesense illegally stored these numbers in their system. Some hacker was able to compromise their database and all release thousands of credit card numbers on the black market.

I think the point is clear. I could go on forever but I’ll refrain myself from making a comment about how Josh backs his claim with:

“one entrepreneur said …”

The reason why this article struck a chord with me is because I worked on the contact and storage team for Windows Live. This is the team that manages the address book service across Windows Live and Hotmail. Never has anybody at Microsoft objected openness. By now most people have realized the problem of vendor lock-in. Today users are locked into using a product because switching products would mean repopulating an address book or social network. It would actually be in Microsoft’s best interest to solve this problem because it’s a barrier to entry to other services. All I can say is that the people at Microsoft aren’t dumb, be careful when you jump to conclusions like that.