Flickr and Dopplr: the Right Way to Import GMail Contacts

[fr] Il est maintenant possible d'importer des contacts depuis GMail (ou Hotmail) sans devoir divulguer son mot de passe, aussi bien chez Flickr que chez Dopplr. Génial!

A few days ago, I saw this tweet by Matt Biddulph soar by:

Impressed by passwordless import at http://www.flickr.com/impor… – does anyone know if that’s a public yahoo API they use? want!

I immediately went to investigate. You see, I have an interest in social network portability (also called “make holes in my buckets”) — I gave a talk on SPSNs from a user point of view at WebCamp SNP in Cork recently — and I am also concerned that in many cases, implementations in that direction make generous use of the password anti-pattern (ie, asking people for the password to their e-mail). It’s high time for design to encourage responsible behaviour instead. As the discussion at WebCamp shows, we all agree that solutions need to be found.

So, what Matt said sounded sweet, but I had to check for myself. (Oh, and Matt builds Dopplr, in case you weren’t sure who he was.) Let me share with you what I saw. It was nice.

Go to the Flickr contact import page if you want to follow live. First, I clicked on the GMail icon and got this message.

Flickr: Find your friends

I clicked OK.

Flickr and Google

This is a GMail page (note the logged in information upper right), asking me if Flickr can access my Google Contacts, just this one time. I say “yes, sure”.

Flickr: Finding my friends

Flickr goes through my GMail contacts, and presents me with a list:

Flickr: Found your friends

There is of course an “add all” option (don’t use it unless you have very few contacts), and as you can see, next to each contact there is a little drop down which I can use to add them.

Flickr: Contacts

When I’m done adding them, Flickr asks me if I want to send e-mail invites — which I don’t.

Neat, isn’t it?

Well, the best news about this is that Flickr isn’t alone. Dopplr (remember Matt?) does the same thing — and also for Windows Live Hotmail now.

DOPPLR: Passwordless GMail contact import

Note and question mark: I just saw Dopplr announced GMail password-free import back in March, before Matt’s tweet. Did Dopplr do it before Flickr? Then, what was the tweet about? Thoroughly chronologically confused. Anyway, passwordless import of GMail contacts rocks. Thanks, guys.

Update: Thanks for the chronology, Matt (see his comment below). So basically, Matt’s tweet was about the fact that though GMail and Hotmail allows services like Dopplr and Flickr to access contacts without requiring a password, Yahoo doesn’t. Flickr does it from your Yahoo account because they have special access. So, Yahoo, when do we get a public API for that?

Similar Posts:

This entry was posted in Social Media and the Web and tagged contacts, cork, dopplr, flickr, gmail, import, matt biddulph, security, snp, social networking, social networks, Social Software, twitter, webcampsnp. Bookmark the permalink.

9 Responses to Flickr and Dopplr: the Right Way to Import GMail Contacts

  1. The chronology is:

    5 March, Google publishes password-free API: http://googledataapis.blogspot.com/2008/03/3-2-1-contact-api-has-landed.html 18 March, Dopplr release Gmail support: http://blog.dopplr.com/2008/03/18/easier-gmail-contact-import-without-passwords/ 31 March, Flickr release Gmail/Hotmail/Yahoo support: http://blog.flickr.net/en/2008/03/31/find-your-friends/ 7 April, Dopplr release Hotmail support: http://blog.dopplr.com/2008/04/07/import-your-contacts-from-windows-live-hotmail/

    and we’re still waiting for Yahoo to release a public API so that we can do the same for them.

  2. Syklop says:

    Fonctionnalité sympathique, en effet, mais y a t-il vraiment une différence à divulguer son mot de passe pour établir une synchronisation, et autoriser un accès sans mot de passe ?

    Au niveau sécurité, il n’y a pas de gain, globalement. C’est par contre plus élégant et plus facile pour l’utilisateur. Mais, dans une solution comme dans l’autre, on ouvre une porte.

  3. Stephanie says:

    Bien sûr il y a une différence. D'abord, tu n'enseignes pas aux gens que donner leur mot de passe à des tiers est une pratique acceptable. Ensuite, au lieu de donner un accès total (= le tiers a tous mes droits), l'API te permet de donner un accès limité (juste le carnet d'adresses, par exemple).

  4. Syklop says:

    Là est le problème, je pense : L”utilisateur lambda pense que puisqu’il ne donne pas son user et password, il ne donne pas accès à ses données, alors qu’il le fait pourtant en autorisant un accès via un API. C’est une donne qu’il va falloir intégrer aux enseignements et sensibilisations ;-) Sinon, en effet, quand tu donnes user/password, tu fais confiance au tiers “collecteur” pour qu’il utilise cet accès uniquement aux fins auxquelles tu l’a autorisé, alors que quand tu autorises un accès API, tu fais confiance au tiers “fournisseur” pour qu’il ne fournisse que les données auxquelles tu t’attends. Le risque est différent, mais pas forcément minimisé.

  5. Kevin Marks says:

    Matt’s being modest there- he had Google Contacts import support running within hours of it being announced, and had 2 good bug reports for it. Then, when the bugs were fixed the next day he again got it working within hours. very impressive.

  6. sufyan says:

    L”utilisateur lambda pense que puisqu’il ne donne pas son user et password, il ne donne pas accès à ses données, alors qu’il le fait pourtant en autorisant un accès via un API. C’est une donne qu’il va falloir intégrer aux

  7. Pingback: Climb to the Stars (Stephanie Booth) » Diigo — I Think I Like the Idea (Bonus Content: Conversation Fragmentation)

  8. Tommy says:

    Good post, thanks for the info and screenshots. I’m implementing this on Publr.

  9. Pingback: Orange Link nous demande nos mots de passe: pas au point! — Climb to the Stars

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>