Hacker News new | past | comments | ask | show | jobs | submit login
Don't login to reference.me
82 points by cientifico on March 30, 2012 | hide | past | favorite | 13 comments
Funny story.

A web site, you login with google oauth, and after that send invitations to all of your contacts. Including that email accounts that are reserved for monitoring and alert systems. See how my college receive and sms from and alert system and asking to ack the alert "you have and invitation from reference.me" was fun, but not serious.

So for your good. Don't even enter this spammers site.

And if you do, remember to revoke access from your oauth provider.




Here's a clue: "A third party service is requesting permission to access your Google Account."

That's full access you're granting there - not just oAuth login. It's pretty hard to spot that though. Not sure if I would have.


Yeah. I know is totally my fault. But that site seems like a site to trust. And yes. That is a huge mistake.


the thing that stuck out was their request to access email, not just contacts. That was a bit odd so I didn't grant access.


Your post got disappeared.

So mixtent (the guys behind reference.me) or some fans decided to all flag you? Or was it admin action?

For whatever reason, all traces of stories about startups behaving badly have a tendency to disappear from HN these days. As do stories about the dissapearance itself. Really disappointing to someone who likes the HN community.


It'd be nice to have an audit trail of admin actions on HN somewhere.


Well you weren't the only one at least. I got a crapload of spam from other people signing in this morning and yesterday.

What the hell was their plan here? Unless this was some project to show people not to trust these types of sites with oauth permissions then it was a catastrophic failure wasn't it?

I'd never heard of them and now all I've heard, from multiple people, is to never sign in to their site because they're horrible spammers. The tone has, 100% percent of the time, been one where they wanted to at least spit in someone from reference.me's face, if not punch them.

Unless they've figured out a way to monetize user hatred ...


Why don't you report scam to oauth providers?


Any specific suggestions as to what reporting method to use?

Is there anything in place for this kind of abuse? Has anyone reported anything like this before and can comment on the efficacy of the complaint?


I will be very happy if you point me to the place or the way to report that. I was looking in my profile, and in google help.


That's really disappointing. It's hard enough trying to get people to trust your app without jokers like this ruining it for the rest of us. I agree with alpb, report it!


Yeah - whew. If you guys are interested in reference websites, check out solidreference.com.


It's worth setting up a fake/honeypot account to play with services like this.


Very happy I spotted this thread! I did wonder what they'd do with so much access to my Google account. Dodged a bullet there I think!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: