Earlier this week, the CEO of Blippy posted an extensive explanation of the breach they suffered and the steps he is planning to take to improve the site's security and better protect the privacy of the users. I can only hope his explanation of the breach is accurate.
As to his "Plan" going forward, it reveals a shocking, but not untypical, heretofore lax attitude toward protecting the site's users.
I like their Rules page. The intent is to inform Blippy users of "Inappropriate Content and Use of Blippy," However, if I were considering signing up for Blippy, I might consider some of them the risks of using Blippy. Here are examples:
Impersonation: You may not impersonate others through our services in a manner that does or is intended to mislead, confuse, deceive, or harass others.
Serial Accounts: You may not create serial accounts or relationships in order to evade the block tools or to otherwise disrupt the Services.
Name Squatting:You may not engage in name-squatting (creating accounts for the purpose of preventing others from using those account names or for the purpose of selling those accounts). Accounts that are inactive for more than 9 months may be removed without further notice.
Links: You may not publish or post content that disguises the content of a link in a misleading or deceptive way.Malware/Phishing: You may not publish or link to malicious content intended to damage or disrupt another user.s browser or computer or to compromise a user's privacy.
Social Network Spam: Blippy provides a variety of ways for users to interact with one another. You may not abuse these tools for the purpose of spamming users. Some of the behaviors we look at when determining whether an account is spamming include:
- The user has followed and unfollowed people in a short time period, particularly by automated means.
- A large number of people are blocking the profile.
- The number of spam complaints filed against a profile.
And I can only hope that Blippy is taking steps to reduce the risks of these actions and worse. How long will it be before Koobface infiltrates Blippy, or there is a new botnet specifically targeting Blippy called "ypblip?"