virtual anti patterns

I've previously written about the password anti-pattern, so it is distressing to see it becoming the standard in virtual worlds as well. James just posted about what would otherwise be a w00t-worthy event from the bright folks at realXtend, direct teleportation between Second Life-compatible virtual wrolds!

Very cool stuff, except for:

When you click the link, the viewer brings up a log-in window; enter in the avatar name and password associated with the other world you're going to, and the teleport process begins. [emphasis mine]

Sigh.

What makes this all the more distressing is that two years ago, Mark Lentczner, Ian Wilkes, and I designed the solution to this on a whiteboard. We had recognized that between OpenSim and whatever came next, that there would be a critical need to enable interoperation through communication/shared presence. It also provided a nice model for scalability, not to mention allowing for deeper interconnections between Second Life and the rest of the web. It has influenced internal design discussions, as well as the standards efforts, but hasn't moved fast enough to be available to projects like realXtend, which is too bad.

questions about the password anti-pattern

This came up in two different conversations today, so a post rather than just sending email. For those not familiar with the concept, the password anti-pattern refers to web sites that ask you to submit a name and password in order gather your friends' email addresses. Jeremy Keith has a nice description of it on his blog. The problem is that it teaches people to cough up their password, which is a particularly bad habit online, especially in the age of phishing and pharming attacks.

It is particularly noxious because most of the major online email services have APIs for doing this in a secure manner. Google has the Contacts API. Yahoo! has the Address Book API. AIM friend lists can be grabbed via OpenAuth. The Windows Live can help you with Facebook and Bebo. MySpace

If you want to play with how these work for the end user, Flickr has a really nice implementation up for scraping Yahoo, Gmail, and Hotmail contact lists.