Why Microformats are bad

Wednesday, 10 January 2007

Microformats sound like a fantastic idea in principle, you create a simple set of html attributes to define data for humans and robots to read and use, enabling sites to exchange data easily. You could for example download a business card from a company web site and import it into your address book in one click.

In security often when something is really easy to do it usually leads to major security problems. I have read articles in magazines, listened to Podcasts from influential people in the industry and countless articles on the web all talking about Microformats, what annoys me is they have ignored the major problem with the open exchange of data. You exchange data with everyone! Even the bad guys. In order for Microformats to be a success (I hope they are not) some sort of security precautions need to be considered.

It will be tough if not impossible to apply any sort of security to any Microformat because it uses HTML which can be read by everyone, imagine a Spammer knowing where you live, your firstname, surname. A Phishing attack could be constructed with pinpoint accuracy. I know this is an extreme example but if security is not considered now it will cause havok in future.

The entry 'Why Microformats are bad' was posted on January 10th, 2007 at 4:41 pm and last modified on January 16th, 2007 at 2:25 pm, and is filed under Web 2.0. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

4 Responses to “Why Microformats are bad”

  1. corky writes:
    No. 1 — January 10th, 2007 at 4:51 pm

    Totally agree, I think the idea is great in concept but the implementation is open to abuse.

  2. johnallsopp writes:
    No. 2 — January 10th, 2007 at 10:51 pm

    Hi,

    I’ll start with pointing out th irony that to comment about a post concerned with privacy, I had to register 😉

    Here’s the thing – spammers already have your email address. They can harvest them in all kinds of ways, and probably just generate them off domain names (before I only accpeted specific addresses at our domain we got just about anything @ it).

    So stopping spammers getting your email address is game over. So, if email addresses are to have any value at all, we want to increase the worthwhile emails we receive – and making email and other contact details more readily acessible to legitimate users may help that.

    So, while its a legitimate concern, and one I hear raised frequently about hCard, I think its more of a theoretical issue than a practical one.

    As someone said once, “privacy is over, get used to it”. That wasn’t being glib. The challenge is now managing the technical and social reality that who we are, what we do, and much about our lives is known, rather than trying to put that genie back in the bottle.

    Just my tuppence,

    john

  3. general_carnage writes:
    No. 3 — January 11th, 2007 at 1:19 pm

    Hi John

    Thanks for your comments, it is ironic that you have to register but I didn’t setup the blog so don’t blame me 🙂

    It is only theoretical because hCard isn’t being widely used at the moment, but if you fail to see the disaster supplying the bad guys with all your contact details on your web site then I suggest you pay more attention to security issues in general.

    Time will tell if I’m right, I just hope that hCard doesn’t take off.

    Cheers

    Gareth

  4. gelinlik writes:
    No. 4 — October 16th, 2007 at 9:16 pm

    Thank you for your post dude. This article is very helpful. I am waiting for new ones..

»