NOTE: WHAT FOLLOWS IS PERSONAL OPINION. IT IS NOT SANCTIONED NOR REFLECTS THE OFFICIAL VIEWS OF MY EMPLOYER.
Right, that's out of the way then. So, i work at Netflix. Specifically, i work in the API group. The guys that offer http://developer.netflix.com and various services tied to it. Anyone who knows me (or just reads this blog) also knows that i'm more than a little paranoid about security and privacy.
Some time ago, a company called Jinni started collecting Netflix customer ratings so that they could store them on their servers and do things with them. Unfortunately, since Netflix doesn't offer a way to pull those ratings directly, Jinni decided that they'd use one of the worst anti-patterns possible, and ask for the user's account name and password, which they store on their servers.
This, not surprisingly, is a violation of the Netflix Terms of Service. Netflix, for those not aware of the company, is a subscription based movie rental company. You set up your subscription via a credit card which is tied to your account by… your user name and password. Netflix, also not surprisingly, doesn't want potentially thousands (or really, even one) credit card to be stolen out of it's service by any site that's suddenly been compromised.
You see, regardless of the sort of encryption being done to store user credentials on a remote site, if you're entering a username and password, it must be transmitted (and therefore stored) in plain text and therefore it's easy to steal via any number of mechanisms. This is why services like OAuth are better because they provide the three parties (you, a third party program acting as your agent, and your data service) to all agree on a common set of alternate credentials that have access to an explicit set of information. For instance, i can use these alternate credentials to let PocketFlicks access my reviews and movie watching history, but not have access to my credit card info. Plus, should i ever distrust a given service, i can have the data service revoke access at any time.
i'll toss in that OAuth is just one solution. There are others, including Yahoo's BBAuth, Google's Auth, and Facebook Connect which all provide similar function (although those are tied to specific vendors). This is what's known as balanced security, and frankly, if you're using either an agent or a data service that doesn't provide that sort of balance, i'd seriously question the goals and aims of that service. (Twitter, thankfully, has recently joined the OAuth bandwagon after having had several accounts compromised by various less than upstanding services.)
So, it both confuses and saddens me when i see companies like Jinni slinging fud. To them, the obvious reason that Netflix is "demanding they remove the import ratings feature" is obviously because Netflix see them as a threat. Well, i'd guess Netflix does, but definitely not in the sort of way that they seem to think.
Netflix's income comes from subscriptions. Netflix's main goal is to increase subscribers. In order to do that, Netflix want's to provide a service that folks are happy enough to both continue to use and to recommend to others. One of the ways that we've found to make our service useful is by recommending movies that you might enjoy watching. We do a fairly good job, but we're about to award some guys $1,000,000 for a way to make it just 10% better than it was before, so we know that others might do a better job than we can. We just want more subscribers*. Heck, if you like watching movies based on random words in the dictionary, we don't care so long as you become a subscriber. Honest, that's the sum total goal.
Now, there are also laws in place that we have to respect dealing with ensuring your privacy. For instance, we can't share your movie rental history without your consent. Every time we look at offering a new service, we have to make sure that it's not potentially violating laws or existing privacy policies. That means that the reason somethings are offered before others isn't always because it's technically challenging. Is it frustrating? Oh man, is it ever, but that's the reality we have.
i'm quite sure that the Jinni folks are fine, upstanding citizens with only the best of intents. That said, i'm still paranoid as hell, and frankly, you should be too. Heck, be rightfully paranoid about Netflix, that's why security experts recommend having unique passwords for every service you use. (Just note that Netflix is required to be SOX compliant and regularly audited by our credit holding insurance agency where i don't believe Jinni is.)
We i believe that Netflix doesn't care if someone wants to store and use their customers movie ratings. Heck, when they're allowed to provide them, i personally hope Jinni does a better job than Netflix does because that will also increase Netflix subscriptions. Netflix just can't provide them yet.
As for giving them, or any site, credentials that could access your stored credit card personal info? Well, that's just stupid.
(*Oh yeah, those stupid pop-up/over/under ads? Those are from affiliate partners. They're not supposed to do that.)
Thanks for your reply.
Obviously, this is a sensitive issue to both sides. I'm also willing to concede that there may be elements I am unfamiliar with as I am speaking from my own knowledge and not as a official company representative.
The issue of ratings ownership aside, asking for user credentials in order to access site information is a terrible idea. While I have your assurances that you do not permanently store that information, there's no way for me to independently verify that fact. While it's true that SSL is reasonably secure, it none the less still provides you with full access to my account information. I am fully aware of the fact that credit card information is obscured but that's like saying "Well, only a really bad person would do that thing". I could say the same about having a random stranger clean my house while I'm away on vacation.
And finally, as far as slinging fud, yes, I do believe you were. In your email notification you state:
"==
Since March, we've offered an option to connect your Netflix account with Jinni. Until now, an optional feature has been importing ratings, so Jinni can quickly learn about your taste and recommend only movies you haven't seen.
Unfortunately, Netflix has demanded that we remove the import ratings feature. If you already imported your ratings, they will stay on Jinni.
We, and many other developers and users, have been asking Netflix to open the ratings data for a while, to give you the choice to import your Netflix ratings as you wish. We're working with Netflix now to initiate adding an import ratings option to their API – as your ratings actually belong to you.
=="
In addition, on your blog post you point to a user post that echoes this sentiment.
If my understanding is correct, you were informed that by asking for the user's account name and password you were violating the Netflix Terms of Service. It wasn't about the fact that you were harvesting user ratings. If this was incorrect, I would greatly appreciate being corrected, and I will happily apologize.
As I note in my post above, there are several significant complications that prevent Netflix from simply opening up that information, but your statements allude to the fact that the company isn't interested in providing that information because of some proprietary interest in keeping it. Again, that isn't correct. You had violated the Terms of Service.
I'm sorry that things are not progressing as quickly as you would prefer. I would be much happier if they went faster as well, however there are limits on just how fast those particular wheels can turn. My personal post merely reflected my personal frustration with the current situation and attempted to dispel some of the concerns that your actions generated.
"stupid pop-up/over/under ads"
I like 'em. Those are the only reminder i get that i've accidently left popup blockers disabled. It's always Netflix, for some reason…
Hi JR,
We at Jinni would like to thank you for your concerns.
To give context, the reason we enabled users to choose to enter login details and import ratings is that this option has not been supported by the Netflix API, and we believe it is the user’s right. As you know, we have been in touch with Netflix throughout this process and complied with Netflix’s stipulations as soon as we received them. We will be the first to welcome a choice by Netflix to open ratings history data via the API and allow users to choose for themselves how they would like to use their ratings.
That said, I would like to correct some factual errors, which I assume are accidental, in your post:
1. We were NEVER storing users’ account name and password, rather used it once if the user opted to provide it.
2. Transmission of username and password was over SSL, as is common practice in web security. The Jinni team includes telecom and Internet industry veterans who are very sensitive to security issues.
3. As you must be aware, credit card information is not fully displayed on the Netflix site and cannot be stolen in the way you describe.
4. The blog post you describe as “Jinni slinging fud” was not written by us, rather by a concerned Netflix and Jinni user who expressed his opinion about not having the option to import his ratings history as he chooses.
Best,
Phoebe