First Facebook, Now MySpace – Power.com Denied

Social network aggregator Power.com was off to a hot start when it launched in late November. The service, which lets users access and share content among several social networking sites at once, raised $5 million in venture financing from Silicon Valley-based Draper Fisher Jurvetson and attracted a whopping 5 million users during its private beta period. Things were looking good.

Then Facebook sued them for inappropriately storing user credentials and scraping data from the Facebook site.

That lawsuit has since been resolved, although Power had to make significant changes to its service. Now, MySpace says they’ve blocked Power.com from accessing user accounts for similar reasons.

Power.com chooses not to use MySpace’s OAuth authentication mechanism, instead directly storing user credentials on its servers. That’s a big security issue, MySpace told me earlier today, and negotiations with Power.com to change its authentication process haven’t been resolved to MySpace’s satisfaction. That leaves them no choice, they say, but to block Power.com to protect users.

Frankly, MySpace is 100% right. Unlike Facebook, they’re not being unreasonable about sharing user data. But the authentication issue is very serious, and Power.com needs to make changes.

MySpace is also concerned with the abundant use of their logo and name on the Power.com site, which could give users a false sense of security when entering their credentials. MySpace is mentioned multiple times on the Power.com sign-in page.

MySpace’s statement is below:

MySpace has been in talks with Brazilian Website Power.com to express our objections with how the company has been collecting user data from the global MySpace community and to persuade Power.com to implement MySpace’s secure log-in authentication process.

From the home page of their site, Power.com is soliciting MySpace users for their private credentials including username and password in order to gain access to MySpace profiles and is using the MySpace trademark in doing so. Power.com’s actions violate our Terms of Service and their methodology to collect this information implies an affiliation with MySpace that confuses our community and gives our users a false sense of security that MySpace has endorsed the practices of Power.com. In fact no official partnership or other affiliation between the two companies exists. While we are in conversations with Power.com, their failure to implement MySpace’s secure log-in authentication process in accordance with our Terms of Service presents us with a unique set of security challenges. Per our stringent safety policies created to protect sensitive user information, effective immediately, MySpace will no longer allow Power.com to gain access to user accounts.

It’s imperative that MySpace is able to effectively manage site security. The tactics being used by Power.com are compromising our ability to keep user data safe, private, and within our users’ control. Our goal is to help create a more social Web but key functionalities such as a simplified and secure log-in authentication process must be protected and maintained. As of today, Power.com is refusing to implement a simple technology provided by MySpace that would secure this process for our global users. We are confident that we’ll come to a resolution with Power.com quickly.