Updating my address book bebo
Twitter Notes asks you to "login with your Twitter account" username and password.
Some social network sites create public profiles for you without you having any contact with them.
A representative from Goodreads has followed up on both Micki's blog post and Getsatisfaction post, however, as far as is known, Goodreads' user interface has not been changed/improved accordingly to be less misleading.
Quechup has a feature to "find your friends" which, even if it says "no contact present" will spam all your contacts in your address book and thus annoy all your friends and embarrass you.
Thus all a malicious site would have to do is put up a button saying "Login with Facebook Connect", then display an identically styled virtual popup, and the user, who has been taught by the Facebook Connect UI, will simply enter their email address and password.
There's also a more detailed follow up on Ben's views of the Facebook Connect UI on his blog — and complements for the alternate version, whereby it uses the iframe to improve the UX for users who are already logged in to Facebook.
This spamming behavior is now so bad, that users are creating new email accounts to knowingly avoid the problem: Here are some sites that are currently doing this: Bebo appears to have a user interface that makes it too easy for users to unintentionally spam everyone in their address book.
Several companies are trying to build the "one unified social network" (to rule them all) where they own/control the social network, and you're "allowed to" build applications on top of their proprietary platform.
The most recent example of this is perhaps Facebook.
You cannot trust that the site will treat your login credentials with proper care (e.g.
Quechup uses this antipattern to implement the spam everyone your the address book antipattern above). These sites that ask for your login (whether gmail or other services) are teaching users a very bad habit, a habit that is akin to what phishing sites depend on.