A Flixster mix

March 11, 2007

Caution – long blog post!

As you may remember, I posted a warning about responding to emails containing an invitation to join Flixster and how Flixster may “steal” your address book. In response to that post, one of Flixster’s co-founders left a comment, and I then wrote that I’d give Flixster a second chance.

I re-activated two of my old AOL email accounts (which are now free, by the way), and then used one of the AOL email accounts to sign up — meaning to have an invitation be sent to my other AOL account and then accepting the invitation there.

Here’s what happened.

I visited Flixster, and registered for a new account using my AOL email address. Flixster recognized that I was using an AOL account, and asked me if I wanted to log into my AOL account. See picture below (with my identifying info airbrushed over with black):

Flixster log-in

Actually, Flixster didn’t “ask” me, nor explicitly warn me that it’d be copying addresses from my AOL account. Instead, it basically gave me a log-in form asking for my AOL details. Looks like the same would have been true if one had used a Hotmail, Yahoo, or Gmail address as well. To Flixster’s credit, it gave me a link to “Do it later.”

(NOTE: never, never give another web service your email service’s password. Didn’t your mother or father tell you never to open your door to strangers? Giving Flixster your personal password to your AOL / Yahoo / Hotmail / Gmail service is akin to throwing the front door wide open and welcoming hordes of ;noisy, messy buffalo to rush in.)

After I gave Flixster my AOL details, the next screen came up — and Flixster had indeed copied all of my friends’ email addresses I had in my AOL address book. See picture below (again, with black airbrushes covering personal info):

Flixster contacts pic

I was given the option of unchecking any of my friends (although I note that there is no option to mass-uncheck all of them — something that I would want since I have hundreds of friends in my “real” address book). I was also given the option of changing the language of the invitation email that would be sent out to my friends. I then clicked Send & Continue.

A few seconds later, I had new email at my second AOL email address. Below is a picture of what the email looked like. No personal message from me, not even the same subject info, no other information from Flixster — only that one long link and an “if you prefer not to get this email” sentence and link.

Flixster email

I clicked on the link, and was able to register a new Flixster account using the second AOL email address. And then I saw a screen much like the first photo I listed above, a sign-in form with my AOL email address and asking me to fill in the password so that my friends could be listed. Again, no caution, no warning. And the cycle repeated itself.

I have some thoughts, but I want to now mention that I heard back from a friend — actually a (very!) distant cousin who is the wife of a school superindentent. She had formerly sent me one of the three Flixster emails I had received. Here’s what she had to say to me in response to my inquiry:

… Believe me, it was an accident that caused everyone in our address book to be sent the invitation. I tried valiantly to send an apology letter to everyone, but that was some chore. The invitation was done in one fell! I’m not sure if you received my personal and most sincerest apology, so I’ll cut that and paste onto here. Our AOL service was cut off because of the mass bulk mailing! But all is well again. Perhaps it’s just because I’m so tech inept?!? The curious thing is that people were comparing their film choices with mine even though I never went that far! Some people have remarked that it’s fun doing that, so do go ahead and do that if you’d like to.

I was blatantly scammed by Flixster yesterday – my curiosity was piqued by getting so many invitations and from friends. I never went as far as taking the survey so I still don’t know the gamut of my taste in movies!! As soon as I signed in, they swooped down and sent my invite to you all. I’m so sorry and if you haven’t signed in, don’t.





Flixster does give me the option of bypassing the AOL / Yahoo / Hotmail / Gmail sign-in (although that option is only to “do it later”) as well as the option of unchecking whoever I don’t want to send invitations to. However, in my eyes, both options are artfully worded to lead the inexperienced user into divulging his or her AOL / Yahoo / Hotmail / Gmail password and then allowing Flixster to send invitation emails on to the user’s friends.


I’ve seen some comments from people who say that Flixster doesn’t even wait for people to log in or unselect friends — instead, Flixster goes ahead and logs in, steals email addresses, and then sends out emails without asking you. I didn’t see this happening here, so I’m dubious of the validity of those comments — I wonder if the commentators heard that from OTHER people and didn’t experience that themselves.

I have some recommendations that I hope Flixster will adopt.

  • Be more clear in warning the user that Flixster would be “harvesting” (which is a better word than “stealing”) all email addresses from that person’s personal address book;
  • Add an “uncheck / check all” option so that the user can more easily select / unselect friends;
  • Make sure the invitation email DOES have the language that the user created, and that it has more details on what Flixster is;
  • … And ideally, Flixster should not harvest email addresses from personal contact lists, but allow the user to paste long series of email addresses to send invitations to.

Joe, if you can adopt these recommendations, or at least the first three, then that will go a long way in preventing the kind of data “theft” that many inexperienced computer users are experiencing when they follow up on Flixster invitations. And then I will certainly join and try to become a ‘power user’ — I’m absolutely crazy about movies. (I must admit, I’m waiting for Joe to say, “As you wish.“)


3 Responses to “A Flixster mix”

  1. s. Says:

    I didn’t even get an option to put in a personalized message.

  2. Ozhan Says:

    Actully I like the option to check if any of my mail contacts are already a member by giving my password and let the Flixster scan my bookmark.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: