Microsoft is opening up its Windows Live platform to allow users to share their contact lists with five social-networking sites, some of which until now have been accessing such data through the back door.
The move is intended to give users control of their data, and remove the need for the kind of work-around used to share such data today, "which unduly puts customers at risk for phishing attacks, identity fraud, and spam," wrote John Richards, director of Microsoft's Windows Live Platform, on the official developers' blog for the platform.
Facebook and Bebo members can now invite friends on their Windows Live contacts list to join their online social network at those sites, without having to hand over their Windows Live password. Members of the Hi5, LinkedIn and Tagged communities will be able to do so "in the coming months," Microsoft said.
In return, Windows Live users will be able to invite friends using the five social-networking sites to join them on Windows Live Messenger in a similarly secure fashion through the Invite2Messenger Web site, Microsoft said.
Yahoo already operates a similar service with LinkedIn: a page on the LinkedIn site takes members wishing to import their Yahoo Mail contacts list to a Yahoo log-in page in order to authorize the data exchange.
Some social-networking sites already offer to help their members import their contacts list from Web-based e-mail services and send invitations to people on that list -- but to do this, the sites typically ask their members to hand over the username and password for their Web-mail account to gain access to the contact data.
That's the case, for example, with LinkedIn's functions for importing contacts lists from Google's Gmail and AOL's Web-mail service, which require that members trust LinkedIn with their username and password for the other services. LinkedIn does not yet have a link with Windows Live.
Internet users are becoming increasingly suspicious of such requests for credentials, given the prevalence of phishing attacks and other attempts at identity theft.
To enable the exchange of contacts data, Microsoft has created a new API (application programming interface) that allows social-networking sites to request access to the Windows Live contacts list of their members by sending the members to a Microsoft-controlled log-in page, where the members can enter their Windows Live credentials without having to divulge them to a third party. Microsoft then notes that the user has granted permission to the social-networking site to access the contact data.
Opening up the interfaces is a way of acknowledging that ownership of contacts lists rests with the sites' users, not with their operators, according to Richards at Microsoft.
"We firmly believe that we are simply stewards of customers' data and that customers should be able to choose how they control and share their data," he wrote.
As recently as January, Facebook was not so sure that ownership of contacts lists rested with the users that had supplied it: it disabled, and later reinstated, the Facebook account of a tech blogger who used a service provided by AOL subsidiary Plaxo to download contact data from the Facebook site.