Early this year, Blippy, the highly controversial startup that lets you share your credit card and online purchases with your friends, ran into some trouble with Amazon.com. Namely, Amazon told Blippy to stop pulling in user purchase information, and to go back and erase all existing data they’d already sucked in. Today, Blippy users have regained the ability to share their Amazon purchases, but this time, Blippy doesn’t need Amazon’s permission.
The new Amazon integration requires users to grant Blippy access to their Gmail accounts via OAuth (this only works with Gmail, though the site says it plans to support other email services soon). After linking your Gmail to Blippy, the service will automatically scan your account for Amazon receipts, which it will use to display the items you’ve purchased in your Blippy feed. When I asked Blippy co-founder Philip Kaplan if they had Amazon’s approval, he said they didn’t ask for it, and they weren’t sure they needed it, either.
The addition of Gmail OAuth support could mean big things for Blippy. Because Blippy now has a relatively secure way to access your Gmail, it can add support for a plethora of online vendors who may not offer an API. Likewise, Blippy could use the same method to do end runs around services that don’t want Blippy tracking purchases in the first place.
To be clear, OAuth is no magic bullet for keeping your data secure — you’re essentially giving Blippy the ability to monitor your Email. But users are already handing over their login credentials for plenty of services to Blippy, which is potentially an even worse security issue (with OAuth, they don’t actually store your password).
Thanks to Mark Hendrickson for the tip