[tdedecko]

I don't think a boycott is the best way to proceed with this problem. For starters, I don't think you will get enough publicity to bring a boycott to critical mass. Secondly, I think it would be more useful and effective to send an email to the perpetrating website, inquiring or complaining about their password storage techniques. When customers/users complain, a good business will respond and attempt to resolve the problem.

[imsaar]

I agree with you. I have written to such website before but it is just more one thing to do and follow up on. I was thinking if I start collecting all of them together I can do some kind of bulk action one day. This blog entry is just the starting point and is no means the last action on this.

Boycott might be too strong of a word. I just want to bring attention to this point that the user community care about security and this is not a good practice.