Plaxo
I’ve been getting emails occasionally from Plaxo - this appears to be a way to centrally synch and update your Outlook contacts…
Now, I’ve done a little research here - to find out what happens and why… Apparently I am expected to keep my details on the Plaxo servers up to date, and this in turn will update anyone who has my details in their address book.
Sounds good so far… and could be useful to lazy people who can’t be bothered to keep in touch with their friends…
the problem is what else they can do - check out David Coursey’s writeup on these services - your privacy is at risk here.
At the end of the day, if you want my contact details (and I know you, and am happy to give them out - just ask - however don’t use something like Plaxo to share my private information with a corporation I have no dealings with)
From their privacy policy:
“When you first join Plaxo, we’ll detect whether you have other Plaxo members in your address book. Plaxo will automatically update these entries with the public Plaxo Card information for these Plaxo members.” which seams to go completely against “With Plaxo, your information is your own. You decide how and with whom you share your information.”
So in fact, my information will be automatically shared with anyone Plaxo thinks knows me - not my decision at all.
The EULA spends a lot of time telling you that your address book won’t be shared without your permission. However, it says nothing about obtaining the permission of the people IN your address book. In other words, if you have a Plaxo account, and I appear in your address book, you can agree to share MY information with 3rd parties…
Plaxo will be added to my spam blocklist pretty soon - and if you’re already a Plaxo user, please DO NOT upload my contact information to their server. I gave you my personal contact details on trust - please do not share those details without my explicit permision.
They’re very heavy on the “privacy and rights of their users” - however little mention is made of the 3rd parties whose information is being stored. It appears that the only way I can remove my details is to join Plaxo then opt-out. Not a good way to conduct yourselves.
Edit Plaxo have responded directly on this blog - and have allayed a lot of my fears. See the comment below for their reply, and my followup posting.
9 Comments
RSS feed for comments on this post. TrackBack URL
Sorry, the comment form is closed at this time.
It all sounds rather dodgy to me, and even less desirable than the alternative blanket “Hi, I used to be your friend and have e-mailed you once in the past 2 years but I wanted you to know I’ve changed my e-mail address, not that it’ll make any difference to you because you never e-mail me anyway and all I do is forward you stupid jokes that you’ve already received from everybody else who you’ve given out your e-mail address to” messages.
I’m more concerned by the privacy implications of my details being given to companies for marketing purposes where permission was given by a third party without my knowledge.
This would be like me giving your address and phone number to a bulk marketer and saying “It’s OK to send a pile of adverts to this guy” - you won’t have a say in it.
Next time I get a Plaxo email, I’ll be extracting the relevant headers and adding it to my spam blacklist.
Well, thanks Stacy for providing that much needed information which isn’t easy to find on your website, espescially clearing up my misunderstanding that responding to an update request doesn’t add my detail to the database for everyone, just the requestor.
The “Alice and Bill” example certainly works to explain how the permissions and privacy work in reality, and clears up my misunderstanding too
I beleive that much of the negative publicity surrounding Plaxo online is related to misunderstandings of your business model and privacy statement - whereby it is sometimes difficult to understand who you consider to be the data owner, and whether an update to one address book by an non-subscriber will update his details on another. Maybe posting the comments you’ve made here as one of the FAQ’s on your website would help clear things up.
In these days of email Phishing for personal data and identity theft, I am (understandably) wary of emails requesting I provide my personal details to “someone I know” - remember many malicious scripts and software work from an infected PC’s address book. As you rightly say, trust must be earned, especially on the internet. I don’t even trust that an email apparently from my bank is actually from them, I always contact them independently rather than replying to or clicking a link in, an email.
I can’t see myself signing up for an on-line address book management service, I am quite satisfied with my current approach to maintaining my contact information, however, I will now not consider Plaxo emails to be a threat.
I still urge caution when recieving emails claiming to be from Plaxo (in case they are not) - however, having read the Plaxo reconsidered article, and the comments made in David’s followup article (linked in Stacy’s comment) I don’t now consider legitmate Plaxo emails to be a malicious threat.
- Your Information is your own and you decide who will have access to it.
- You maintain ownership rights to Your Information, even if there is a business transition or policy change.
- You may add, delete, or modify Your Information at any time.
- Plaxo will not update or modify Your Information without your permission.
So…. they will remove all traces of my details ?
I don’t care how safe and secure Plaxo *think* their site is, banks think they’re safe, and they’ve been hacked. If people have also added my details to various messenger type systems then that just makes it more important to reduce the spread.
There’s always some parasite looking to make money at the expense of unwilling participants, just because they can waffle their way around questions still doesn’t mean they’re right.
If people choose to use the service all well and good, BUT I DON’T. I do NOT want my personal details stored in any more places than are absolutely necessary, I do NOT want “updates” from a service that I have not signed up to, this is spam, no matter what euphemism Plaxo try to use.
So, will they repect their privacy statement and delete my information ?
I wont hold my breath.
True to form, they’ve so far offered to :-
a) opt me out of receiving emails that I never opted in to in the first place, and if I do that I have no idea when people do add my personal information on to their server.
b) remove my account ( duh, I don’t even have one )
c) sent me even more spam ( I’m sorry, unsolicited mail is spam, not matter how much they try to dress it up ).
If they can’t even answer a simple question ( even if I wont like their answer ), how the hell are people supposed to trust their privacy/security arrangements !?
Barrie - Let me see if I can address your concerns. Here is what I understand to be the situation.
1) You are not a member, but your contact information (name, email, etc…) may exist within the address book of a Plaxo member, and therefore within the Plaxo service. You would like all traces of your information removed from Plaxo.
2) You do not wish to receive any messages from any Plaxo members, which you consider unsolicited and therefore spam.
Let me address #2) first -
Perhaps you would agree that most email is unsolicited, but that in itself does not make the message spam. For example, the email my old college roommate recently sent me out of the blue was certainly unsolicited (I never asked him to send me a message), but most people wouldn’t consider this email to be spam. But your definition of spam may be different.
In the case of Plaxo Update Request messages, we do not send these messages. Plaxo members send Update Request messages to selected contacts within their own address books. Plaxo members have complete control over when, to whom, and the personalized message content of each Update Request message. We operate as the service provider for the processing of update request messages and any responses the member may receive, similar to a Yahoo! user sending and receiving email through Yahoo!
But there is a certain etiquette Plaxo member must follow when using Plaxo to send messages to one of their contacts. Violation of our Terms of Service and Plaxo etiquette are certainly grounds for removal of the member from the Plaxo service (http://www.plaxo.com/privacy/manners). Potential abuse can be reported to our Abuse Department (abuse @t plaxo.com).
I also understand that a member may choose to send an update request message to someone who is a non-member, such as yourself. This is certainly not unique as other reputable service such as Yahoo!, AOL, Amazon, and eBay each allow their members to send messages to non-members through their respective services. But out of respect for the non-member’s privacy, Plaxo is the only service I am aware of that allows the non-member to specify they do not wish to receive further communications from a member. I refer this to our “Block List”, but we generally call this our opt-out list, as most users are familiar with the term “opt-out”.
If you do not wish receive communications sent through our service, you may choose to register your email address to our opt-out/block list. I can’t stop someone from trying to communicate with you outside our service, but if you have registered your email address to our opt-out list, we will block any communications sent through our service to your registered email address. You can choose to block messages from a specific Plaxo member or from all Plaxo members, depending on your preference. Your information is only used to block messages sent through Plaxo to your registered email address.
As for your first point:
As you are not a member, I’m assuming you are referring the information that exists within the address book of a Plaxo member, and you wish to have this information removed from our service.
We do not own the information maintained within a member’s address book. This information is owned by the Plaxo member who maintains the contact information. If you think about it, this is probably the same way you treat information in your own address book. If you are like the many people I have spoken to, you feel the information in your own address book is your information, and it would be improper for someone or some service to remove information from your address book without your permission or knowledge. If you maintain this information electronically, it may even exist on the servers of a 3rd party service provider such as your ISP, a web mail provider, or even Plaxo. Certainly it is appropriate if you wish to manage your information through a 3rd party service provider, as long as you are satisfied the provider follows adequate security and privacy practices.
This is why we state in our Privacy Principles a member’s information is their own. Plaxo does not share a member’s information with any 3rd party and we will not modify or delete a member’s information without the member’s permission.
So while we can not remove the information about you from a Plaxo member’s address, at your request we are happy to ask on your behalf that a member remove you from their address book and not attempt to communicate with you.
We’ve made this request a number of times for people who wish to protect their privacy. In each case I’ve been involved in, the member has been happy to comply. But should the member refuse to honor the privacy request of another, I would remove them from the Plaxo service since they would not be upholding the same privacy principles we value. But unfortunately, removing a member from the Plaxo service does not remove your information from their address book.
I hope this answers your simple question, and you feel our privacy practices are appropriate and trustworthy. Should you have any further questions or feedback, please feel free to contact me directly.
Stacy Martin
Plaxo Privacy Officer
privacy @t plaxo.com
1) Correct
2) Incorrect. I explicitly do not want to opt out. On the contrary I’d like to know when people add me so that they can un-add me, seeing as you don’t have the consideration and manners to ask me if it’s OK to store my details on your servers and backups, for which I don’t have access.
Do not hide behind a warped defintion of “unsolited mail”, if you have to twist things to defend yourself then you know you’re already no dodgy ground. You know damned well thats not what I, nor anyone else, mean by spam/unsolicited mail.
The spam is coming from Plaxo, not the members. I’ve had, I think, two maybe three messages from members via Plaxo over quite a long period, and considerably more from Plaxo directly. Mostly automated and/or irrelevant and/or contradictory.
Not to mention that the emails initiated from the members contain a majority of information generated by yourselves, not them, and so yes, of course I consider that to be spam. My friend wanted an update, they did want me to receive an invite to join, which is the majority of what I received.
I raised one question, using Plaxo’s own wording, and yet your support managed to send me several automated messages, and one non-automated message, completely mis-interpreting your own question! Unsolicited mail? I think so! If you can’t answer your own question, do NOT fill up my inbox with other, irrelevant, mails.
Then asking me ( by further email spam ) to fill in a survey completely erodes any defence you might try.
Did my friend ask you to do that ?
Did I in anyway suggest I wanted to do that ?
No, I asked one simple straight forward question using your own wording, and then only due to Plaxo’s ineptitude did I have to send several follow up replies, all on topic.
I really don’t think you needed to send me a survey to know what I think of your “Customer Care” !?
“If you think about it, this is probably the same way you treat information in your own address book.”
No it is NOT. This information is on YOUR servers, from which YOU make money. YOU are making money from MY data being on YOUR servers. Please don’t argue over any technicalities here, unless you can prove you operate at a loss…
I do not make money from peoples contacts being in my Outlook, and while their details may be leaked due to an intrusion ( manual or virus ), the more places this is stored, the more likely it is to happen - a large suppository of such information being an obvious target.
Elsewhere you’ve said about how ISPs keep similar information, which I cannot disagree with. Given the fact that one of my ISP’s entire email lists has clearly been acquired by spammers ( block emails to an alphabetically sorted list of email addresses at that ISP’s domain ) simply re-inforces my concerns and desires for MY details to not be stored in any more places than needed.
You say Plaxo don’t remove data from other peoples address books, yet I have an email from Plaxo saying that you did remove me… When I questioned this, I was merely told that my details didn’t exist in your system… ( Probably correct as I’d asked my friend to remove me ). However, this contradiction hardly makes me feel any better about Plaxo’s security and professionalism, nor does the fact that Plaxo can seemingly search through data that is supposedly owned by, and private for, members.
I can’t even be bothered to go into what information of mine was searched for…
Lastly, I’d like to apologise to Tom for filling up his forum… :o(.
I did not intend this blog to become a place for people to have discussions with Plaxo - so I’m closing comments on this post.