Rapleaf and privacy

by Henry on September 6, 2007

This “ZDNet article”:http://news.zdnet.com/2100-9588_22-6205716.html on datascraping firm Rapleaf is both interesting and disturbing.

In the cozy Facebook social network, it’s easy to have a sense of privacy among friends and business acquaintances. But sites like Rapleaf will quickly jar you awake: Everything you say or do on a social network could be fair game to sell to marketers. … By collecting these e-mail addresses, Rapleaf has already amassed a database of 50 million profiles, which might include a person’s age, birth date, physical address, alma mater, friends, favorite books and music, political affiliations, as well as how long that person has been online, which social networks he frequents, and what applications he’s downloaded. … All of this information could come in handy for Rapleaf’s third business, TrustFuse, which sells data (but not e-mail addresses) to marketers so they can better target customers, according to TrustFuse’s Web site. As of Friday afternoon, the sites of Rapleaf and Upscoop had no visible link to TrustFuse, but TrustFuse’s privacy policy mentions that the two companies are wholly owned subsidiaries of TrustFuse.

… In other words, Rapleaf sweeps up all the publicly available but sometimes hard-to-get information it can find about you on the Web, via social networks, other sites and, soon to be added, blogs. … Apart from the unusual TrustFuse business, Rapleaf is among a new generation of people search engines that take advantage of the troves of public data on the Net–much of which consumers happily post for public perusal on social-networking sites and personal blogs. The search engines trace a person’s digital tracks across these social networks, blogs, photo collections, news and e-commerce sites, to create a composite profile. … There doesn’t appear to be anything illegal about what these companies are doing. No one’s sifting through garbage cans or peeking through windows. They’ve merely found a clever way to aggregate the heaps of personal information that can be found on the Internet. … Just ask Dana Todd … “It’s my growing horror that everyone can see my Amazon Wish List. At least I didn’t have a book like ‘How to get rid of herpes’ on there, but now I have to go through and seriously clean my wish list,” she said.

This raises all sorts of interesting issues for privacy, going way beyond the dumb-teenager-spliff-smoking-photo-on-MySpace kind of story that get most public attention. If I’m understanding the article correctly, Rapleaf have figured out ways to get at some information from social networking sites that the users of these sites mightn’t have wanted to share with the outside world. This isn’t illegal, but it is fishy. Also, by aggregating together information about people’s networks and tastes across a variety of different websites and networking sites, it’s likely that the firm can draw non-obvious connections that people would prefer not to be drawn. US privacy law is notoriously patchy (your video rental records are heavily protected, thanks to efforts to embarrass conservative Supreme Court nominees, your sensitive financial information … not so much), but I’m not sure what kinds of policies would effectively protect those people who wanted to protected from this kind of widescale data trawling, even in more privacy friendly jurisdictions like the EU. That said, I’m personally quite creeped out by this kind of thing (albeit not creeped out enough to stop blogging or to withdraw my profile from social networking sites, for whatever good that would do me at this stage).

{ 1 trackback }

More about Rapleaf « Debris
09.06.07 at 7:25 pm

{ 16 comments }

1

SEK 09.06.07 at 4:31 pm

I was more than mildly disturbed when I found this. The only thing I could think to do was to claim ownership of it, so I could at least control its content. That doesn’t seem to be an option with Rapleaf.

2

Jacob Christensen 09.06.07 at 5:32 pm

Hmm – for whatever reason I once used a post by Robert Scoble as a cue for a blogpost of my own. That has made me an employee of Microsoft. (Hey, shouldn’t I get a paycheck, Bill?)

I ought to back an check my FB profile and terms of use a little better.

3

KCinDC 09.06.07 at 7:03 pm

ZoomInfo.com has at least six separate profiles for me (along with a dozen or so others of a few people with the same name) that are full of bad affiliations and other errors. I notice them from time to time but never felt the need to claim them.

4

eric 09.06.07 at 7:23 pm

How timely. I had a bad experience with Rapleaf just yesterday. I was curious about the site, and trying to see how it worked. I recklessly input my email address book, mistakenly thinking the site would merely tell me who among my contacts was listed. To my horror and embarrassment, what it actually did was send every single person in my address book an email saying I’d rated them as a “good person” and asking them to rate me in return. Fortunately, I discovered this gaffe promptly, and sent an apologetic message to all the folks I’d inadvertently annoyed.

Admittedly, it was largely my fault for not reading the directions more carefully. But, it might be nice if they’d given a warning or something.

5

Brock 09.06.07 at 8:08 pm

sek,

Just register at Rapleaf, and you can mark everything in your profile “private”.

6

Quo Vadis 09.06.07 at 9:02 pm

I learned early on to be careful about the tracks I leave on the Internet. That’s why I don’t post under my own name (not that it would mean anything to anyone here). I was around before the Web when Usenet news was a major part of the Internet experience. We thought that everything we posted disappeared after a week or so when it spooled off the last server’s disk (disk space was expensive then). I discovered later and to my horror that someone had been archiving everything on Usenet and pressing CDs of it and that Google had bought a complete set and was making it all available through Google Groups. Every rant, lame joke and intentional provocation I ever posted is now available for anyone to read, all devoid of original context.

7

tired of blogs 09.07.07 at 12:05 am

A trick for Amazon: don’t use the public wish list. Instead, put stuff in your cart, then go to your cart and click “save for later.” The “save for later” list can be of unlimited length. Also, every time you go to your cart, it will tell you if the prices of any items in your list have changed, so you can tell quickly when something has gone or sale or remainder.

8

aaron 09.07.07 at 1:35 am

Seriously, this is nothing new. Privacy concerns have been a part of facebook and myspace all along, and the logical next step is to aggregate data from multiple places on the web.

However, anyone who is interested in privacy can change their settings on facebook, make sure that their email address isn’t publicly available (always a good idea anyhow), and generally be aware that they shouldn’t put data about themselves on the internet that they don’t want to be publicly available. What rapleaf is doing could be done fairly easily by anyone who is interested enough to try.

The one salient point in the article is that Amazon is not paying enough attention to privacy concerns. Amazon doesn’t offer any real privacy settings, and even allows a search by email address. If you’re going to be verifying someone’s “real name”, you should probably give them some protection.

9

anon 09.07.07 at 3:29 am

Wish lists at Amazon can be marked as private.

10

duaneg 09.07.07 at 9:59 am

I can’t understand giving out the username and password to your email accounts. What are they thinking? That has disturbing implications far beyond just collating public data.

11

Sk 09.07.07 at 2:22 pm

“Rapleaf have figured out ways to get at some information from social networking sites that the users of these sites mightn’t have wanted to share with the outside world”

If you don’t want to share it with the outside world, why would you post it on a public social network website? I thought the entire point of these types of sites was to share it with the outside world.
Sk

12

Katherine 09.07.07 at 2:46 pm

Well, SK, you can register and post with these social networking sites and make your information private such that you can say which categories of people can see it. I myself have said that people I have registered as my “friends” are the only people who can see my profile, and have made sure that the only people who are my “friends” are actually people who are my friends. So no, the point is not necessarily to share the information with the outside world.

13

Sk 09.07.07 at 4:45 pm

Katherine-
So, is the issue that such privacy-tags aren’t working? Because if it is working, then there’s no issue-right? People who don’t want their information ‘public’ tag it as ‘private.’ People who don’t tag it as ‘private’ presumably don’t want it ‘private?’

Sk

14

agm 09.07.07 at 7:22 pm

I have such a unique name that I learned several years ago to not broadcast it. And to do things pseudonymously or anonymously if I’m not sure of their reliability or not willing to gamble on the info getting around and biting me in the butt later.

A bit of paranoia about personal information is worthwhile. I even tell businesspeople to talk to their credit card processor about anonymizing card numbers when I come across a place that prints the number completely and in the clear (it still happens at places that haven’t gotten a new card swiper in a long time).

15

evsompkerl 09.07.07 at 10:30 pm

Hello! Good Site! Thanks you! shheskzaay

16

Katherine 09.10.07 at 10:12 am

SK, I have no idea. I had assumed that because I had marked my Facebook profile as private that it was just that. This post tends to suggest that this may not be the case. However, I checked the Rapeleaf site and they have one email address for me that is undoubtedly glean-able from any number of different sources. If they’d seen into my private Facebook profile they should/would have seen a second, so I felt a little bit better about it.

Comments on this entry are closed.