Plaxo: the social monster?

Dead on
People need to take a bit more personal responsibility. If you give any details to any-one, anytime, through any means, NOT just with the internet, or facebook, you have given your trust to that person to use that information responsibly.
If they don’t, woops. But really, if it is a friend, moving it, whats the deal. When they move it, do the stop being a friend? Do they automajically change? So Robert decides to use Plaxo to store MORE than 5000 email contacts? that just proves 2 things
1. Facebooks limit is restrictive to (some) members
2. To stop scripts, and “Napkin” transfers, they need to make it EASY and controlled! (Ie. tell those involved if you like… “Robert Scoble has Hijacked your name and taken it to another, competing, profit-driven service…”… sorry)
To summarise, if you give you details to the phone company, the bank, the nieghbor… they will all pass on some details sometimes.
The question is why.
Is it to profit?
Is it to smam…
The issue is not portability, but control, and visibitily.
Make it easy, make it obvious, and inform those affected, (and in future inform up front of possibilities).

Robert, as a Plaxo shareholder, I applaud every one of your Plaxo posts. This is saving Plaxo buukuu moola in PR expenses. No, wait, they couldn’t afford this much publicity. I think a Plaxo post every other day should get us a pretty nice asking price in the February timeframe (Porsche HERE I COME!!!) Keep up the GREAT work!!! YOU ROCK!!! Oh yeah, and thanks to the entire internet for providing all your contact info to Plaxo’s databases!! (SPAM=CASH MONEY!!!)

why weren’t you all up in arms when Facebook imported your data and your friends email addresses from Gmail?

I wasn’t upset, because it didn’t happen. I do not provide that kind of data.

Robert, are we to assume that the e-mail address we provide you here at Scobleizer.com to post a comment is shared with other social networks?

What line do you draw with using someone else’s personal information?

OK, I’ll ask the obvious question…. which is it, Robert? Were you pushing FB buttons fully knowing the likely outcome (like you talk about today) or were you shocked and surprised at what happened (as you implied yesterday)? I’m having a hard time following your position here…

Further, I find it a ridiculous argument to say that you just used this data in a test account. Where does that account live? The data is stored somewhere, right? Are you involved in a formal relationship with Plaxo enough to ensure that this “test” account isn’t going to roll your 5,000 bits of new data into the larger master database? Either man up and admit you have a formal relationship with Plaxo or agree that there are enough unknowns here that you’ve made a mistake in trusting them so implicitly.

The real issue in this discussion is one of context. The context of when and how I’m asking for my Gmail info (a practice I neither support or agree with, FYI), is one of limited use and specific purpose. The context of what this Plaxo script is doing is far more broad reaching. And given Plaxo’s previous reputation (which adds to the context), who’s to say that once they get out of beta they wouldn’t extend the collection of data past name, email, birthday alone?

Context matters.

Adding to your personal address book is a different context than adding to the corporate database of a business known for spamming.

I’m not saying you should, necessarily, have gotten permission to do this, but I’m saying we all should start applying more common sense to the way we handle this implied trust inherent in the friending process.

Since you’ve given contradictory positions about what this whole debacle was based on (beta test and/or poke at FB), it’s hard to know what your real motivations are here. But whether this was a beta test or some sort of civil disobedience, the fact remains, you made your 5,000+ FB contacts unwitting accomplices in that process.

Robert,

Your arguments are wholly logical. Unfortunately, “privacy” is an emotive issue that makes people fearful and illogical. That said, looking at the rapid evolution of technology and society, there’s only one way all this stuff is going to go—and that’s the way you’re going. So thanks for blazing the trail. : )

Robert, you’re right on the money about there being little difference between running the script and manually gathering your friends’ email addresses. The Facebook “solution” of making the email addresses into image files is just another DRM-like pretense. I covered this in more detail in this blog post, and Kevin Gamble also addressed the issue here.

I think your alpha test should be compared to DVD-Jon’s CSS code — a concrete demonstration of the futility of trying to “encrypt past the intended recipient”.

This is ridiculous.

Fortunately I did not befriend you on Facebook, so I am not giving my data to Plaxo.

Oh s**t, I forgot I have an account on Plaxo… Let me go remove it right now.

Open you eyes, people!

@44 “Right, so, because inequality exists and we’ll never be able to completely eradicate it, we should just give up on reducing it at all?

It’s not even a slight inequality we’re talking about. We’re talking about Facebook screen-scraping millions of addresses out of Hotmail, Yahoo! Mail, and Gmail (in flagrant violation of each one’s ToS), but Facebook yanking Scoble’s account just for mere appearance of doing the same damn thing?”

Whether Scoble read them or not, or even understood them, he agreed to FB’s TOX by creating an account. So, what FB does or doesn’t do wrt to other systems is irrelevant to this issue. Scoble violated terms he agreed to.

“TOS”

When I heard about the incident I immediately recalled how you responded when blogger Harry Joiner’s account was shut down by Facebook for importing his entire email address book:

On comments:
http://www.facebookobserver.com/facebook-news/banned-on-facebook

What makes the Plaxo script different?

With regards to data portability, you claim to have added 4200 (you have more now) one at a time and from the comment it seems this is the way to connect to others in social networks. Do you feel differently now?

You make some good points there. I do wonder why people are selectively screaming about your recent fiasco, but don’t mind that FaceBook imports all of your GMail contacts. It’s the same damn thing, sounds like it anyway.

I think a more fine grained permission/preferences thing would be an answer. There are standards for email (POP/IMAP), web (HTTP/HTTPS) and other things (FTP, TCP/IP, etc..), so maybe we need to come up with something for information sharing preferences or something? Someone write up and submit a new RFC on personal data sharing? I’m probably crazy though, nobody’s gonna do that.

Thanks for fueling this debate Robert.

The point is not that Facebook’s TOS was broken, nor if Plaxo is evil. The point is data portability, and breaking through walled gardens. Facebook and Plaxo just happened to be vehicles to drive the point home. Sometimes civil disobedience is a necesity for change.

The reality is that as soon as you hand somebody a business card or send somebody and email, your data is out there. Are you going to ask somebody if they use Plaxo or some other service when you hand them a business card?

My social graph should be portable between networks.
Why do I have to befriend everybody multiple times? Next, I should be able to add restictions on a user/friend level (call it DRM for friends if you like).

But first we need to break down these walled gardens, put up there for no other reason than power and control.

Re “why weren’t you all up in arms when Facebook imported your data and your friends email addresses from Gmail”

That would be because Facebook can’t do that unless we give them our gmail details. By giving them our gmail details we are giving Facebook permission to import that data.

Facebook, on the other hand, have specifically *withheld* permission for you to pull data from Facebook in the way that you did.

What it all boils down to is you agreed to specific terms and conditions when joining Facebook. You did not abide by those terms and conditions. Everything else is red herrings.

Oh, and just because you can find a way around the terms and conditions (“write it manually, don’t use a script, they’ll never know”) is beside the point, and reveals a lack of worrying lack of ethics.

Perhaps a little less trying-to-beat-the-system and a little more playing by the rules is in order.

I agree with Judi. You broke the trust relationship with your friends by exporting *their* personal information to Plaxo … whom we do not trust.

But your explicit action is really no different than anyone that adds any third party application to FB. That application can access your entire friends list even if those people did not add that application.

This is an interesting dilemma since now I not only have to trust FB, but I have to trust all my friends with my profile data.

PS> Plaxo cannot access the email information from FB (look at the API), but they can get enough data to make the matching to existing contacts pretty easy.

http://developers.facebook.com/documentation.php?v=1.0&method=users.getInfo

Hmm, actually it gets more interesting …

Is it then my moral responsibility to turn off “See My Friends” to *all* users on FB? Currently I have it as “Anyone can see my friends”.

You and I can be friends, but you can’t see my friends list because I can’t really trust you to use that data in the same way I would.

This has a big impact on how people use the service since that’s how you find your other friends.

Great! Nice can of worms you’ve opened here.

Reading Judi’s original post, you’d think that she feels anyone who would use the service would be violating the privacy of their friends by uploading their contact info without their permission.

Strange, here’s what she was saying about Plaxo just a few months ago:

“The idea behind the new Plaxo is that it can serve as the ‘hub’ of your calendar and contact data. If you have your contact and calendar data in multiple locations this is welcome relief. As web workers who deal with many different people using many different systems, it’s not uncommon for us to have calendar and contact data in bits & pieces everywhere. Plaxo helps bring it all together.”

Her full post on Web Worker Daily is here:
http://webworkerdaily.com/2007/06/25/hands-on-with-the-new-plaxo/

And Judi appeared to take no issue with the ability to import from LinkedIn:

“LinkedIn: For Premium Subscribers only. One-way sync of contacts, with only the ability to add LinkedIn contacts to Plaxo, not the other way around. The sync is also manual, which means you have to remember to initiate a sync. There’s some competition between these two services, so limitations shouldn’t be surprising.”

Hmmmmmmmmmmmmmmm.

From her previous comment in this thread it looks like her opinion of Plaxo has changed:

http://scobleizer.com/2008/01/05/plaxo-the-social-monster/#comment-1874256

Robert:

I’ve been following this whole mess for a couple of days, and it really is a BIG MESS. My take on this for you and all your readers is best explained on “Utah Tech Watch” at http://www.utahtechwatch.com/industry/who-owns-social-media-data-scoble-facebook-plaxo-fracas-raises-questions/.

For Zuckerberg and Facebook, my advice is that they need better public relations counsel, as I wrote on TheBettyFactor.com at http://www.thebettyfactor.com/2008/01/05/advice-for-mark-zuckerbook-and-facebook/.

Good luck, Robert. Hope to see you at CES.

Dave Politis

Sorry Robert but I disagree with you totally and feel it was wrong for you to import your Facebook “Friends” into Plaxo, test account or not, and Facebook had every right to drop your account.

As one of your Facebook “Friends” I followed what you were into, emailed once and awhile and hope you found something I linked to or posted of interest. What I did not do is give you permission to post my email address or personal information to a third party site. It really doesn’t matter what Facebook does or does not do with my information as I have given them permission by agreeing to their Terms of Service, that is a none point. It really doesn’t matter if there are other tools for doing the same task, the tool is not the issue, the issue was your call to basically crawl Facebook for Plaxo and provide Plaxo with 5,000 valid email addresses.

You say you wanted to push Facebook’s buttons so you ran a script to export information Facebook deems their property and gave it to a third party. Did you run any such script while at Microsoft and provide thousands, millions of email addresses of Microsoft customers to a third party? Of course not because you knew 1) Microsoft would have canned you and likely taking you to court, 2) you considered that information the property of Microsoft, 3) you just knew it was wrong. What’s the differnece?

I follow your Blog, checked out things you did on Facebook, watched for your name in the news or other Blog post and still will but we will have to agree to disagree on this one, you were wrong.

John, My positive comments were entirely about Plaxo, the contact data sync manager. I was a paid premium member for years.

Then you introduced Pulse and switched focus to social networking. And now it’s not about my contact list as an easy way of getting at phone numbers, it’s about the friends of the friends and connections in my contact list. All well and good, but that isn’t what I signed up for.

As I said a few minutes ago in a reply to your comment on my blog:

“You can’t be an ‘address book service’ when it’s convenient, and a social network the rest of the time without drawing these kinds of questions.

And since you are for sale, you should be very clear about the data you have and the connections you’ve built (and are capable of building) with the profiles of non-members. Your privacy policy says what you won’t do. I want to know what you have and can do, but don’t because you’re ethical. Your buyer may not be.

An address book service is putting pebbles inside a black cup. A social network is putting pebbles into a clear bowl. Which is it? It’s my position that you can’t have it both ways.”

I’m sure it’s been pointed out, but when you import a friend from Gmail, it sends them a friend request. An OPT IN to be your friend. No actions happen until they approve it.

That’s the difference.

Those of you who are worried about what a potential sale of Plaxo would mean for your data would be well advised to take a look at their privacy policy:
http://www.plaxo.com/privacy

The question of what happens to your data if the company is sold is answered here:
http://www.plaxo.com/privacy/q_and_a#q7

Personally I trust them – their privacy policy is one of the best in the industry. They put the user first in almost every area – asserting that ownership of the contact data you add to their system
is yours, and they will never do anything with it without first notifying you in advance to give you the chance to opt-out.

Also Robert, for reasons I cannot fathom, your website is blocked in China – I am accessing it through a proxy. Can’t imagine what you could have done to piss of the Chinese government. Is there anything you want to tell us?