Tuesday, January 03, 2006

[geek] Privacy? You don't need no steenkin' privacy!

[UPDATE: Stacy Martin, Privacy Officer at Plaxo, was kind enough to stop by and clarify things for me in a comment attached to this post. Short answer: if you "opt-out" of Plaxo, any such Update Requests just go into a black hole. Period. Done. No validation of any kind. I like that; good design on Plaxo's part. I wish it had been conveyed on their site and/or in the initial emails that I got, but still: the fact that the internet can provide this kind of responsiveness on the part of a company is, in my book, a Good Thing. Thanks again, Stacy.] So I got some spam this weekend. There's a shock, right? Well, this bit o' garbage came about through a component of the much-vaunted 'Web 2.0'. WTF is 'Web 2.0'? In short, it's marketing weasel bullshit for networking tools, online services, AJAX applications (another nugget of marketing weasel beauty for rich online applications that I personally can't differentiate from DHTML, but that's another bitchy rant for another time), and 'social' tools like personalized taxonomies (non-heirarchical organizational schemes, like technorati tags), photo- or file-sharing sites like Flickr, blogging, and so on. One of the 'serious' sites of 'Web 2.0' is Plaxo, an online (or toolbar-based) contact manager:
Plaxo, Inc. keeps people connected by solving the common and frustrating problem of out-of-date contact information. Founded in July 2001, Plaxo provides a free service that securely updates and maintains the information in your address book. Plaxo is the universal digital assistant; available to you wherever and whenever you need it to keep you organized, on top of your life and in touch with those you care about. Since its release in beta in November 2002, Plaxo has become widely popular, adding an average of 20,000 new users every day due to the service’s ease-of-use and simplicity.
Right... Free (and anonymous) address book management, plus bulk emailing, plus e-card capabilities. Sounds like a spammer's wet dream to me. So this weekend, I got an email from a Plaxo user, an 'Update Request'. It wasn't from anyone I knew; they provided no information about themselves, and the only information that they had about me was my email address. No name, no address, no city, no state, no phone number; just an email address which I have not widely used. Yet here comes this "Please update your contact information" email. Spam? Yup. Someone's harvested my email address from an online forum and is trying to validate it for resale. I emailed 'abuse@plaxo.com' and asked them to cancel the user's account. I got an email back from Plaxo telling me that a.) they have taken steps to prevent future spam from this individual, but b.) I should email this person and ask them why they want my information, or c.) I should use their 'opt-out' tool which will prevent me from getting future requests from any Plaxo user. I replied to Plaxo that as I did not know the individual sending me this spam, I did not want to reply to them as this would confirm my email address. I also asked them how their 'opt-out' tool worked - did it simply 'bounce' an email, or did it actually send an email to the Plaxo user letting them know that 'someuser@some random domain.com' didn't want Plaxo Update Requests? Coz' if it's the second approach, that's just as bad as clicking on the bogus 'opt-out' links most spammers use. Plaxo's response this time?
Hello <real name>, Thank you for taking time to reply. I have initiated the necessary steps to Opt-out you from "<spammer>'s" mailing list. Henceforth, you will not receive any Plaxo service related mails from him. I hope this helps, please let me know if you have any further questions or concerns! Best regards, Mac privacy@plaxo.com
sigh Thanks, 'Mac'. No, I won't be getting any more spam from him, but I sure will from whoever he sells that email address to. Hey, Plaxo - how about hopping on the clue train, okay? If someone complains about spam from your users, cancel their friggin' accounts! Don't validate the email addresses for them! So there you have it, folks: Web 2.0 at its finest. Just like Web 1.0, only with a prettier user interface. Enjoy!

4 Comments:

Blogger Stacy Martin said...

I am the Privacy Officer here at Plaxo and Mac is part of my department.

As I'm sure Mac explained, the Update Request you received was sent to you by a Plaxo member who maintains at least your email address within their own address book. While it is beyond our service to determine how the person may have initially aquired your contact details or why they may wish stay in touch with you, I've typically found there is some reasonable explanation.

As you may be aware, we can not stop someone from maintaining information in their own address book. But as the service provider, we can stop messages from being sent to you through our service. This is basically what the opt-out mechanism does. It instructs us as the service provider to block any further attempts by a particular Plaxo member (or all Plaxo members, if so desired) to communicate with you through Plaxo. When a member attempts to send messages to an "opt-out" user, Plaxo simply blocks the message to the destination. There is no verification or acknowledgement.

As with any service provider, we are very concerned about possible abusers. Plaxo members are prohibited from using the service to send spam and commercial advertisements. When you submitted your report to our abuse department, we would have investigated the activity of the Plaxo member to ensure it was in compliance with our privacy practices and terms of service, and taken appropriate action including removing the individual from the Plaxo service.

I hope this helps. Should you have further questions or concerns, please feel free to contact me directly.

Thank you,

Stacy Martin
Plaxo Privacy Officer
privacy @t plaxo.com

1/03/2006 11:04:00 AM  
Blogger protected static said...

Stacy --

Thank you for explaining how the Update Request works; had this information been included in the 2nd reply (as I asked), I would not have written this post.

I will update this post to reflect this information; thanks again...

1/03/2006 11:15:00 AM  
Anonymous James D. Macdonald said...

This is a tiny bit off-topic here, but you asked a question over at Making Light and I don't know how else to answer you.

The answer to your question is:

Comcast.net, Arlington, Virginia.

1/03/2006 11:19:00 AM  
Blogger Carnacki said...

That's cool you got a response.

BTW, off topic, but tag, you're it.

1/05/2006 06:09:00 PM  

Post a Comment

Links to this post:

Create a Link

<< Home