« Catalytics | Main | eXit Yahoo Zimbra (XYZ) »

September 04, 2007

Social Networking Spam & Privacy

If you are like the many people getting Quechup invitation spam, consider how it relates to the serious privacy problems with Social Networking.  Quechup automatically imports your Gmail contacts and spams them when you register for their YASNS.  If Bob signs up for it, he is opting into the graph, but he doesn't opt in to spamming Sally.  Sally is included in the graph, whether she opts in to register or not.  Over time, even if Sally resists, she is modeled as a node in the graph. 

At first, this doesn't seem to matter.  But if Bob adds relationship details like they are dating, and then her husband John opts into the graph and adds the detail they are married, you get the idea.  But it is far worse, when the value of the network isn't the relationships, but simply the contact information.  This is the case with enterprise social networking, particularly for sales.  Many don't realize that Jigsaw actually pays people for submitting business cards of people they have met.  Yes, there are financial incentives for people to register you into graphs without your knowledge.  I'm seriously considering copywriting my contact information (Stowe Boyd suggested via twitter when I was exploring other ways of suing evil social networks).

The fundamental privacy problem is that social networks grow virally by adding you to a graph without asking you to opt in.  Once you are in the graph, it may be hard for you to know you are in, let alone opt out (Spoke, you may recall, did this purposely).  You are modeled without your control over social context, and identity and relationship data can be layered on top of you as a node.  Not all data may be available to users, but more will to developers and all will to the social network service providers.  Providers come in all stripes and you not only have to concern yourself with their ethical business practices, but the basic of security.  Opening the graph to third party developers based on open standards is a laudable effort to solve one social graph problem.  But the privacy concern of governance and oversight over those third party developers who have access to more data than users is uncharted.

Now, we have a very loose definition of privacy, particularly in the US.  And the odds of a constitutional amendment are slim.  But this is a new and increasingly popular risk to your right to privacy that unfortunately is not popular in understanding.

UPDATE: Someone pointed me to this Rapleaf public profile which I never opted into.  Rapleaf has a decent privacy policy, but it is unclear if by emailing them to opt-out I become a user.  And if I register to manage my public profile I certainly become a user "We use this information to process registrations, contact our users, and to provide our services."  Auren Hoffman is behind Rapleaf, is very conscious of these issues and will probably clarify.  But there is an interesting facet about public profiles people don't opt into.  Great for SEO marketing and extortion signups.

UPDATE: Facebook opens to public profile search.  Guess I'll change my profile picture from the one of me partying like a rock star.  Also, copyrighting my contact info is a no go, perhaps I'll trademark it and me.

UPDATE: danah says:

I'm also befuddled by the slippery slope of Facebook. Today, they announced public search listings on Facebook. I'm utterly fascinated by how people talk about Facebook as being more private, more secure than MySpace. By default, people's FB profiles are only available to their network. Join a City network and your profile is far more open than you realize. Accept the default search listings and you're findable on Google. The default is far beyond friends-only and locking a FB profile down to friends-only takes dozens of clicks in numerous different locations. Plus, you never can really tell because if you join a new network, everything is by-default open to that network (including your IM and phone number). To make matters weirder, if you install an App, you give the creator access to all of your profile data (no one reads those checkboxes anyhow). Most people never touch the defaults, meaning that they are far more exposed on Facebook than they realize. zrven a college network is not that secure. MySpace on the other hand is rather simple: public or friends-only. Friends-only is far more secure than the defaults on Facebook. And public is well-understood to mean anyone could access it (and often this is the goal). But I know all too well that privacy has nothing to do with reality - it's all about perception. And Facebook *feels* more secure than MySpace, even if it's not. Still, I can't wait to see how a generation of college students feel about their FB profile appearing at the top of Google searches. That outta make them feel good about socializing there. Not.

It seems odd to me that Facebook is doing all sorts of things to go against what gave them such strength: group support for people who wanted to gather around a particular activity, tightly controlled privacy defaults, and simple/clean profiles (which have been made utterly gaudy by Apps). I think I'm missing the logic here. ::scratching forehead::

UPDATE: Auren Hoffman, in comments:

Ross -- thanks for the shout-out on Rapleaf. Anyone can opt-out of Rapleaf (and you do not become a user). We do have a bunch of people that opt-out every day. We also have many people that choose to only display some of their information (like just hiding their age or gender). There are many public profiles about people on the Internet (ZoomInfo, Spock, Wink, Rapleaf, and others) … at Rapleaf, our goal is give people the opportunity to manage their privacy and numerous online profiles and control what people see about them. Of course, we're a start-up (and thus not perfect) … so we really welcome your suggestions on how to improve.

Posted on September 04, 2007 at 07:40 AM in socialnetworking |

Digg This | Save to del.icio.us

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/1805/21327797

Listed below are links to weblogs that reference Social Networking Spam & Privacy:

» Facebook Spamming Your Identity in Search Results to Drive Their Traffic - Part 2 from David Dalka - Creating Revenue and Retention - Chicago GSB MBA
I wrote about this issue back on May 18th when I removed my public listing. This is not a new feature today as is incorrectly being reported. It is Facebook announcing something that they should have announced back in May when I noticed them doing this... [Read More]

Tracked on September 05, 2007 at 07:35 AM

Comments

Ross
How do you copyright your personal information?

Posted by: Mukund Mohan | September 04, 2007 at 08:27 AM

Not sure it has been tested, but I assume you could put a (c) on your business card.

Posted by: Ross Mayfield | September 04, 2007 at 08:48 AM

Not sure about the legal strategy of the proposed copyright solution. According to US copyright law you can't copyright databases. An individual's personal info is just a row in a database.

I'm in favor of any valid legal and social sanctions against opt-out personal data vacuum cleaners.

Posted by: Adina Levin | September 04, 2007 at 09:37 AM

This is a rather scary development, especially given the ongoing explosion of social media sites. The deterioration of personal privacy and security seems to correlate directly to the growth of social media and web 2.0 apps in general. Interesting to see who is able to provide the function and convenience without requiring database transparency and user visibility.

Posted by: Nick | September 04, 2007 at 10:53 AM

Hadn't previously seen Rapleaf. Interesting. Is this a good or a bad product iyo? Does it start keeping a file on you anytime anyone inputs your email address? Further thoughts welcome.

Posted by: Sean | September 04, 2007 at 02:13 PM

Ross, I thought simple aggregations of factual information couldn't be copyrighted? Perhaps you'd better start expressing your contact details as a sonnet. But even then, extracting the actual data and using it in another form would presumably be a "transformative work" and therefore allowable.

I suspect you're going to have to go for another way of doing this, rather than copyright law.

Posted by: Kirily Robert | September 04, 2007 at 06:06 PM

Possibly the worst aspect of Rapleaf is that it seems to be compiling a reputation index about you - also without input FROM you (unless you register). And you will lose "credibility" for using a Google, Hotmail or Yahoo email address, due to the ease of access to them ...

Posted by: Ric | September 04, 2007 at 06:09 PM

Ooops - also meant to mention (for Sean's benefit) that it seems to trawl social network sites like Facebook, Twitter, Linkedin to find 'visible' data about you.

Posted by: Ric | September 04, 2007 at 06:10 PM

Ok, forget copyright. How about trademark?

Posted by: Ross Mayfield | September 04, 2007 at 07:45 PM

Ross -- thanks for the shout-out on Rapleaf. Anyone can opt-out of Rapleaf (and you do not become a user). We do have a bunch of people that opt-out every day. We also have many people that choose to only display some of their information (like just hiding their age or gender). There are many public profiles about people on the Internet (ZoomInfo, Spock, Wink, Rapleaf, and others) … at Rapleaf, our goal is give people the opportunity to manage their privacy and numerous online profiles and control what people see about them. Of course, we're a start-up (and thus not perfect) … so we really welcome your suggestions on how to improve.

Posted by: Auren Hoffman | September 05, 2007 at 09:16 AM

Hi Ross--came upon your post while I was looking at the new/not so new Facebook search policy. Yesterday, I wrote about a pervading sense of "where in the world am I?" that's happening to me with all the various and sundry invites to social networks I receive during an average month. It was the Quechup and Rapleaf stuff that got me looking into my registration card file at all the places I've registered either to use or network in the past year. Far too many for my comfort!

Finding out Quechup invites were spam was one thing (I kind of figured that out from whom "sent" them), but the note from Rapleaf that "someone" had been checking on my "reputation index" through them was a bit disturbing. I wanted to know whom this might be--but realized that even if I went through the registration, I might not find out anything about this person. Further, I have no way of knowing if there really ever was a person--or if it was just an old fashioned come on to drag me into the site. That, I think, is what bothered me the most...

Makes me think, though, if we're having to concern ourselves with managing our "personal brands" then perhaps we should be able to trademark ourselves. Really strange though to have to think of this as a strategy for preserving privacy.

Posted by: Tish Grier | September 05, 2007 at 09:16 AM

Always great to here you talk about Spoke, but no link to www.spoke.com.

You of course can opt out of Spoke if you would like.

Posted by: Ben Smith | September 05, 2007 at 10:14 PM

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.

If you have a TypeKey or TypePad account, please Sign In

Feeds


Recent Comments

Flickr


  • www.flickr.com

Dandelife


Ligit

About


  • Ross Mayfield is the Chairman, President & Co-founder of Socialtext, the first wiki company and leading provider of Enterprise 2.0 solutions,
My Photo

Plazes

Recent Posts

Categories

Archives

More...

The 150



  • View Ross Mayfield's profile on LinkedIn
Blog powered by TypePad
Member since 08/2003