[LINK] RFC: Privacy-Intrusive Address-Book/SNS Services
Richard.Chirgwin at informa.com.au
Tue Feb 3 08:18:11 EST 2004
On my first read of the paper, the first observation I'd make would be
regarding how Plaxo uses data provided to it.
Because I'm a journalist, I seem to have made it onto rather a lot of Plaxo
lists held by other people. As a result, I can tell you that Plaxo analyses
the outgoing addresses; so the message coming from "Roger Clarke at Plaxo" (so
to speak) would include "This is the 5th message you've received from Plaxo.
Why not sign up now?"
This means that "richard.chirgwin@" has a database entry independently of
those created by other Plaxo users; and that database entry was used for
marketing purposes; even though I have no 'existing business relationship'
with Plaxo, nor had I given any permission to Plaxo to use my information in
This crosses over with an ambiguity in our privacy legislation; did Roger
Clark at Plaxo "authorise" a Plaxo marketing message to Richard Chirgwin? What
is the extent of the "authorisation" a Plaxo user has given in the form of
message Plaxo generates to a non-user?
The only good news is that when I finally found Plaxo's opt-out, it seemed
to work - at least to the degree that I no longer receive Plaxo messages.
However, that doesn't prevent me from existing in the Plaxo database, and a
future owner may change its mind about how it treats me!
Finally, there's the matter of commercial secrets. I can think of plenty of
places where the wholesale upload of an address book would breach the user's
From: Roger Clarke
To: link at anu.edu.au
Sent: 2/02/04 17:17
Subject: [LINK] RFC: Privacy-Intrusive Address-Book/SNS Services
I expressed concerns a couple of days ago about Plaxo. I've now
flung together a draft privacy analysis of address-book and social
networking services (SNS) generally, with particular reference to
As always, I'd appreciate constructively negative criticism,
particularly if I'm being unfair to anyone.
If you know other people with background on the topic, or if you're
plugged into e-lists whose subscribers would be interested in the
paper, or could help improve the analysis, feel free to pass this
Very Black Little Black Books
First-Cut Draft of 2 February 2004
Technology and human ingenuity continue to pose new privacy
challenges. During 2003, a new dot.com fashion arose from an odd
amalgam of Rolodex address-books, e-communities and dating. Users of
these services store personal data on a central server, which can be
accessed by other people, and, potentially at least, exploited by the
service-operator. There are privacy concerns, of a kind that has been
analysed many times before.
The new dimension that these services bring is that they entice users
to disclose personal data about their friends, business contacts or
acquaintances. That is a disturbing feature, and it requires careful
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the eCommerce Program, University of Hong Kong
Visiting Professor in the Baker Cyberspace Law & Policy Centre, U.N.S.W
Visiting Fellow in Computer Science, Australian National University
Link mailing list
Link at mailman.anu.edu.au
More information about the Link