Plaxo – whose privacy is it?

I have been a happy user of Plaxo for a while. To be honest, I’m not particularly concerned about privacy issues. As a blogger, I’m used to disclosing a lot of information about myself. I also believe that it’s in the best commercial interest of Plaxo to make sure there are no security or privacy breaches.

I recently sent around emails to my contacts through Plaxo. My intent was to inform my contacts about two new mobile phone numbers, so I hand-crafted a message in Plaxo to do that. For whatever reason – user error or software error – Plaxo’s standard email got sent out, including each person’s information in my address book and asking them to reply if something was wrong (including a nice Plaxo link for them to sign up, too).

I regarded this as a minor annoyance until a good friend emailed me saying “how can you possibly give my information to Plaxo without asking me?”. Call me naive, but this was a new perspective. I had never regarded syncing contacts as “giving them to Plaxo”. In my mind, my data at Plaxo is just that – MY data and nobody may touch it, especially not Plaxo Inc.

In the discussion that followed, we both tried to convince each other that there is no risk (me) or that there is (him).

It began to dawn to me that these standpoints are mutually exclusive. Not even because of any real threat – security equals perception to a certain extent, so there’s no “right” or “wrong”.

Now what do I do: I highly enjoy Plaxo’s convenience, and a decent part of my contacts also use it. But to keep out of trouble, I have to ask my contacts for consent before syncing my address book to Plaxo. This, of course, makes the servcice practically unusable for me, because only the full set of contacts available online makes sense.

I have of course taken action to delete my contacts from Plaxo online.

Yet, the problem remains. Whenever I send something through Plaxo to someone who is not a member, the suspicion that Plaxo may use that data remains, so any such service is not usable if you want to keep your friends.

That’s a classic catch 22 – any ideas how to resolve that?

7 thoughts on “Plaxo – whose privacy is it?

  1. Pingback: DeveloperZen.com
  2. Pingback: DeveloperZen.com
  3. Pingback: DeveloperZen.com
  4. Frank,

    My name is Stacy Martin and I am the Privacy Officer here at Plaxo responsible for addressing Privacy, Security, and Trust issues pertaining to the usage of Plaxo.

    You are correct. When using Plaxo, your data is your data, and as we’ve stated in our Privacy Policy:
    – Your Information is your own and you decide who will have access to it.
    – You maintain ownership rights to Your Information, even if there is a business transition or policy change.
    – You may add, delete, or modify Your Information at any time.
    – Plaxo will not update or modify Your Information without your permission.
    – Plaxo will not sell, exchange, or otherwise share Your Information with third parties, unless required by law or in accordance with your instructions.
    – Plaxo does not send spam, maintain spam mailing lists, or support the activities of spammers.

    These are referred to as our Plaxo Privacy Principles. We feel these principles help to make up one of strictest Privacy Policies around. I should note that these principles extend to all of Your information, including your address list information that you may be using Plaxo to help manage.

    While I obviously have a biased opinion, it’s my view that using Plaxo to manage your information is not a unique idea. People have been using services to better manage and maintain their information for many years. Using Plaxo is really no different from using any 3rd party web-based email service as these services also allow their members to utilize their service to manage and communicate with their contacts.

    Plaxo is no different, except because our service is so focused on Address book management, privacy and security issue becomes very obvious. But these issues are no different than maintaining information on services such as AOL, Yahoo!, MSN, etc…

    While I’m not saying it’s a bad idea, I suspect members of these services generally do not ask the permission of their contacts before storing or “sharing” their contact information with these services. But I encourage people to do what is most appropriate for them.

    But that said, we acknowledge that people can be concerned. Beyond what we’ve stated in our Privacy Policy, we’ve also tried to provide a number of other options to both Plaxo members and non-Plaxo members.

    – as a Plaxo member, you can decide which of your contacts you wish Plaxo to help you manage and which you wish to manage on your own. You can manage contacts on both a folder or individual contact basis.

    – if a non-member receives a Plaxo update request sent from a Plaxo member, thus indicating the Plaxo member maintains their email address, we are happy to request on their behalf that they be removed from the Plaxo member’s address book.

    – if a non-member does not wish to receive Update Request messages sent to them by Plaxo members who wish to stay in contact, we provide an opt-out/do not mail registration list. As the service provider, we will block any requests to be sent to an email address properly registered to this list.

    I hope this helps. If there is anything else I can answer, please let me know.

    Stacy Martin
    Plaxo Privacy Officer
    privacy @t plaxo.com

  5. Frank,

    My name is Stacy Martin and I am the Privacy Officer here at Plaxo responsible for addressing Privacy, Security, and Trust issues pertaining to the usage of Plaxo.

    You are correct. When using Plaxo, your data is your data, and as we've stated in our Privacy Policy:
    – Your Information is your own and you decide who will have access to it.
    – You maintain ownership rights to Your Information, even if there is a business transition or policy change.
    – You may add, delete, or modify Your Information at any time.
    – Plaxo will not update or modify Your Information without your permission.
    – Plaxo will not sell, exchange, or otherwise share Your Information with third parties, unless required by law or in accordance with your instructions.
    – Plaxo does not send spam, maintain spam mailing lists, or support the activities of spammers.

    These are referred to as our Plaxo Privacy Principles. We feel these principles help to make up one of strictest Privacy Policies around. I should note that these principles extend to all of Your information, including your address list information that you may be using Plaxo to help manage.

    While I obviously have a biased opinion, it's my view that using Plaxo to manage your information is not a unique idea. People have been using services to better manage and maintain their information for many years. Using Plaxo is really no different from using any 3rd party web-based email service as these services also allow their members to utilize their service to manage and communicate with their contacts.

    Plaxo is no different, except because our service is so focused on Address book management, privacy and security issue becomes very obvious. But these issues are no different than maintaining information on services such as AOL, Yahoo!, MSN, etc…

    While I'm not saying it's a bad idea, I suspect members of these services generally do not ask the permission of their contacts before storing or "sharing" their contact information with these services. But I encourage people to do what is most appropriate for them.

    But that said, we acknowledge that people can be concerned. Beyond what we've stated in our Privacy Policy, we've also tried to provide a number of other options to both Plaxo members and non-Plaxo members.

    – as a Plaxo member, you can decide which of your contacts you wish Plaxo to help you manage and which you wish to manage on your own. You can manage contacts on both a folder or individual contact basis.

    – if a non-member receives a Plaxo update request sent from a Plaxo member, thus indicating the Plaxo member maintains their email address, we are happy to request on their behalf that they be removed from the Plaxo member's address book.

    – if a non-member does not wish to receive Update Request messages sent to them by Plaxo members who wish to stay in contact, we provide an opt-out/do not mail registration list. As the service provider, we will block any requests to be sent to an email address properly registered to this list.

    I hope this helps. If there is anything else I can answer, please let me know.

    Stacy Martin
    Plaxo Privacy Officer
    privacy @t plaxo.com

  6. A few years ago I created a special email address that I give out only to select friends, this is in order to avoid spam. When one of them added me to Plaxo and added this email address there then I had the same reaction, I asked him to delete my record from Plaxo ASAP.

    Stacy, probably you are a nice person and you mean what you say. If I had known you personally and if Plaxo were your pet project then probably I would trust my private data with you. The problem is that I don’t know you and that Plaxo is not yours. In two weeks you could be working for some other company for what I know and Plaxo is just a corporation. Being a corporation it is drive by profit and not by being nice, sorry but I have seen these promises made by corporations broken too many times.

    Stacy make a good point that web mail portals are also a privacy risk, I never thought about that. If I send an email from my precious address to some hotmail account then my address can be sold just as well.

    Plaxo is a nice application for sure. One solution would be have a Plaxo like application that can be installed on your own server or by some smaller organization, something that you can trust.

    Would it be possible to implement some sort of encryption such that Plaxo always stores an encrypted blob? Probably not because your data must be read by all your friends. In this case you should trust the client you are using.

    Marius

  7. A few years ago I created a special email address that I give out only to select friends, this is in order to avoid spam. When one of them added me to Plaxo and added this email address there then I had the same reaction, I asked him to delete my record from Plaxo ASAP.

    Stacy, probably you are a nice person and you mean what you say. If I had known you personally and if Plaxo were your pet project then probably I would trust my private data with you. The problem is that I don't know you and that Plaxo is not yours. In two weeks you could be working for some other company for what I know and Plaxo is just a corporation. Being a corporation it is drive by profit and not by being nice, sorry but I have seen these promises made by corporations broken too many times.

    Stacy make a good point that web mail portals are also a privacy risk, I never thought about that. If I send an email from my precious address to some hotmail account then my address can be sold just as well.

    Plaxo is a nice application for sure. One solution would be have a Plaxo like application that can be installed on your own server or by some smaller organization, something that you can trust.

    Would it be possible to implement some sort of encryption such that Plaxo always stores an encrypted blob? Probably not because your data must be read by all your friends. In this case you should trust the client you are using.

    Marius

Comments are closed.