I’m Having Second Thoughts About Social Networks

September 11th, 2007  |  Published in etc  |  1 Comment

I spent a bit of today removing a few social networking profiles I established a while back but hadn’t used much (including the one from Friendster I could have sworn I’d already deleted). The motivation came from a scare-spam I got from Rapleaf.

The main thing you need to know about Rapleaf is this: If you go visit, you’ll be presented with a large, friendly “Search Any E-Mail Address” box. It appears over this notice:

Look someone up by their email address to view their reputation related information, profile stats, and social networks.

What it doesn’t tell you is that once you’ve entered that e-mail address, the owner will get a spam telling them someone has tried to look up information on them. The spam will encourage them to get an account so they can “take control” of what other people know about them. If they bite, they’ll be invited to upload their address book so Rapleaf can “help” them rate their friends. Each query or rating will, presumably, trigger another notification.

So to reiterate:

If you search for e-mail addresses on Rapleaf, the owners of those addresses will get a spam.

Rapleaf wants to pawn all this off as some sort of public service. It’s also compiling a very large database it plans to sell to anyone who cares to get a license for access to its API.

I posted a lengthy entry over at ONT exploring one possible scenario in which what Rapleaf’s up to could be really harmful. We’re all familiar with the ways in which social networking sites are problematic for our privacy. Rapleaf is in its own class, though: It’s aggressively compiling data and looking to make connections between disparate online identities. By asking for address book data, it also raises the possibility that identities you’ve worked very hard to keep separate could be commingled and associated if someone you trusted both identities to screws up.

Removing a few moldy social networking profiles does nothing much, ultimately. There was nothing compromising in them. At the same time, Rapleaf’s scare-spam reminded me that none of those sites exist in some sort of anti-market bubble. They’re there to aggregate information on us, politely asking for our permission to resell it either in the specific or the generic.

That sale is usually described in terms of marketing: The ways in which you’ll get better coupons, or stuff that’s tailored more to what you want, or better representation as a demographic in some board room or marketing department.

There’s a second market for your social connections, though, from human resources departments, insurance companies and more. Rapleaf raises the possibility that two discrete identities you’ve maintained online could be accidentally linked, providing a trove of information about you that you never wanted connected to the “you” at your permanent e-mail address.

Managing a bunch of identities on different networks and sites seems like a hassle. The more I thought about it, the more I thought that opting in to them is an invitation for those profiles to eventually either be compromised or to contain some piece of information that seemed innocuous at one point in time and now no longer is. By paring my list down to one, I’m down to one potential problem in that particular category of problems.

Finally, I want to make clear that I’m not trying to scare anybody into shunning social networks, and I’m not calling anyone “evil.” What I am trying to do is point out how the information we provide those networks and services can be used in ways we don’t intend.

Here’s the ONT entry: Rapleaf Spams You Then Asks for More Addresses to Spam

Tags: , ,

Responses

  1. Chris Kenton says:

    September 11th, 2007 at 7:00 pm (#)

    I think there’s another piece to this that takes it to another level. As you point out, connecting different profiles can create an aggregate portrait that you hadn’t fully intended to reveal. Take that a step further. Every address of your friends or acquaintences you enter, signals RapLeaf of their connection to you, which they can overlay over other multiple social networks. In essence, they’re transcending individual social networks to profile the links of online users at large. With that data and profile data, they could start zeroing in on particular people of interest based on their profiles and networked connections, not to mention their stream of messages on Facebook. A lot of people, beyond marketers, might find that data interesting.

Leave a Response

© Michael Hall, licensed under a Creative Commons Attribution-ShareAlike 3.0 United States license.