Whilst I totally accept that Facebook could/should in theory be simply another tool with which we can sync our contacts (exactly as we do already with Plaxo), I absolutely object to the way in which this was done.
There is something disturbingly underhand about approaching people to get THEM to do Plaxo's dirty work for them.
Jason Bainbridge
· 1 year ago
Is Plaxo a social monster for trying to import? That’s for you to decide, but why weren’t you all up in arms when Facebook imported your data and your friends email addresses from Gmail?
Get your head out of the sand for just one moment and think exactly what Facebook does when it "imports" those addresses, it either uses it to match users already on Facebook and allows you to ask permission to add them as a friend OR it can send them an email inviting them to join Facebook if that email address isn't associated with an account.
See the difference there? The fact permission is asked is a big difference!
Robert Scoble
· 1 year ago
Paul: I invited them to test out new features on an account with 5,000 friends. I did that at a Facebook developer conference where I realized that most Facebook app developers don't have accounts with more than 100 or so friends. They needed to test this feature to see if it would survive on large-scale accounts.
Funny enough there actually are other Facebook applications that do the same thing (the CSV app, for instance) but they don't work on my account because the developers didn't test them on a large-friend network account.
Robert Scoble
· 1 year ago
Jason: how do you know the Plaxo thing didn't ask permission either? In fact, the reason I want Plaxo's feature is EXACTLY FOR THE SAME REASONS YOU GAVE!!!
Wills
· 1 year ago
Why do you continue to completely miss the point?
We don't mind YOU having our email addresses from our Facebook profile. So go ahead, write it down and put it into Outlook. Thats what its there for.
But when you put it into Plaxos database, it crosses the line, given their reputation.
Robert Scoble
· 1 year ago
Jason: and you're wrong, by the way. When I ran the Gmail import it showed me ALL of my Gmail contacts and let me import ALL of them and send them ALL email asking them to join Facebook.
Robert Scoble
· 1 year ago
Wills: >But when you put it into Plaxos database, it crosses the line, given their reputation.
I've been on Plaxo ever since the beginning and, while they spammed my friends three years ago, they haven't done that since and have changed their policies.
Anyway, the reason I was using Plaxo was to see if I could get my stuff into Outlook without having to do it manually.
Oh, and Outlook already shares its info with Plaxo. So, if I manually add your stuff into Outlook it automatically gets into Plaxo anyway, if I choose to share it there. You might do some homework on it.
Plaxo has been completely rewritten in the past year, by the way. So, if you had problems with it earlier you might look at it again.
Wills
· 1 year ago
I've done my homework on Plaxo. I know their product inside out.
I meant getting info into Outlook as it is meant to be used. Not with their plugin.
Quite frankly I do not trust them to hold a database of information on ME, with data scraped from my Facebook profile. Especially as they are now looking for a sale.
If they were merely a sync utility between address books, then fine. But they are a social network too, with the likes of Pulse, and hold all of that date on their servers.
Ofri
· 1 year ago
About your last question - I actually was all up in arms when Facebook asked for my GMail password. for 2 reasons. first, I don't trust them enough to give them my password. second, and more important - I don't think my friends' e-mails are *mine* to give. my friends gave me their e-mail addresses for a certain reason - so i can send them e-mails (and IM and so on), but no for me to sell them to 3rd parties that would start spamming them! when i have no other choice i give my friends e-mail to 3rd parties (i have to give them to Google, to be able to send mail). If a friend of mine is already on facebook, i find them by name, and not by email.
now what am i saying by all this? that your friend's data in not yours. you can use it, but you shouldn't give it to others without your friends permissions. for example you can have Plaxo script use the emails to look for your friends who are already registered with Plaxo, as long as they don't use, and don't even save e-mails of those who are not.
dc crowley
· 1 year ago
Robert, your arguments are getting better. But I don't mind you using my email address, I am one of your facebook contacts. It is just I have a serious dislike for Plaxo. Were they not spamish a few years ago? Also I deleted my Plaxo account months ago. I cannot log in. Yet I still get mails form people asking me to add them to theeir contacts. The only difference is that now I know most of them. When I was a member of Plaxo I was getting connections with all sorts of middle management guys form companies I do not know and who were not in my 'field of interest'. It is a real pain to be just saying 'no' and not really bumping into anyone you know. All I can say is that even though Facebook can be a real pain in the rear, up to now I have had a far more positive experience there than at Plaxo.
I hope that if you do make Plaxo your primary social network that you keep your Facebook channels open. There are people who will not follow you over.
Seriously. Open is the way forward. If something better comes along I will sign up, but IMHO plaxo is not is. Plaxo is also for sale. That makes me question the authenticity of what teh Plaxo guys are trying to do right now. What the next owners will do is anyones guess. I posted my own two cents about all this over on my own blog. Remember most of the stuff promoting data portability is very fresh and not widely available yet. I also wonder what if anything openSocial will play in this. I think openID and openAuth and plain old RSS provide us with a multitude of possibilities (future tense).
Critical_
· 1 year ago
Facebook is focused on a system of smaller walled off gardens within its boundaries. I have chosen to not let members of my networks browse my profile unless I am friends with them. I have a fairly strict policy of only adding people I am comfortable enough with having not only my email address but my home and mobile numbers (which are on my Facebook profile). In that way, I don't care if you use Plaxo or another service to synchronize my information--you're a friend and I trust you.
I think this is so comical. People are honestly complaining about you synchronizing their email address and other contact information after they added you as a friend. Beyond becoming just another member of the "oh my gawd look how popular I am by the number of friends on my list" crowd, what was the point of adding you?
I use Plaxo myself to sync contact information across my multiple email accounts. The company's case is helped by the fact that I have a few friends within the company involved in several very public alpha/beta stage projects. The day that Plaxo violates my trust is the day I pull the plug on my account. Until that day, if you add me as your friend on Facebook or give me your number then I will use it as I see fit within the boundaries of our real-life friendship.
Michaelruby
· 1 year ago
Robert,
I am a new-ish reader and have heard mixed things about you and your opinions in the past. I just want to say that your recent comments on the google reader debacle and this new 'scoblegate' have given me full confidence in your ability to be rational and reasonable in the face of mass hysteria and privacy fear-mongering in the blogosphere. You've officially locked me in as a reader! I'm sure you're so excited :)
Wills
· 1 year ago
I also want to make the point that many people use their real email addresses in Facebook. Often to get access to employer networks. If I was signing up to Plaxo, it would almost certainly be with a "spam" address. Yet you have given Plaxo my personal and work email address. Great.
John McCrea
· 1 year ago
Great post, Robert. You beat me to it.
For everyone who thinks that they should be asked for approval before their email address is uploaded to Company X or Company Y (after some thorough, individualized assessment of the trustworthiness of said company), consider this: if you know anyone who uses webmail (such as GMail, Hotmail, or Yahoo! Mail)and they send you an email, oh no! You're email address is now stored in that webmail provider's servers.
There is such an amazing double-standard "logic" floating around this discussion. I suspect a majority of the folks on the other side of this arguement have at one time or another used a webmail import feature on Facebook, LinkedIn, or some other service -- without first asking the permission of everyone in their address book.
Mike Doeff
· 1 year ago
For those of you who are objecting to being added to Plaxo's database, you are probably already in their - not as a registered user but as one of your friend's / colleague's address book contacts. Let me explain...
I'm one of those people who stayed away from Plaxo several years ago because of the spam issues. I started using it again several months ago because they rolled out a free service to allow you to synchronize multiple address books: Outlook, your Apple Address Book (which synchronizes to my iPhone), etc. Right now, I have over 500 contacts in my Plaxo address book bit only about 5% of those contacts are actually registered with Plaxo. The other 95% are their for my personal use - i.e. none of them were "spammed" by Plaxo asking them to join. I have the option to invite them to join Plaxo but so far I have chosen not to do so. Long story short, many of you who are not registered with Plaxo are already in their "database" without your knowledge. And this has nothing to do with the Plaxo script that Robert ran.
graywolf
· 1 year ago
Hey Robert here in the grown up world of adults when we do something wrong we take responsibility. We don't sit around blaming other people creating diversions for our transgressions. Saying things like "oh yeah well facebook did it" doesn't solve the problem, it only makes you look like a whiny 5 year old spoiled brat.
now stop being an attention whore and go play nice with the other kids in the playground ... mkay
Robert Scoble
· 1 year ago
It should be noted that John McCrea works for Plaxo. Thanks John!
Robert Scoble
· 1 year ago
Graywolf: I'm not blaming anyone. I know what I did and take full responsibility for it.
But talking about the grown up world of adults: in the grown up world we don't let one person go 85 MPH on the freeway, while we try to ticket other people for going 59.
Which is exactly what you are doing here.
TDavid
· 1 year ago
I'm with Judi, your credibility took a hit on this one, Robert. One of these days maybe you'll figure that out and apologize like you've done for other boneheaded moves in the past. Trust wounds heal more slowly than others though.
If you are signed up for a service that spammed anybody even *once* nevermind if it was 3 days ago or 3 years ago spamming is in their DNA. Trust in both you and the service goes down (the service more than you, yes, but you still take a hit for putting your contacts in a spammer's clutches).
You are being either extremely naive or ignorant if you can't connect these dots.
Fact: you didn't care to ask any of your 'friends' if you could run some covert bot to extract this information and give it to some third party.
You seem to think this was cool, but if even one of your 'friends' protests, it's not. And you seem to miss the point entirely (or don't respect like you don't respect TOS) that your 'friends' gave Facebook permissions though the TOS, not you.
I can't believe you don't respect all your 'friends' wishes a little more? Despite this stupidity, I'm trying hard to believe you're a better guy than this.
Oh, yes. Thanks, Robert. Yes, I head up marketing there. It's certainly been an interesting week. Everyone knew data portability, in general, and friends-list portability, in specific, were going to be key topics and trends for 2008. Looks like the market needs a bit more sorting out, so glad there is such lively debate. In the meantime, we've put the Facebook Import project on hold, pending direct discussions between Facebook and Plaxo product teams.
Slobokan
· 1 year ago
I wasn't upset when Facebook wanted to import my Gmail address book, because Gmail allows such a thing to be done, and Facebook gave me the option of not doing it in the first place.
Huge difference.
Johan Myrberger
· 1 year ago
Robert,
hm - I like the Plaxo services very much, and I read your blog regulary. However this time I believe both you and Plaxo are wrong. Sorry.
Why?
Well, #1: You say "What if I wrote down Judi’s email and then manually put it into my Outlook’s contact database. Wouldn’t that have been exactly the same thing that I tried to do with Plaxo’s script?"
No. Facebook's ToS specifically states that automatic scripts are not allowed. You might not like this (and neither do I). But if you use a service it is expected that you follow the "code of conduct" for the service. Or?
#2: You say: " why is it OK for Facebook to import all my Gmail email addresses? Why aren’t you screaming bloody murder about THAT? After all, did anyone on Gmail approve me to import their email addresses to Facebook?"
I have not looked detailed at the Gmail ToS, but as Gmail seems to pubslish an API to export or retreieve the contacts it is OK with them (or?). So Gmail allows you (not Facebook) to actively retreive your contacts. And the fact that *you* decide to do this with Facebook and their ToS is actually your choice. Or?
#3 finally. You say: "I have NOT used any of the data I collected using Plaxo’s service. That all went into a separate test account and I’m not using that data and neither is Plaxo"
OK - great. That means that if I broke soem kind of ToS (like the law?) and stole your money *but* put he money in a special bank account and didn't use it it's OK. Is that what you're saying?
All in all. I still like you and Plaxo. But I don't agre to the arguments in this blog post. Having said that - a little "Killer Attitude" is always good... ;-)
Wills
· 1 year ago
@ John
Pretty much every web importer I have seen so far says that they do not store the information after use. It is there for two reasons. 1) to see if you have any contacts already using the service. 2) send those who arent an invite (opt in)
Can you confirm that Plaxo does NOT retain ANY profile data from Facebook scraping?
Robert Scoble
· 1 year ago
TDavid: I think you totally haven't done your homework here. I haven't been silent at all about the trust issue. Heck, this whole thing is, what, 48 hours old? Give a dude a chance to take on the issue. Do you have any clue how many pieces of feedback came my way over the past two days? I still haven't read it all.
And, I made it clear in this post that I didn't use your information and neither did Plaxo. We wanted to make a point. And we did.
By the way, you gave me access to your email when you friended me. Did you NOT want me to use that for my own purposes? What rules do you put on our friendship?
I guess now I know what they mean when they say that 5,000 people can't possibly be "real" friends. Real friends don't mind when I try to put their email address into Outlook or Gmail.
It is a violation of GMail terms of service to do an import to another service.
Also, the analogy is flawed. It is not a question of whether Facebook gave you an option not to do it. The analogous question is whether you had to seek permission from Google and from the people in your address book.
You violated GMail's terms of service (just as everybody else does.) Google doesn't enforce them, because Google knows that the data really belongs to the user, and they would look like the bad guy if they didn't let you take your address book with you.
graywolf
· 1 year ago
robert you really are delusional enough to believe we live in an egalitarian world where everyone is equal? Seriously?
I know they told you everyone was beautiful on the inside back in kindergarden, but really that's just a lie that tell fat, ugly, or stupid kids so they don't feel bad.
And if you did take responsibility and weren't being a whiner you would have resolved the entire issue with facebook privately first, instead of vomiting the mess you created all over the internet first. Of course that would have gotten you much less attention, traffic and links, which is what I think was part of your plan all along.
If you are going to be an attention whore fine admit it up front don't hide behind the guise of championing for the freedom of my data, when what you really are working for is feeding your ego and increasing your exposure above all else.
Robert Scoble
· 1 year ago
Johan: OK, so you're OK if I manually put your email into my Outlook or Gmail account from Facebook, right? Just because that didn't technically break Facebook's terms of service, is there really any difference there?
Interesting how many of you are supporting bad TOS's and ones that live by different rules than most of its competitors. Right, you LIKE IT that Facebook is a data roach motel. I don't.
John McCrea
· 1 year ago
Wills, those importers state that they are not storing your username and password. Of course, the whole point of them is to get your address book in so you can find your friends there and invite others in.
Plaxo is a bit different, in that we have always been a networked address book service. So our users are using import or sync to build up a unified address book. Whatever data is retained is what the user decides to retain.
So, if Robert deleted those folks from his account, that data is erased. It's Robert's address book, and we host it and sync it with whatever tools and services he wants us to, such as Outlook or the Mac address book.
Wills
· 1 year ago
I don't think anybody has a problem with their email address being in your Outlook or Gmail account Robert. But most have a problem with it being in Plaxo's database.
It isn't just about email addresses either. We put up information in Facebook for the benefit of our friends, not for 3rd parties. One can presume that using this tool, Plaxo (who are looking for a sale), can easily get my work information, interests, mobile number, date of birth, IM data, address and so on.
How can you not realise how much of a security issue that is?
When using the Gmail importer in FB, it is name and email address only. Huge huge difference.
John McCrea
· 1 year ago
Wills. The Facebook importer was only bringing it name, email address, and birthday. Much like GMail importer.
stuart
· 1 year ago
On the topic of Gmail imports into Facebook - I think this is the real cause of concern... Don't forget that when you hand over your username and password that you're not just giving Facebook (or any other similar service) access to your contacts list - you're giving them access to your entire inbox, calendar, blog posts (if you use Blogger), your photos (if you use Picasa), your search history, documents, spreadsheets, etc, etc, - basically any Google service that you have associated with your Google Account.
Why aren't more people up in arms about that?
Ben
· 1 year ago
Robert,
I have no idea what Plaxo is. But I think that facebook already lets you configure what your friends can see from their profile.
If you add somebody as a friend, you are giving them the information in your profile. That is what facebook is for!
I think that some of the people on your friend list wanted to have somebody famous there, and now complain that this famous person has their details in his hands ready to try and import elsewhere. I hope that they learn something from the experience.
Zian
· 1 year ago
"When using the Gmail importer in FB, it is name and email address only."
And how do you know that Facebook doesn't actually harvest everything else?
TDavid
· 1 year ago
Robert - man you're one stubborn guy. Haven't done my homework? Let's see, it's not too difficult to see you hadn't responded to a blog post (fact). I showed up at your live mogulus show and asked you specific questions (you answered one of them in a strange way)
RE: "Did you NOT want me to use that for my own purposes? What rules do you put on our friendship?"
This depends on what you mean by "my own purposes" -- I expect as a matter of professional courtesy that my contact information isn't put in a service that has any history of spamming period by other contacts. That goes for every professional and personal contact, regardless of how good a friend they are or not.
Robert, really, is this that difficult a request? It's professional courtesy!
I'm not totally surprised by this. When we met up at Northern Voice we were sitting there in a group talking and your wife walked up to us and you didn't bother to introduce her to any of us there. That included Marcus from Plentyoffish.
Remember that day and awkward moment? I sure do. Manners and professional courtesy are something you apparently have to work a little harder at, Robert.
mj
· 1 year ago
"It is a violation of GMail terms of service to do an import to another service."
So it's against FaceBook, against GMAIL but apparently fine with Scoble.
This is why we need ONE CENTRAL IDENTITY
Judi Sohn
· 1 year ago
Robert, the reason why I don't trust you has nothing to do with you, personally. I don't know you beyond your blog and you don't know me beyond mine. We haven't earned each other's trust yet through any kind of meaningful communication. Until I blogged about you, I was just one of the masses. ;-)
I never put a halo on Facebook, but that wasn't the point of my post. No one at Facebook is going to find you on Facebook unless you have an account there, at best they have an email address as someone tried to add you as a friend. As you learned, you can disappear quite easily. No one at Google is going to find you on Gmail (beyond how you may appear in a To: field) unless you have a Gmail address. Plaxo knows my name, address, phone number, email address, and other information about me including who my friends are, and I have no control over that.
Why? In part because Plaxo built their business marketing themselves as a utility for data management. That's why you wanted to use it, and that's great...for you. But *think* about what you're feeding them and what that information in the wrong hands could mean. If Facebook turns ugly, everything that I brought to the table is in a small, walled garden. I hit the delete button and it's gone. That's my safety net.
I had absolutely no problem with Plaxo and was a Premium paid member until they introduced Pulse and their tone/direction changed. Spam should be the least of our worries.
I won't be comfortable with Plaxo until I have the option of completely removing all traces of my information from their servers, if I so choose. Facebook hits Gmail long enough to ask "are you a member?" and then gives you the *option* of asking your contacts "do you want to be a member?" Plaxo *retains* what they get about ME from their interactions with YOU, and that's what I don't like one bit.
Slobokan
· 1 year ago
John McCrea,
No, I personally did not violate their terms of service, because I did not allow Facebook to import my Gmail contacts.
But, since it is a violation of Gmail's TOS, then it's up to them to enforce them.
Just because someone else does it, doesn't make it right when you do it.
John McCrea
· 1 year ago
Sorry, Slobokan. My error. Too fast typing.
Krish
· 1 year ago
Well said Robert. I told the same thing when I responded to Jermiah and others in his post.
slavior
· 1 year ago
Robert, you don't seem to understand: Plaxo is bad, they spammed in the past so we can't trust them; Facebook would never do evil things like that - apart from breaking Gmail's TOS, implementing Beacon, etc.
Plaxo may also be sold in the future, and who knows what the future owners will do with all that data. Facebook on the other hand will never change corporate direction or ownership. I guess you'll just have to trust me on that one.
I so love me a good double standard...
Donald
· 1 year ago
"So, to Judi, why is it OK for Facebook to import all my Gmail email addresses? Why aren’t you screaming bloody murder about THAT? After all, did anyone on Gmail approve me to import their email addresses to Facebook?"
Well, because when you created a FB account, you agreed to allow them to do that. Last I checked, I have the option of NOT doing that if I so choose. Clearly you failed to either read or comprehend the TOS in FB until you got your hand slapped. Now you are trying to justify your ignorance by making illogical arguments (most specifically the relativist fallacy). The issue is not about what GMail does or doesn't allow, nor is it about what you may choose to store in Outlook and how you choose to do that. The issue is you blatantly violating FB's TOS AND allow that data to be accessed by a third party company that your friends likely did not give you permission to do.
That fact that you SAY you didn't do anything with the information once you got it is also irrelevant, and really not the point. If I steal something then decide not to use it, that doesn't make the crime less punishable.
My data on Facebook is what I choose to share with my friends. I am the one that chooses who to add to my friends lists and WHAT data I share with them. Then I trust the FB will enforce their TOS when these friends violate it. FB's TOS make it clear they won't allow data scraping. By signing up I trust that they will enforce that term. Frankly I believe they violated their own TOS's when they allowed you back in when you clearly and willfully violated the agreement you made with them.
Johan Myrberger
· 1 year ago
Robert, to comment back on your comment #28 on my #23:
In #28 you say: "Johan: OK, so you’re OK if I manually put your email into my Outlook or Gmail account from Facebook, right? Just because that didn’t technically break Facebook’s terms of service, is there really any difference there?"
You're mixing things here! Now, we're not yet connected on FB (I'll send an invite right after this..). When we are connected I can choose what to share with you on FB. And I will select to share my email addresses with you. And you are free to put them in your address book (and if you put them in Plaxo you'll always have my latest updates - that's one thing I like with Plaxo!)
Personally I do not care how you get the email out of FB. But as I said in comment #23 - screen scraping is not allowed by FB (it has nothing to do with *me*) I am not that happy with the FB ToS either, but I use FB anyway...
And also, seems like John in comment #26 took way my second argument in comment #23. I will read up on the facts, but am willing to fold on th second argument. the 1st and 3rd still holds though...
Chris
· 1 year ago
And, I made it clear in this post that I didn’t use your information and neither did Plaxo. We wanted to make a point. And we did.
So let's say I DDOS your site.
But I only did it to make a statement.
We're still cool, then, right?
Tom
· 1 year ago
Donald, you're an idiot. I hate to turn it into this but you are. If you add someone on facebook then you gave them permission to see your profile. It doesn't matter if a computer program copies down your info or if I do... scraping is scraping. What happens to your data is then up to the host company (i.e. Facebook) and the people you choose to friend. If you don't like your data ending up in Plaxo or Gmail or Yahoo or Skype or anywhere else then you have the option to hide it on Facebook. Maybe you should have thought twice before adding Robert who you clearly didn't know in person instead of bitching about it on his blog. Now that's a thought!
Greg
· 1 year ago
You're being deliberately obtuse here, Robert. Facebook renders e-mails as an image. There's only one reason to do that, and that's so they won't be scraped. And that's why I post my e-mail publicly on Facebook - so if you want to use them, you do in fact have to use the 'napkin method', and you aren't some anonymous (often malicious) 'bot. Email-as-image is a long-standing social convention, used on many many blogs, that says 'hey, humans can use this but I really don't want to make it available to spammers or other address-scraping bots.' It's no different from restrictions in robots.txt or a CAPTCHA on a web form - humans only.
As soon as you heard Plaxo was developing character recognition software to go against some very clear user preferences - since there's only one reason to display an e-mail as an image - you should've ran the other way. Flagrant disregard for implicit but obvious user wishes is a dick move.
Karim
· 1 year ago
robert you really are delusional enough to believe we live in an egalitarian world where everyone is equal?
Right, so, because inequality exists and we'll never be able to completely eradicate it, we should just give up on reducing it at all?
It's not even a slight inequality we're talking about. We're talking about Facebook screen-scraping millions of addresses out of Hotmail, Yahoo! Mail, and Gmail (in flagrant violation of each one's ToS), but Facebook yanking Scoble's account just for mere appearance of doing the same damn thing?
Facebook is brazenly HIJACKING 18-wheelers from Nabisco and Pepperidge Farm full of cookies, but throwing Scoble in detention because it sort of looked like he might have had his hand in the cookie jar?
And the appropriate response to this level of hypocrisy is, "Well, life's unfair, deal with it?"
Of course that would have gotten you much less attention, traffic and links, which is what I think was part of your plan all along.
How is that mind-reading thing working out for you?
If you are going to be an attention whore fine admit it up front don’t hide behind the guise of championing for the freedom of my data, when what you really are working for is feeding your ego and increasing your exposure above all else.
Wow, so Scoble's stated motivation was to get the contact data for his "friends" out of Facebook, but you, Professor Xavier, with your Magical Mind-Reading Powers, have informed us all that that was a complete lie and that he just wanted to "feed his ego" and "increase his exposure."
Jealous much?
As for attention whorishness, um, are you new here? Did you not notice this guy Scoble tends to live his life online?
Besides, if Scoble's an Attention Whore, what does that make you for paying attention and commenting several times? An Attention John? :-)
Sam I Am
· 1 year ago
Robert, how many email addresses did you have in Gmail when you signed up with FB? Those are email addresses you've had with you for a while if you're anything like me. People you really know, have met or done business with etc.
On Facebook, 90% of your friends are probably not really friends or people you know, right or wrong?
I'm sure the 10% don't mind their data they gave you heading off to another database like plaxo, since you could have done that directly. It's the other 90% that are your 'friends' that is the HUGE difference between what FB is doing and what you did with Plaxo.
On the other hand, it's also the fault of anyone friending people they don't know, which is not just you but also that 90%.
I don't blame you any more than the 4500 or so folks that aren't really your friends but still friended you. A smart man like you SHOULD however realize the difference between the two systems.
giginger
· 1 year ago
Try and look at it this way.
Imagine you and I went to school with Plaxo. You got on well with Plaxo but I thought they were a dick.
Facebook comes along and Plaxo adds people they know the names of. I get the request but ignore it because I thought they were a dick. You however add them because you got on well.
Plaxo is round yours one night and asks to use your facebook profile to check out my profile seeing as they can't see it. You say that's cool.
I wouldn't be happy about that because I refused that person friend request for a reason.
What you've done with their script is exactly the same. They've essentially logged in as you and checked out everyone's profile because they couldn't see it any other way. You could argue that it's fraud to a certain extent.
I'm all for open data but this is just a backward way of going about it. I'm glad I removed you from my friends list ages ago because there's no way I'd want my data anywhere near Plaxo. I'd much rather there was a way that Plaxo could send a request to retrieve my data on your behalf. That way I can click ignore. That would be the correct way of doing things. You've just assumed that if someone is your friend on Facebook then they'll happily be your friend on Plaxo. That's just shortsighted.
francine hardaway
· 1 year ago
Facebook isn't a monster, nor is Plaxo. But some of their users are. I resent it when a total stranger asks to connect with me on Plaxo because hs is building his network in the hopes that he will build his business. That, to me, isn't a social network. I love to meet people on social networks, because I like to meet new people, but I don't want to be used by absolute strangers who are trying to sell me real estate in Costa Rica or take my time ignoring them one-by-time-consuming one.
I am hoping that if I say this enough about Plaxo, Smarr will read it and come up with a better system.
Pat Kershaw
· 1 year ago
Dead on People need to take a bit more personal responsibility. If you give any details to any-one, anytime, through any means, NOT just with the internet, or facebook, you have given your trust to that person to use that information responsibly. If they don't, woops. But really, if it is a friend, moving it, whats the deal. When they move it, do the stop being a friend? Do they automajically change? So Robert decides to use Plaxo to store MORE than 5000 email contacts? that just proves 2 things 1. Facebooks limit is restrictive to (some) members 2. To stop scripts, and "Napkin" transfers, they need to make it EASY and controlled! (Ie. tell those involved if you like... "Robert Scoble has Hijacked your name and taken it to another, competing, profit-driven service..."... sorry) To summarise, if you give you details to the phone company, the bank, the nieghbor... they will all pass on some details sometimes. The question is why. Is it to profit? Is it to smam... The issue is not portability, but control, and visibitily. Make it easy, make it obvious, and inform those affected, (and in future inform up front of possibilities).
MUC
· 1 year ago
Robert, as a Plaxo shareholder, I applaud every one of your Plaxo posts. This is saving Plaxo buukuu moola in PR expenses. No, wait, they couldn't afford this much publicity. I think a Plaxo post every other day should get us a pretty nice asking price in the February timeframe (Porsche HERE I COME!!!) Keep up the GREAT work!!! YOU ROCK!!! Oh yeah, and thanks to the entire internet for providing all your contact info to Plaxo's databases!! (SPAM=CASH MONEY!!!)
Bob
· 1 year ago
why weren’t you all up in arms when Facebook imported your data and your friends email addresses from Gmail?
I wasn't upset, because it didn't happen. I do not provide that kind of data.
Robert, are we to assume that the e-mail address we provide you here at Scobleizer.com to post a comment is shared with other social networks?
What line do you draw with using someone else's personal information?
Jake McKee
· 1 year ago
OK, I'll ask the obvious question.... which is it, Robert? Were you pushing FB buttons fully knowing the likely outcome (like you talk about today) or were you shocked and surprised at what happened (as you implied yesterday)? I'm having a hard time following your position here...
Further, I find it a ridiculous argument to say that you just used this data in a test account. Where does that account live? The data is stored somewhere, right? Are you involved in a formal relationship with Plaxo enough to ensure that this "test" account isn't going to roll your 5,000 bits of new data into the larger master database? Either man up and admit you have a formal relationship with Plaxo or agree that there are enough unknowns here that you've made a mistake in trusting them so implicitly.
The real issue in this discussion is one of context. The context of when and how I'm asking for my Gmail info (a practice I neither support or agree with, FYI), is one of limited use and specific purpose. The context of what this Plaxo script is doing is far more broad reaching. And given Plaxo's previous reputation (which adds to the context), who's to say that once they get out of beta they wouldn't extend the collection of data past name, email, birthday alone?
Context matters.
Adding to your personal address book is a different context than adding to the corporate database of a business known for spamming.
I'm not saying you should, necessarily, have gotten permission to do this, but I'm saying we all should start applying more common sense to the way we handle this implied trust inherent in the friending process.
Since you've given contradictory positions about what this whole debacle was based on (beta test and/or poke at FB), it's hard to know what your real motivations are here. But whether this was a beta test or some sort of civil disobedience, the fact remains, you made your 5,000+ FB contacts unwitting accomplices in that process.
weaverluke
· 1 year ago
Robert,
Your arguments are wholly logical. Unfortunately, "privacy" is an emotive issue that makes people fearful and illogical. That said, looking at the rapid evolution of technology and society, there's only one way all this stuff is going to go—and that's the way you're going. So thanks for blazing the trail. : )
Jim Russell
· 1 year ago
Robert, you're right on the money about there being little difference between running the script and manually gathering your friends' email addresses. The Facebook "solution" of making the email addresses into image files is just another DRM-like pretense. I covered this in more detail in this blog post, and Kevin Gamble also addressed the issue here.
I think your alpha test should be compared to DVD-Jon's CSS code -- a concrete demonstration of the futility of trying to "encrypt past the intended recipient".
Livia Iacolare
· 1 year ago
This is ridiculous.
Fortunately I did not befriend you on Facebook, so I am not giving my data to Plaxo.
Oh s**t, I forgot I have an account on Plaxo... Let me go remove it right now.
Open you eyes, people!
Donald
· 1 year ago
@44 "Right, so, because inequality exists and we’ll never be able to completely eradicate it, we should just give up on reducing it at all?
It’s not even a slight inequality we’re talking about. We’re talking about Facebook screen-scraping millions of addresses out of Hotmail, Yahoo! Mail, and Gmail (in flagrant violation of each one’s ToS), but Facebook yanking Scoble’s account just for mere appearance of doing the same damn thing?"
Whether Scoble read them or not, or even understood them, he agreed to FB's TOX by creating an account. So, what FB does or doesn't do wrt to other systems is irrelevant to this issue. Scoble violated terms he agreed to.
Donald
· 1 year ago
"TOS"
Lisa Amorao
· 1 year ago
When I heard about the incident I immediately recalled how you responded when blogger Harry Joiner's account was shut down by Facebook for importing his entire email address book:
With regards to data portability, you claim to have added 4200 (you have more now) one at a time and from the comment it seems this is the way to connect to others in social networks. Do you feel differently now?
Tim
· 1 year ago
You make some good points there. I do wonder why people are selectively screaming about your recent fiasco, but don't mind that FaceBook imports all of your GMail contacts. It's the same damn thing, sounds like it anyway.
I think a more fine grained permission/preferences thing would be an answer. There are standards for email (POP/IMAP), web (HTTP/HTTPS) and other things (FTP, TCP/IP, etc..), so maybe we need to come up with something for information sharing preferences or something? Someone write up and submit a new RFC on personal data sharing? I'm probably crazy though, nobody's gonna do that. :)
wilhelmus
· 1 year ago
Thanks for fueling this debate Robert.
The point is not that Facebook's TOS was broken, nor if Plaxo is evil. The point is data portability, and breaking through walled gardens. Facebook and Plaxo just happened to be vehicles to drive the point home. Sometimes civil disobedience is a necesity for change.
The reality is that as soon as you hand somebody a business card or send somebody and email, your data is out there. Are you going to ask somebody if they use Plaxo or some other service when you hand them a business card?
My social graph should be portable between networks. Why do I have to befriend everybody multiple times? Next, I should be able to add restictions on a user/friend level (call it DRM for friends if you like).
But first we need to break down these walled gardens, put up there for no other reason than power and control.
Sam Spade
· 1 year ago
Re "why weren’t you all up in arms when Facebook imported your data and your friends email addresses from Gmail"
That would be because Facebook can't do that unless we give them our gmail details. By giving them our gmail details we are giving Facebook permission to import that data.
Facebook, on the other hand, have specifically *withheld* permission for you to pull data from Facebook in the way that you did.
What it all boils down to is you agreed to specific terms and conditions when joining Facebook. You did not abide by those terms and conditions. Everything else is red herrings.
Oh, and just because you can find a way around the terms and conditions ("write it manually, don't use a script, they'll never know") is beside the point, and reveals a lack of worrying lack of ethics.
Perhaps a little less trying-to-beat-the-system and a little more playing by the rules is in order.
ZebZiggle
· 1 year ago
I agree with Judi. You broke the trust relationship with your friends by exporting *their* personal information to Plaxo ... whom we do not trust.
But your explicit action is really no different than anyone that adds any third party application to FB. That application can access your entire friends list even if those people did not add that application.
This is an interesting dilemma since now I not only have to trust FB, but I have to trust all my friends with my profile data.
PS> Plaxo cannot access the email information from FB (look at the API), but they can get enough data to make the matching to existing contacts pretty easy.
Is it then my moral responsibility to turn off "See My Friends" to *all* users on FB? Currently I have it as "Anyone can see my friends".
You and I can be friends, but you can't see my friends list because I can't really trust you to use that data in the same way I would.
This has a big impact on how people use the service since that's how you find your other friends.
Great! Nice can of worms you've opened here. :-)
John McCrea
· 1 year ago
Reading Judi's original post, you'd think that she feels anyone who would use the service would be violating the privacy of their friends by uploading their contact info without their permission.
Strange, here's what she was saying about Plaxo just a few months ago:
"The idea behind the new Plaxo is that it can serve as the 'hub' of your calendar and contact data. If you have your contact and calendar data in multiple locations this is welcome relief. As web workers who deal with many different people using many different systems, it’s not uncommon for us to have calendar and contact data in bits & pieces everywhere. Plaxo helps bring it all together."
And Judi appeared to take no issue with the ability to import from LinkedIn:
"LinkedIn: For Premium Subscribers only. One-way sync of contacts, with only the ability to add LinkedIn contacts to Plaxo, not the other way around. The sync is also manual, which means you have to remember to initiate a sync. There’s some competition between these two services, so limitations shouldn’t be surprising."
Hmmmmmmmmmmmmmmm.
Insider
· 1 year ago
From her previous comment in this thread it looks like her opinion of Plaxo has changed:
I've been following this whole mess for a couple of days, and it really is a BIG MESS. My take on this for you and all your readers is best explained on "Utah Tech Watch" at http://www.utahtechwatch.com/industry/who-owns-....
Sorry Robert but I disagree with you totally and feel it was wrong for you to import your Facebook "Friends" into Plaxo, test account or not, and Facebook had every right to drop your account.
As one of your Facebook "Friends" I followed what you were into, emailed once and awhile and hope you found something I linked to or posted of interest. What I did not do is give you permission to post my email address or personal information to a third party site. It really doesn't matter what Facebook does or does not do with my information as I have given them permission by agreeing to their Terms of Service, that is a none point. It really doesn't matter if there are other tools for doing the same task, the tool is not the issue, the issue was your call to basically crawl Facebook for Plaxo and provide Plaxo with 5,000 valid email addresses.
You say you wanted to push Facebook's buttons so you ran a script to export information Facebook deems their property and gave it to a third party. Did you run any such script while at Microsoft and provide thousands, millions of email addresses of Microsoft customers to a third party? Of course not because you knew 1) Microsoft would have canned you and likely taking you to court, 2) you considered that information the property of Microsoft, 3) you just knew it was wrong. What's the differnece?
I follow your Blog, checked out things you did on Facebook, watched for your name in the news or other Blog post and still will but we will have to agree to disagree on this one, you were wrong.
Judi Sohn
· 1 year ago
John, My positive comments were entirely about Plaxo, the contact data sync manager. I was a paid premium member for years.
Then you introduced Pulse and switched focus to social networking. And now it's not about my contact list as an easy way of getting at phone numbers, it's about the friends of the friends and connections in my contact list. All well and good, but that isn't what I signed up for.
As I said a few minutes ago in a reply to your comment on my blog:
"You can’t be an 'address book service' when it’s convenient, and a social network the rest of the time without drawing these kinds of questions.
And since you are for sale, you should be very clear about the data you have and the connections you’ve built (and are capable of building) with the profiles of non-members. Your privacy policy says what you won’t do. I want to know what you have and can do, but don’t because you’re ethical. Your buyer may not be.
An address book service is putting pebbles inside a black cup. A social network is putting pebbles into a clear bowl. Which is it? It’s my position that you can’t have it both ways."
drew olanoff
· 1 year ago
I'm sure it's been pointed out, but when you import a friend from Gmail, it sends them a friend request. An OPT IN to be your friend. No actions happen until they approve it.
That's the difference.
Olly S
· 1 year ago
Those of you who are worried about what a potential sale of Plaxo would mean for your data would be well advised to take a look at their privacy policy: http://www.plaxo.com/privacy
Personally I trust them - their privacy policy is one of the best in the industry. They put the user first in almost every area - asserting that ownership of the contact data you add to their system is yours, and they will never do anything with it without first notifying you in advance to give you the chance to opt-out.
Olly S
· 1 year ago
Also Robert, for reasons I cannot fathom, your website is blocked in China - I am accessing it through a proxy. Can't imagine what you could have done to piss of the Chinese government. Is there anything you want to tell us? ;)
Judi Sohn
· 1 year ago
Thanks, Olly. But I was asking about the information belonging to *non members.* Folks who were added to the Plaxo system through a member syncing a database (or running a Facebook script).
I'm glad Plaxo will notify members before the company is sold. Will they also send notice to everyone I added to my contact list? To the folks that Robert scraped from Facebook into his test account? While you can ask to be removed from a member's address book, can you ask to be removed from ALL member address books?
I'm not saying that I think the answers to these questions are negative. I'm saying these are questions that should have been asked and answered before running a "push Facebook's buttons" script loose on 5,000 of your "friends."
Karim
· 1 year ago
Whether Scoble read them or not, or even understood them, he agreed to FB’s [TOS] by creating an account. So, what FB does or doesn’t do wrt to other systems is irrelevant to this issue. Scoble violated terms he agreed to.
I agree he violated Facebook's ToS (if you assume that the Plaxo program qualifies as a "script"); I agree two wrongs don't make a right. BUT...
All Scoble was doing to Facebook was what Facebook constantly does to others. In that sense, he is doing several things: pointing out a MASSIVE hypocrisy on Facebook's part, for one. Making it clear that Facebook's idea of customer service is to kick your ass to the curb and ask questions later, for another. Making folks think, and getting people to discuss the issues involved, for another.
In some ways, what Scoble did was analogous to civil disobedience. In civil disobedience, people EXPECT to be arrested, because they are breaking some minor law (in a non-violent way) in order to bring the public's attention to some OTHER wrong that is FAR, FAR GREATER.
In this case, Scoble has brought our attention to the fact that Facebook is a MASSIVE hypocrite: it constantly screen-scrapes email addresses from other email services, but doesn't allow YOU to do the same to Facebook. He has also brought to our attention their stellar "shoot first, ask questions later" customer service. And he's making a lot of people think about how dependent they are on the services they use.
Donald
· 1 year ago
@68 And I'm sure as an employee of Plaxo you don't mind LinkedIn's offering, either. But you are still missing the point. Linked in permits their users to do that (and they also require you to PAY them to be able to do that).
Write or wrong, FB doesn't allow it. LinkedIn does. The point is the blatant violation of the FB TOS. If I were Plaxo and I really wanted to mine the FB directory, I would have reached out to FB and proposed a service to them that was a win/win so everyone could be up front about what was happening.
Donald
· 1 year ago
@78. He knew going in what the rules are. Hypocritical or not, he agreed to them. This is not akin to civil disobedience. This is more akin to going to a free concert, knowing that recording devices aren't allowed, but using them anyway and bitching about getting caught and thrown out, but then saying it's not fair because the concert promoter was recording the concert for a future album release. Scoble wasn't trying to the Martin Luther King of social networking. More like trying to be the Al Sharpton or Jesse Jackson...concerned more about visibility than actual change.
I would have been inclined to almost buy into your "power to the people" theory if not for what Lisa @61 above points out. It appears Scoble is being a hypocrite. He didn't agree with it then. My guess is because he couldn't figure out how to do it himself so he came out against it. Now that someone ELSE provided him a tool for a product he's shilled for in the past, he's fine with it.
ZebZiggle
· 1 year ago
Karim ... hypocrite? Puhleazze. And certainly not as critical as the risk of the data leaving without your permission. If you had of read the FB TOS, you would know not to back yourself into a corner.
To be honest ... I like the corner. I like knowing that my data is a (or at least should be) a one-way street. I *choose* to put it in there. FB is doing the right thing detecting and enforcing that someone was running a script. I know all bets are off when I add a third-party FB application, which is why I don't add them. Nothing. Not one. I only use FB sanctioned apps which live under the FB TOS and privacy policy. Your mileage may vary.
As I've mentioned to friend, I think the solution is to support multi-tiered privacy in addition to the fine-grained privacy that FB offers.
Let's say (back of the napkin):
Level 1 - I won't share anything about you. Promise.
Level 2 - I may share your status, hobbies, movies, etc.
Level 3 - I may share your name, gender, age and general geography.
Level 4 - I may share your phone numbers, home address or email.
Level 5 - I don't promise anything. Give me your info at your own risk.
For example, "Only share [this data] with friends that offer privacy level 2 or less" where N is some gradient of assurance/promise. The platform should enforce no one gets what they shouldn't. It's privacy policies on a relationship-by-relationship basis.
In this case, Robert was Level 5.
That way, of the 5000 FB friend of Scoble only a lazy or care-free subset could have their data exported.
Thoughts?
Ajay Mishra
· 1 year ago
I like Scolbe's idea of DRM to profile data.
Its like mini-me: I, me, Mine.. implemented, especially keeping in mind American sensibilities around privacy and private data etc.
I just somehow, dont understand why: people enter Gmail and other userid and password data on such sites !
Anyway, we would be launching mine-me ( I, Me, Mine) stuff --> Robert Scolbe calls it DRM for profile data.. Cool..
ciao ajay
Karim
· 1 year ago
Scoble wasn’t trying to the Martin Luther King of social networking. More like trying to be the Al Sharpton or Jesse Jackson…concerned more about visibility than actual change.
You know, back in the day, a lot of people put King, Jackson & Sharpton in the same bucket. Though we have a holiday for MLK now.
I do not know what you mean by "concerned more about visiblity." Doesn't knowing his true "concerns" involve the ability to read his mind? Scoble says he just wants to try out this Plaxo program, but you (being able to read minds) know that his real motivation is "visibility," whatever that means.
We can guess at his "real" motivation all day long, but you can only reasonably discuss what he actually did and said.
And in the end, what does it matter anyway? Did Scoble, King, Jackson or Sharpton do everything they did because, deep down inside, they were all attention whores? The motivation doesn't matter quite so much as the acts themselves. Besides, half the time people don't know their OWN motivations!
The other half of the time they project their own motivations onto others. ;-)
I would have been inclined to almost buy into your “power to the people” theory if not for what Lisa @61 above points out. It appears Scoble is being a hypocrite. He didn’t agree with it then.
:-) It doesn't look like he's being a hypocrite to me, because they're two different issues.
The story Scoble commented on (mentioned by Lisa @ 61) was about a guy who took 4,600 addresses out of Gmail, and MASS E-MAILED ALL 4,600 ADDRESSES with invitations to join Facebook.
Scoble left a comment calling that "spam behavior." Presumably because it is. :-) If AOL or Comcast sees several hundred messages dumped on their doorstep by a Facebook mail server, Facebook might end up on a spam/UCE blacklist.
Sending unsolicited email to 4,600 people isn't the same thing as harvesting 5,000 email addresses. They're totally different things. You can be against sending email to 5,000 people while being in favor of being able to collect 5,000 email addresses. One involves annoying people and the other doesn't. :-)
Remember, Facebook is one in power here: they're the ones with the 15 billion dollar valuation, they're the ones "erasing" people without so much as a WARNING, they're the ones sponsoring Presidential Debates in New Hampshire. We're just the people. So yeah, power to the PEOPLE, baby! Can you dig it? :-)
ZebZiggle
· 1 year ago
The DRM that Robert proposes is fine-grained control and what FB already has. You control what can be seen on a per item basis, but it applies the same to everyone. What I'm proposing is computed on-the-fly depending on who you are talking to. The context of the conversation changes the rules.
Another way to interpret what he is saying is that I have to explicitly set it for each friend. This doesn't scale, especially for 5000 friends.
The level proposal is a general agreement in principle. Of course, is someone is scum, they will say "I share nothing" when, in fact, they will.
Trust.
Karim
· 1 year ago
hypocrite? Puhleazze.
"Hypocrisy is the act of condemning another person for an act of which the critic is guilty."
Facebook condemns you for screen scraping email addresses. Yet they screen-scrape email addresses every day, from Gmail, Hotmail, and Yahoo! Mail, in violation of Terms of Service. Facebook = hypocrite.
I like knowing that my data is a (or at least should be) a one-way street. I *choose* to put it in there. FB is doing the right thing detecting and enforcing that someone was running a script.
You know, I could almost buy the "Facebook as Protector and Guardian of Your Data" thing if it weren't for Facebook Beacon. Obviously they're only interested in protecting your privacy to the extent it doesn't interfere with them turning a buck.
Rijk
· 1 year ago
I totally don't understand the problem. I'm a bit like Judi Sohn - I don't want someone I don't really know to have access to my profile, so I do not 'friend' such people on Facebook.
People seem to have mixed up expectations. It should be utterly obvious that the 'FAN ONLY' permission type Robert mentions does not exist at the moment - so why expect that to be honored?
Donald
· 1 year ago
@83
"You know, back in the day, a lot of people put King, Jackson & Sharpton in the same bucket. Though we have a holiday for MLK now."
And there's a reason we don't have a Jackson or Sharpton holiday. At one time I'm sure Jackson was a true supported of MLK, given he was there the day King was shot. But then he saw he could make a lot of money preying off of perceived racism. But...we digress.
"I do not know what you mean by “concerned more about visiblity.” Doesn’t knowing his true “concerns” involve the ability to read his mind? Scoble says he just wants to try out this Plaxo program, but you (being able to read minds) know that his real motivation is “visibility,” whatever that means."
True I cannot read his mind. I can only go by his actions. I'm sure there is some reason he didn't want to handle this privately and not tell the world what happened. Just like Jackson never does much behind the scenes
"The story Scoble commented on (mentioned by Lisa @ 61) was about a guy who took 4,600 addresses out of Gmail, and MASS E-MAILED ALL 4,600 ADDRESSES with invitations to join Facebook.
Scoble left a comment calling that “spam behavior.” Presumably because it is. :-) If AOL or Comcast sees several hundred messages dumped on their doorstep by a Facebook mail server, Facebook might end up on a spam/UCE blacklist.
Sending unsolicited email to 4,600 people isn’t the same thing as harvesting 5,000 email addresses. They’re totally different things. You can be against sending email to 5,000 people while being in favor of being able to collect 5,000 email addresses. One involves annoying people and the other doesn’t. :-)"
True. But had he not gotten caught and his hand slapped, we have no idea what Plaxo would have done with the data. But, given their past history....... True, Scoble says "he didn't do anything the data", but we will never know for sure.
"Remember, Facebook is one in power here: they’re the ones with the 15 billion dollar valuation, they’re the ones “erasing” people without so much as a WARNING, they’re the ones sponsoring Presidential Debates in New Hampshire. We’re just the people. So yeah, power to the PEOPLE, baby! Can you dig it? :-)"
This again is the two wrongs make a right illogical argument. You do understand the concept of "participate volunaritly"?. Facebook users signed up for this when they created an account. Shame on them for finding out later how one sided their TOC's are. Do I agree with them? No. But, they are really not all that different than other types of FREE services. The user assumes all the risk. Until you start paying money, that's pretty much how it is. Users agreed to these terms when they signed up. Facebook will only change them if they can still legally protect themselves.
Ginrod
· 1 year ago
Hey, there is a new web 2.0 service to counter the trend of over the top media sharing promoted by social networking sites.
2Pad was developed by 3 French entrepreneurs as the only private photo and sharing service. Using the latest in web technology, such as Ajax, 2Pad allows you to privately share your media from your personal gallery.
Simply start by sending your media via email to 2pad@2pad.com and 2Pad automatically creates your personal gallery. We would love you to test it out and send us feedback! Thanks! Susi and the 2Pad Team.
grinch
· 1 year ago
First off, Plaxo spams everyone in your contact list with requests to update. That, in itself, should show you that importing your contacts into Plaxo is a bad idea (unless you really want to make them ex-contacts).
People signed up for Facebook and made you a "friend". They didn't give you permission to fold, spindle, and mutilate their personal information via non-Facebook systems, spam them, drop by their RL residence uninvited, or stalk them.
Your actions are one of the reasons people point out as the evils of social networking.
macbeach
· 1 year ago
#86: You're being too kind to vendors.
I've never read a TOS that involved paying money that promised me anything more than a refund if the product failed to perform (and even then the costs associated with getting that refund seem to exceed the refund amount).
The issue here involving TOSs is an ethical one, not a legal one. As far as I can see, nobody has broken any laws.
It seems clear that there are Facebook users here so rabid that they can't conceive of the company being wrong about anything. Considering their recent and documented excesses, this is quite impressive. You can indeed fool some of the people all of the time. But we already knew that.
I'm starting to think that Google was very lucky to not have gotten involved with this company.
I feel sorry for some of my friends who have given out so much information on themselves via Facebook to companies that they know nothing about, in exchange for being able to throw virtual sheep or food items at one another.
I read one post above from someone who had never installed a single Facebook app. There must be very few people in that category. The Facebook apps are hardly a replacement for e-mail, photo sharing, blogging or dozens of other things people do on the Internet. Facebook is in the cat-bird-seat, collecting all the profitable information about their users and leaving the heavy lifting to companies and individuals all over the world, in many cases way out of reach of our legal system.
The people who have used some of these apps are going to need something like Plaxo, because there will be a flurry of e-mail address changes in the next couple of years as all of this information gets out and the old addresses become unusable.
#41: You got the hypocrisy right. You need more typos in your message though. It's getting really hard to believe that Facebook started out with an exclusive college user base. A bit scary too.
Chester's Home Remedies
· 1 year ago
I was trying to warn one of my friends with teenage daughters about the dangers of Facebook. It was amazing to me that her daughters were so in love with the program that nothing we told them could possibly make them stop. If anyone has a good way to help explain to teenage girls the dangers that it trully poses for them and their future, please post it so that I can use it. Thanks!
Donald
· 1 year ago
@86 Not a Facebook user. Nice try. I see private investigating in your future.
"The issue here involving TOSs is an ethical one, not a legal one. As far as I can see, nobody has broken any laws."
No, it IS a legal one. There's civil and criminal law. This has to do with civil law, which more often than not doesn't involve law breaking. The user, when signing up, is given adequate opportunity to read and view the TOS, and also has to AGREE to them. Basic contract law 101.
"I’ve never read a TOS that involved paying money that promised me anything more than a refund if the product failed to perform (and even then the costs associated with getting that refund seem to exceed the refund amount)."
I find that difficult if not outright impossible to believe. If you've ever opened a box of software you've agreed to similar Terms of Use, also known an End User License Agreement. If you've ever downloaded beta software you've agree to similar terms of use; particularly in the are of indemnity and the company's responsibility for your data when using your software. My guess is, you've agree to similar types of TOS's. Whether you actually read them or not is another question.
Stacy Martin
· 1 year ago
Wow - this discussion is fascinating. It's obvious people are still as passionate about privacy issues as they were a year ago when I left my position as Plaxo's Chief Privacy Officer. While I'm no longer associated with Plaxo, I wanted to share my own thoughts on the matter.
First, as long as people disagree on who owns PII (Personally Identifiable Information), there will always be disagreements over privacy. To me, it's very clear - any PII data I possess through legitimate means, is my information. It may be information about me, my pet, my family, or my acquaintances... but the information is still my information... and I may do with that information whatever is legally permissible.
If I post my information (or a subset) someplace where others can access it and read it... the source is still my information, but if others make a legitimate copy of the data, then that copy is now THEIR information. There is no copyright protection for contact details. If I don't want others to have it, I should take better care when posting. By posting information in a public place, I should have full understanding of the possible implications.
People are free to use their information as is legally permissible. Different countries may have different types of restrictions and laws when it comes to PII. But there is no country I'm aware of that prohibits the possession and storage of PII for personal purposes. Furthermore, there is no country that requires permission from the data subject in order for a data owner to posses and store PII information for personal purposes. Thank goodness for this, cause imagine the lunacy of requiring permission from the data subject everytime you wished to save their Name, email address, or phone number.
In Scoble's case, my understanding is he had legitimate access to the information and therefore has the ability to make the information his own. TOS issues aside, whether he writes the information down on his own, or uses some other tool, it's simply a matter of degree and effort. I think it's a stretch to describe's FB's TOS prohibiting automated screen scraping as an effort to protect members' privacy. FB already protect's members' privacy by prohibiting unauthorized access to members' information, regardless of what mechanism is used. Specifically prohibiting automated tools is more likely to protect the service from service attacks as well as maintain vendor lock-in, which I think is partially Scoble's point.
But one thing I do appreciate is FB statement regarding data ownership: Facebook doesn't own a member's data - the member does. This was one of the main principles we established at Plaxo and I'm happy to see other services have picked up on this as well. While I was at Plaxo, the basic privacy principles we established were: the member owns their information and decides who will have access to it; the member maintains ownership of their data at all times, even if the company is sold or merged, and the member can add, delete, or modify their information at any time. Read the privacy policy of other popular services, you'd be surprised how many of them service DON'T state this. Does this mean that THEY own their user's data??? It's scary.
Snekse
· 1 year ago
Very good points and I like your ideas of controlling how we allow access to our information on other systems. Seems a little like OpenID. I like the fact that you added "FAN" as an option. There are tons of bloggers and others I've met that I wouldn't call a friend, but I still have some contact with them and want to keep connected. This brings up another point that I'm a bit surprised you didn't touch on. A friend is not always a friend. More importantly, a family member isn't always a family member. I'm still waiting for the day when social networks will realize they can't shoehorn everyone into a couple of predefined categories that *they* choose for all of their users. They should just allow the users to create their own categories and the settings for those categories. Oh, and create hierarchies too. After all, my wife's family is not the same as my family and my aunt is not the same as my mom, yet they are all family.
All Comments
http://bub.blicio.us/?p=614
There is something disturbingly underhand about approaching people to get THEM to do Plaxo's dirty work for them.
Get your head out of the sand for just one moment and think exactly what Facebook does when it "imports" those addresses, it either uses it to match users already on Facebook and allows you to ask permission to add them as a friend OR it can send them an email inviting them to join Facebook if that email address isn't associated with an account.
See the difference there? The fact permission is asked is a big difference!
Funny enough there actually are other Facebook applications that do the same thing (the CSV app, for instance) but they don't work on my account because the developers didn't test them on a large-friend network account.
We don't mind YOU having our email addresses from our Facebook profile. So go ahead, write it down and put it into Outlook. Thats what its there for.
But when you put it into Plaxos database, it crosses the line, given their reputation.
I've been on Plaxo ever since the beginning and, while they spammed my friends three years ago, they haven't done that since and have changed their policies.
Anyway, the reason I was using Plaxo was to see if I could get my stuff into Outlook without having to do it manually.
Oh, and Outlook already shares its info with Plaxo. So, if I manually add your stuff into Outlook it automatically gets into Plaxo anyway, if I choose to share it there. You might do some homework on it.
Plaxo has been completely rewritten in the past year, by the way. So, if you had problems with it earlier you might look at it again.
I meant getting info into Outlook as it is meant to be used. Not with their plugin.
Quite frankly I do not trust them to hold a database of information on ME, with data scraped from my Facebook profile. Especially as they are now looking for a sale.
If they were merely a sync utility between address books, then fine. But they are a social network too, with the likes of Pulse, and hold all of that date on their servers.
now what am i saying by all this? that your friend's data in not yours. you can use it, but you shouldn't give it to others without your friends permissions. for example you can have Plaxo script use the emails to look for your friends who are already registered with Plaxo, as long as they don't use, and don't even save e-mails of those who are not.
I hope that if you do make Plaxo your primary social network that you keep your Facebook channels open. There are people who will not follow you over.
Seriously. Open is the way forward. If something better comes along I will sign up, but IMHO plaxo is not is. Plaxo is also for sale. That makes me question the authenticity of what teh Plaxo guys are trying to do right now. What the next owners will do is anyones guess. I posted my own two cents about all this over on my own blog. Remember most of the stuff promoting data portability is very fresh and not widely available yet. I also wonder what if anything openSocial will play in this. I think openID and openAuth and plain old RSS provide us with a multitude of possibilities (future tense).
I think this is so comical. People are honestly complaining about you synchronizing their email address and other contact information after they added you as a friend. Beyond becoming just another member of the "oh my gawd look how popular I am by the number of friends on my list" crowd, what was the point of adding you?
I use Plaxo myself to sync contact information across my multiple email accounts. The company's case is helped by the fact that I have a few friends within the company involved in several very public alpha/beta stage projects. The day that Plaxo violates my trust is the day I pull the plug on my account. Until that day, if you add me as your friend on Facebook or give me your number then I will use it as I see fit within the boundaries of our real-life friendship.
I am a new-ish reader and have heard mixed things about you and your opinions in the past. I just want to say that your recent comments on the google reader debacle and this new 'scoblegate' have given me full confidence in your ability to be rational and reasonable in the face of mass hysteria and privacy fear-mongering in the blogosphere. You've officially locked me in as a reader! I'm sure you're so excited :)
For everyone who thinks that they should be asked for approval before their email address is uploaded to Company X or Company Y (after some thorough, individualized assessment of the trustworthiness of said company), consider this: if you know anyone who uses webmail (such as GMail, Hotmail, or Yahoo! Mail)and they send you an email, oh no! You're email address is now stored in that webmail provider's servers.
There is such an amazing double-standard "logic" floating around this discussion. I suspect a majority of the folks on the other side of this arguement have at one time or another used a webmail import feature on Facebook, LinkedIn, or some other service -- without first asking the permission of everyone in their address book.
I'm one of those people who stayed away from Plaxo several years ago because of the spam issues. I started using it again several months ago because they rolled out a free service to allow you to synchronize multiple address books: Outlook, your Apple Address Book (which synchronizes to my iPhone), etc. Right now, I have over 500 contacts in my Plaxo address book bit only about 5% of those contacts are actually registered with Plaxo. The other 95% are their for my personal use - i.e. none of them were "spammed" by Plaxo asking them to join. I have the option to invite them to join Plaxo but so far I have chosen not to do so. Long story short, many of you who are not registered with Plaxo are already in their "database" without your knowledge. And this has nothing to do with the Plaxo script that Robert ran.
now stop being an attention whore and go play nice with the other kids in the playground ... mkay
But talking about the grown up world of adults: in the grown up world we don't let one person go 85 MPH on the freeway, while we try to ticket other people for going 59.
Which is exactly what you are doing here.
If you are signed up for a service that spammed anybody even *once* nevermind if it was 3 days ago or 3 years ago spamming is in their DNA. Trust in both you and the service goes down (the service more than you, yes, but you still take a hit for putting your contacts in a spammer's clutches).
You are being either extremely naive or ignorant if you can't connect these dots.
Fact: you didn't care to ask any of your 'friends' if you could run some covert bot to extract this information and give it to some third party.
You seem to think this was cool, but if even one of your 'friends' protests, it's not. And you seem to miss the point entirely (or don't respect like you don't respect TOS) that your 'friends' gave Facebook permissions though the TOS, not you.
I can't believe you don't respect all your 'friends' wishes a little more? Despite this stupidity, I'm trying hard to believe you're a better guy than this.
I brought up this trustworthiness issue the day it hit the fan and your response was silence: http://www.makeyougohmm.com/20080103/5022/
Whatever.
Huge difference.
hm - I like the Plaxo services very much, and I read your blog regulary. However this time I believe both you and Plaxo are wrong. Sorry.
Why?
Well, #1: You say
"What if I wrote down Judi’s email and then manually put it into my Outlook’s contact database. Wouldn’t that have been exactly the same thing that I tried to do with Plaxo’s script?"
No. Facebook's ToS specifically states that automatic scripts are not allowed. You might not like this (and neither do I). But if you use a service it is expected that you follow the "code of conduct" for the service. Or?
#2: You say:
" why is it OK for Facebook to import all my Gmail email addresses? Why aren’t you screaming bloody murder about THAT? After all, did anyone on Gmail approve me to import their email addresses to Facebook?"
I have not looked detailed at the Gmail ToS, but as Gmail seems to pubslish an API to export or retreieve the contacts it is OK with them (or?). So Gmail allows you (not Facebook) to actively retreive your contacts. And the fact that *you* decide to do this with Facebook and their ToS is actually your choice. Or?
#3 finally. You say:
"I have NOT used any of the data I collected using Plaxo’s service. That all went into a separate test account and I’m not using that data and neither is Plaxo"
OK - great. That means that if I broke soem kind of ToS (like the law?) and stole your money *but* put he money in a special bank account and didn't use it it's OK. Is that what you're saying?
All in all. I still like you and Plaxo. But I don't agre to the arguments in this blog post. Having said that - a little "Killer Attitude" is always good... ;-)
Pretty much every web importer I have seen so far says that they do not store the information after use. It is there for two reasons. 1) to see if you have any contacts already using the service. 2) send those who arent an invite (opt in)
Can you confirm that Plaxo does NOT retain ANY profile data from Facebook scraping?
And, I made it clear in this post that I didn't use your information and neither did Plaxo. We wanted to make a point. And we did.
By the way, you gave me access to your email when you friended me. Did you NOT want me to use that for my own purposes? What rules do you put on our friendship?
I guess now I know what they mean when they say that 5,000 people can't possibly be "real" friends. Real friends don't mind when I try to put their email address into Outlook or Gmail.
http://paulbuchheit.blogspot.com/2008/01/should...
It is a violation of GMail terms of service to do an import to another service.
Also, the analogy is flawed. It is not a question of whether Facebook gave you an option not to do it. The analogous question is whether you had to seek permission from Google and from the people in your address book.
You violated GMail's terms of service (just as everybody else does.) Google doesn't enforce them, because Google knows that the data really belongs to the user, and they would look like the bad guy if they didn't let you take your address book with you.
I know they told you everyone was beautiful on the inside back in kindergarden, but really that's just a lie that tell fat, ugly, or stupid kids so they don't feel bad.
And if you did take responsibility and weren't being a whiner you would have resolved the entire issue with facebook privately first, instead of vomiting the mess you created all over the internet first. Of course that would have gotten you much less attention, traffic and links, which is what I think was part of your plan all along.
If you are going to be an attention whore fine admit it up front don't hide behind the guise of championing for the freedom of my data, when what you really are working for is feeding your ego and increasing your exposure above all else.
Interesting how many of you are supporting bad TOS's and ones that live by different rules than most of its competitors. Right, you LIKE IT that Facebook is a data roach motel. I don't.
Plaxo is a bit different, in that we have always been a networked address book service. So our users are using import or sync to build up a unified address book. Whatever data is retained is what the user decides to retain.
So, if Robert deleted those folks from his account, that data is erased. It's Robert's address book, and we host it and sync it with whatever tools and services he wants us to, such as Outlook or the Mac address book.
It isn't just about email addresses either. We put up information in Facebook for the benefit of our friends, not for 3rd parties. One can presume that using this tool, Plaxo (who are looking for a sale), can easily get my work information, interests, mobile number, date of birth, IM data, address and so on.
How can you not realise how much of a security issue that is?
When using the Gmail importer in FB, it is name and email address only. Huge huge difference.
Why aren't more people up in arms about that?
I have no idea what Plaxo is. But I think that facebook already lets you configure what your friends can see from their profile.
If you add somebody as a friend, you are giving them the information in your profile. That is what facebook is for!
I think that some of the people on your friend list wanted to have somebody famous there, and now complain that this famous person has their details in his hands ready to try and import elsewhere. I hope that they learn something from the experience.
And how do you know that Facebook doesn't actually harvest everything else?
RE: "Did you NOT want me to use that for my own purposes? What rules do you put on our friendship?"
This depends on what you mean by "my own purposes" -- I expect as a matter of professional courtesy that my contact information isn't put in a service that has any history of spamming period by other contacts. That goes for every professional and personal contact, regardless of how good a friend they are or not.
Robert, really, is this that difficult a request? It's professional courtesy!
I'm not totally surprised by this. When we met up at Northern Voice we were sitting there in a group talking and your wife walked up to us and you didn't bother to introduce her to any of us there. That included Marcus from Plentyoffish.
Remember that day and awkward moment? I sure do. Manners and professional courtesy are something you apparently have to work a little harder at, Robert.
So it's against FaceBook, against GMAIL but apparently fine with Scoble.
This is why we need ONE CENTRAL IDENTITY
I never put a halo on Facebook, but that wasn't the point of my post. No one at Facebook is going to find you on Facebook unless you have an account there, at best they have an email address as someone tried to add you as a friend. As you learned, you can disappear quite easily. No one at Google is going to find you on Gmail (beyond how you may appear in a To: field) unless you have a Gmail address. Plaxo knows my name, address, phone number, email address, and other information about me including who my friends are, and I have no control over that.
Why? In part because Plaxo built their business marketing themselves as a utility for data management. That's why you wanted to use it, and that's great...for you. But *think* about what you're feeding them and what that information in the wrong hands could mean. If Facebook turns ugly, everything that I brought to the table is in a small, walled garden. I hit the delete button and it's gone. That's my safety net.
I had absolutely no problem with Plaxo and was a Premium paid member until they introduced Pulse and their tone/direction changed. Spam should be the least of our worries.
I won't be comfortable with Plaxo until I have the option of completely removing all traces of my information from their servers, if I so choose. Facebook hits Gmail long enough to ask "are you a member?" and then gives you the *option* of asking your contacts "do you want to be a member?" Plaxo *retains* what they get about ME from their interactions with YOU, and that's what I don't like one bit.
No, I personally did not violate their terms of service, because I did not allow Facebook to import my Gmail contacts.
But, since it is a violation of Gmail's TOS, then it's up to them to enforce them.
Just because someone else does it, doesn't make it right when you do it.
Plaxo may also be sold in the future, and who knows what the future owners will do with all that data. Facebook on the other hand will never change corporate direction or ownership. I guess you'll just have to trust me on that one.
I so love me a good double standard...
Well, because when you created a FB account, you agreed to allow them to do that. Last I checked, I have the option of NOT doing that if I so choose. Clearly you failed to either read or comprehend the TOS in FB until you got your hand slapped. Now you are trying to justify your ignorance by making illogical arguments (most specifically the relativist fallacy). The issue is not about what GMail does or doesn't allow, nor is it about what you may choose to store in Outlook and how you choose to do that. The issue is you blatantly violating FB's TOS AND allow that data to be accessed by a third party company that your friends likely did not give you permission to do.
That fact that you SAY you didn't do anything with the information once you got it is also irrelevant, and really not the point. If I steal something then decide not to use it, that doesn't make the crime less punishable.
My data on Facebook is what I choose to share with my friends. I am the one that chooses who to add to my friends lists and WHAT data I share with them. Then I trust the FB will enforce their TOS when these friends violate it. FB's TOS make it clear they won't allow data scraping. By signing up I trust that they will enforce that term. Frankly I believe they violated their own TOS's when they allowed you back in when you clearly and willfully violated the agreement you made with them.
In #28 you say:
"Johan: OK, so you’re OK if I manually put your email into my Outlook or Gmail account from Facebook, right? Just because that didn’t technically break Facebook’s terms of service, is there really any difference there?"
You're mixing things here!
Now, we're not yet connected on FB (I'll send an invite right after this..). When we are connected I can choose what to share with you on FB. And I will select to share my email addresses with you. And you are free to put them in your address book (and if you put them in Plaxo you'll always have my latest updates - that's one thing I like with Plaxo!)
Personally I do not care how you get the email out of FB. But as I said in comment #23 - screen scraping is not allowed by FB (it has nothing to do with *me*) I am not that happy with the FB ToS either, but I use FB anyway...
And also, seems like John in comment #26 took way my second argument in comment #23. I will read up on the facts, but am willing to fold on th second argument. the 1st and 3rd still holds though...
So let's say I DDOS your site.
But I only did it to make a statement.
We're still cool, then, right?
As soon as you heard Plaxo was developing character recognition software to go against some very clear user preferences - since there's only one reason to display an e-mail as an image - you should've ran the other way. Flagrant disregard for implicit but obvious user wishes is a dick move.
Right, so, because inequality exists and we'll never be able to completely eradicate it, we should just give up on reducing it at all?
It's not even a slight inequality we're talking about. We're talking about Facebook screen-scraping millions of addresses out of Hotmail, Yahoo! Mail, and Gmail (in flagrant violation of each one's ToS), but Facebook yanking Scoble's account just for mere appearance of doing the same damn thing?
Facebook is brazenly HIJACKING 18-wheelers from Nabisco and Pepperidge Farm full of cookies, but throwing Scoble in detention because it sort of looked like he might have had his hand in the cookie jar?
And the appropriate response to this level of hypocrisy is, "Well, life's unfair, deal with it?"
Of course that would have gotten you much less attention, traffic and links, which is what I think was part of your plan all along.
How is that mind-reading thing working out for you?
If you are going to be an attention whore fine admit it up front don’t hide behind the guise of championing for the freedom of my data, when what you really are working for is feeding your ego and increasing your exposure above all else.
Wow, so Scoble's stated motivation was to get the contact data for his "friends" out of Facebook, but you, Professor Xavier, with your Magical Mind-Reading Powers, have informed us all that that was a complete lie and that he just wanted to "feed his ego" and "increase his exposure."
Jealous much?
As for attention whorishness, um, are you new here? Did you not notice this guy Scoble tends to live his life online?
Besides, if Scoble's an Attention Whore, what does that make you for paying attention and commenting several times? An Attention John? :-)
On Facebook, 90% of your friends are probably not really friends or people you know, right or wrong?
I'm sure the 10% don't mind their data they gave you heading off to another database like plaxo, since you could have done that directly. It's the other 90% that are your 'friends' that is the HUGE difference between what FB is doing and what you did with Plaxo.
On the other hand, it's also the fault of anyone friending people they don't know, which is not just you but also that 90%.
I don't blame you any more than the 4500 or so folks that aren't really your friends but still friended you. A smart man like you SHOULD however realize the difference between the two systems.
Imagine you and I went to school with Plaxo. You got on well with Plaxo but I thought they were a dick.
Facebook comes along and Plaxo adds people they know the names of. I get the request but ignore it because I thought they were a dick. You however add them because you got on well.
Plaxo is round yours one night and asks to use your facebook profile to check out my profile seeing as they can't see it. You say that's cool.
I wouldn't be happy about that because I refused that person friend request for a reason.
What you've done with their script is exactly the same. They've essentially logged in as you and checked out everyone's profile because they couldn't see it any other way. You could argue that it's fraud to a certain extent.
I'm all for open data but this is just a backward way of going about it. I'm glad I removed you from my friends list ages ago because there's no way I'd want my data anywhere near Plaxo. I'd much rather there was a way that Plaxo could send a request to retrieve my data on your behalf. That way I can click ignore. That would be the correct way of doing things. You've just assumed that if someone is your friend on Facebook then they'll happily be your friend on Plaxo. That's just shortsighted.
I am hoping that if I say this enough about Plaxo, Smarr will read it and come up with a better system.
People need to take a bit more personal responsibility. If you give any details to any-one, anytime, through any means, NOT just with the internet, or facebook, you have given your trust to that person to use that information responsibly.
If they don't, woops. But really, if it is a friend, moving it, whats the deal. When they move it, do the stop being a friend? Do they automajically change? So Robert decides to use Plaxo to store MORE than 5000 email contacts? that just proves 2 things
1. Facebooks limit is restrictive to (some) members
2. To stop scripts, and "Napkin" transfers, they need to make it EASY and controlled! (Ie. tell those involved if you like... "Robert Scoble has Hijacked your name and taken it to another, competing, profit-driven service..."... sorry)
To summarise, if you give you details to the phone company, the bank, the nieghbor... they will all pass on some details sometimes.
The question is why.
Is it to profit?
Is it to smam...
The issue is not portability, but control, and visibitily.
Make it easy, make it obvious, and inform those affected, (and in future inform up front of possibilities).
Robert, are we to assume that the e-mail address we provide you here at Scobleizer.com to post a comment is shared with other social networks?
What line do you draw with using someone else's personal information?
Further, I find it a ridiculous argument to say that you just used this data in a test account. Where does that account live? The data is stored somewhere, right? Are you involved in a formal relationship with Plaxo enough to ensure that this "test" account isn't going to roll your 5,000 bits of new data into the larger master database? Either man up and admit you have a formal relationship with Plaxo or agree that there are enough unknowns here that you've made a mistake in trusting them so implicitly.
The real issue in this discussion is one of context. The context of when and how I'm asking for my Gmail info (a practice I neither support or agree with, FYI), is one of limited use and specific purpose. The context of what this Plaxo script is doing is far more broad reaching. And given Plaxo's previous reputation (which adds to the context), who's to say that once they get out of beta they wouldn't extend the collection of data past name, email, birthday alone?
Context matters.
Adding to your personal address book is a different context than adding to the corporate database of a business known for spamming.
I'm not saying you should, necessarily, have gotten permission to do this, but I'm saying we all should start applying more common sense to the way we handle this implied trust inherent in the friending process.
Since you've given contradictory positions about what this whole debacle was based on (beta test and/or poke at FB), it's hard to know what your real motivations are here. But whether this was a beta test or some sort of civil disobedience, the fact remains, you made your 5,000+ FB contacts unwitting accomplices in that process.
Your arguments are wholly logical. Unfortunately, "privacy" is an emotive issue that makes people fearful and illogical. That said, looking at the rapid evolution of technology and society, there's only one way all this stuff is going to go—and that's the way you're going. So thanks for blazing the trail. : )
I think your alpha test should be compared to DVD-Jon's CSS code -- a concrete demonstration of the futility of trying to "encrypt past the intended recipient".
Fortunately I did not befriend you on Facebook, so I am not giving my data to Plaxo.
Oh s**t, I forgot I have an account on Plaxo... Let me go remove it right now.
Open you eyes, people!
It’s not even a slight inequality we’re talking about. We’re talking about Facebook screen-scraping millions of addresses out of Hotmail, Yahoo! Mail, and Gmail (in flagrant violation of each one’s ToS), but Facebook yanking Scoble’s account just for mere appearance of doing the same damn thing?"
Whether Scoble read them or not, or even understood them, he agreed to FB's TOX by creating an account. So, what FB does or doesn't do wrt to other systems is irrelevant to this issue. Scoble violated terms he agreed to.
On comments:
http://www.facebookobserver.com/facebook-news/b...
What makes the Plaxo script different?
With regards to data portability, you claim to have added 4200 (you have more now) one at a time and from the comment it seems this is the way to connect to others in social networks. Do you feel differently now?
I think a more fine grained permission/preferences thing would be an answer. There are standards for email (POP/IMAP), web (HTTP/HTTPS) and other things (FTP, TCP/IP, etc..), so maybe we need to come up with something for information sharing preferences or something? Someone write up and submit a new RFC on personal data sharing? I'm probably crazy though, nobody's gonna do that. :)
The point is not that Facebook's TOS was broken, nor if Plaxo is evil. The point is data portability, and breaking through walled gardens. Facebook and Plaxo just happened to be vehicles to drive the point home. Sometimes civil disobedience is a necesity for change.
The reality is that as soon as you hand somebody a business card or send somebody and email, your data is out there. Are you going to ask somebody if they use Plaxo or some other service when you hand them a business card?
My social graph should be portable between networks.
Why do I have to befriend everybody multiple times? Next, I should be able to add restictions on a user/friend level (call it DRM for friends if you like).
But first we need to break down these walled gardens, put up there for no other reason than power and control.
That would be because Facebook can't do that unless we give them our gmail details. By giving them our gmail details we are giving Facebook permission to import that data.
Facebook, on the other hand, have specifically *withheld* permission for you to pull data from Facebook in the way that you did.
What it all boils down to is you agreed to specific terms and conditions when joining Facebook. You did not abide by those terms and conditions. Everything else is red herrings.
Oh, and just because you can find a way around the terms and conditions ("write it manually, don't use a script, they'll never know") is beside the point, and reveals a lack of worrying lack of ethics.
Perhaps a little less trying-to-beat-the-system and a little more playing by the rules is in order.
But your explicit action is really no different than anyone that adds any third party application to FB. That application can access your entire friends list even if those people did not add that application.
This is an interesting dilemma since now I not only have to trust FB, but I have to trust all my friends with my profile data.
PS> Plaxo cannot access the email information from FB (look at the API), but they can get enough data to make the matching to existing contacts pretty easy.
http://developers.facebook.com/documentation.ph...
Is it then my moral responsibility to turn off "See My Friends" to *all* users on FB? Currently I have it as "Anyone can see my friends".
You and I can be friends, but you can't see my friends list because I can't really trust you to use that data in the same way I would.
This has a big impact on how people use the service since that's how you find your other friends.
Great! Nice can of worms you've opened here. :-)
Strange, here's what she was saying about Plaxo just a few months ago:
"The idea behind the new Plaxo is that it can serve as the 'hub' of your calendar and contact data. If you have your contact and calendar data in multiple locations this is welcome relief. As web workers who deal with many different people using many different systems, it’s not uncommon for us to have calendar and contact data in bits & pieces everywhere. Plaxo helps bring it all together."
Her full post on Web Worker Daily is here:
http://webworkerdaily.com/2007/06/25/hands-on-w...
"LinkedIn: For Premium Subscribers only. One-way sync of contacts, with only the ability to add LinkedIn contacts to Plaxo, not the other way around. The sync is also manual, which means you have to remember to initiate a sync. There’s some competition between these two services, so limitations shouldn’t be surprising."
Hmmmmmmmmmmmmmmm.
http://scobleizer.com/2008/01/05/plaxo-the-soci...
I've been following this whole mess for a couple of days, and it really is a BIG MESS. My take on this for you and all your readers is best explained on "Utah Tech Watch" at http://www.utahtechwatch.com/industry/who-owns-....
For Zuckerberg and Facebook, my advice is that they need better public relations counsel, as I wrote on TheBettyFactor.com at http://www.thebettyfactor.com/2008/01/05/advice....
Good luck, Robert. Hope to see you at CES.
Dave Politis
As one of your Facebook "Friends" I followed what you were into, emailed once and awhile and hope you found something I linked to or posted of interest. What I did not do is give you permission to post my email address or personal information to a third party site. It really doesn't matter what Facebook does or does not do with my information as I have given them permission by agreeing to their Terms of Service, that is a none point. It really doesn't matter if there are other tools for doing the same task, the tool is not the issue, the issue was your call to basically crawl Facebook for Plaxo and provide Plaxo with 5,000 valid email addresses.
You say you wanted to push Facebook's buttons so you ran a script to export information Facebook deems their property and gave it to a third party. Did you run any such script while at Microsoft and provide thousands, millions of email addresses of Microsoft customers to a third party? Of course not because you knew 1) Microsoft would have canned you and likely taking you to court, 2) you considered that information the property of Microsoft, 3) you just knew it was wrong. What's the differnece?
I follow your Blog, checked out things you did on Facebook, watched for your name in the news or other Blog post and still will but we will have to agree to disagree on this one, you were wrong.
Then you introduced Pulse and switched focus to social networking. And now it's not about my contact list as an easy way of getting at phone numbers, it's about the friends of the friends and connections in my contact list. All well and good, but that isn't what I signed up for.
As I said a few minutes ago in a reply to your comment on my blog:
"You can’t be an 'address book service' when it’s convenient, and a social network the rest of the time without drawing these kinds of questions.
And since you are for sale, you should be very clear about the data you have and the connections you’ve built (and are capable of building) with the profiles of non-members. Your privacy policy says what you won’t do. I want to know what you have and can do, but don’t because you’re ethical. Your buyer may not be.
An address book service is putting pebbles inside a black cup. A social network is putting pebbles into a clear bowl. Which is it? It’s my position that you can’t have it both ways."
That's the difference.
http://www.plaxo.com/privacy
The question of what happens to your data if the company is sold is answered here:
http://www.plaxo.com/privacy/q_and_a#q7
Personally I trust them - their privacy policy is one of the best in the industry. They put the user first in almost every area - asserting that ownership of the contact data you add to their system
is yours, and they will never do anything with it without first notifying you in advance to give you the chance to opt-out.
I'm glad Plaxo will notify members before the company is sold. Will they also send notice to everyone I added to my contact list? To the folks that Robert scraped from Facebook into his test account? While you can ask to be removed from a member's address book, can you ask to be removed from ALL member address books?
I'm not saying that I think the answers to these questions are negative. I'm saying these are questions that should have been asked and answered before running a "push Facebook's buttons" script loose on 5,000 of your "friends."
I agree he violated Facebook's ToS (if you assume that the Plaxo program qualifies as a "script"); I agree two wrongs don't make a right. BUT...
All Scoble was doing to Facebook was what Facebook constantly does to others. In that sense, he is doing several things: pointing out a MASSIVE hypocrisy on Facebook's part, for one. Making it clear that Facebook's idea of customer service is to kick your ass to the curb and ask questions later, for another. Making folks think, and getting people to discuss the issues involved, for another.
In some ways, what Scoble did was analogous to civil disobedience. In civil disobedience, people EXPECT to be arrested, because they are breaking some minor law (in a non-violent way) in order to bring the public's attention to some OTHER wrong that is FAR, FAR GREATER.
In this case, Scoble has brought our attention to the fact that Facebook is a MASSIVE hypocrite: it constantly screen-scrapes email addresses from other email services, but doesn't allow YOU to do the same to Facebook. He has also brought to our attention their stellar "shoot first, ask questions later" customer service. And he's making a lot of people think about how dependent they are on the services they use.
Write or wrong, FB doesn't allow it. LinkedIn does. The point is the blatant violation of the FB TOS. If I were Plaxo and I really wanted to mine the FB directory, I would have reached out to FB and proposed a service to them that was a win/win so everyone could be up front about what was happening.
I would have been inclined to almost buy into your "power to the people" theory if not for what Lisa @61 above points out. It appears Scoble is being a hypocrite. He didn't agree with it then. My guess is because he couldn't figure out how to do it himself so he came out against it. Now that someone ELSE provided him a tool for a product he's shilled for in the past, he's fine with it.
To be honest ... I like the corner. I like knowing that my data is a (or at least should be) a one-way street. I *choose* to put it in there. FB is doing the right thing detecting and enforcing that someone was running a script. I know all bets are off when I add a third-party FB application, which is why I don't add them. Nothing. Not one. I only use FB sanctioned apps which live under the FB TOS and privacy policy. Your mileage may vary.
As I've mentioned to friend, I think the solution is to support multi-tiered privacy in addition to the fine-grained privacy that FB offers.
Let's say (back of the napkin):
Level 1 - I won't share anything about you. Promise.
Level 2 - I may share your status, hobbies, movies, etc.
Level 3 - I may share your name, gender, age and general geography.
Level 4 - I may share your phone numbers, home address or email.
Level 5 - I don't promise anything. Give me your info at your own risk.
For example, "Only share [this data] with friends that offer privacy level 2 or less" where N is some gradient of assurance/promise. The platform should enforce no one gets what they shouldn't. It's privacy policies on a relationship-by-relationship basis.
In this case, Robert was Level 5.
That way, of the 5000 FB friend of Scoble only a lazy or care-free subset could have their data exported.
Thoughts?
Its like mini-me: I, me, Mine.. implemented, especially keeping in mind American sensibilities around privacy and private data etc.
I just somehow, dont understand why: people enter Gmail and other userid and password data on such sites !
Anyway, we would be launching mine-me ( I, Me, Mine) stuff --> Robert Scolbe calls it DRM for profile data.. Cool..
ciao
ajay
You know, back in the day, a lot of people put King, Jackson & Sharpton in the same bucket. Though we have a holiday for MLK now.
I do not know what you mean by "concerned more about visiblity." Doesn't knowing his true "concerns" involve the ability to read his mind? Scoble says he just wants to try out this Plaxo program, but you (being able to read minds) know that his real motivation is "visibility," whatever that means.
We can guess at his "real" motivation all day long, but you can only reasonably discuss what he actually did and said.
And in the end, what does it matter anyway? Did Scoble, King, Jackson or Sharpton do everything they did because, deep down inside, they were all attention whores? The motivation doesn't matter quite so much as the acts themselves. Besides, half the time people don't know their OWN motivations!
The other half of the time they project their own motivations onto others. ;-)
I would have been inclined to almost buy into your “power to the people” theory if not for what Lisa @61 above points out. It appears Scoble is being a hypocrite. He didn’t agree with it then.
:-) It doesn't look like he's being a hypocrite to me, because they're two different issues.
The story Scoble commented on (mentioned by Lisa @ 61) was about a guy who took 4,600 addresses out of Gmail, and MASS E-MAILED ALL 4,600 ADDRESSES with invitations to join Facebook.
Scoble left a comment calling that "spam behavior." Presumably because it is. :-) If AOL or Comcast sees several hundred messages dumped on their doorstep by a Facebook mail server, Facebook might end up on a spam/UCE blacklist.
Sending unsolicited email to 4,600 people isn't the same thing as harvesting 5,000 email addresses. They're totally different things. You can be against sending email to 5,000 people while being in favor of being able to collect 5,000 email addresses. One involves annoying people and the other doesn't. :-)
Remember, Facebook is one in power here: they're the ones with the 15 billion dollar valuation, they're the ones "erasing" people without so much as a WARNING, they're the ones sponsoring Presidential Debates in New Hampshire. We're just the people. So yeah, power to the PEOPLE, baby! Can you dig it? :-)
Another way to interpret what he is saying is that I have to explicitly set it for each friend. This doesn't scale, especially for 5000 friends.
The level proposal is a general agreement in principle. Of course, is someone is scum, they will say "I share nothing" when, in fact, they will.
Trust.
"Hypocrisy is the act of condemning another person for an act of which the critic is guilty."
http://en.wikipedia.org/wiki/Hypocrite
Facebook condemns you for screen scraping email addresses. Yet they screen-scrape email addresses every day, from Gmail, Hotmail, and Yahoo! Mail, in violation of Terms of Service. Facebook = hypocrite.
I like knowing that my data is a (or at least should be) a one-way street. I *choose* to put it in there. FB is doing the right thing detecting and enforcing that someone was running a script.
You know, I could almost buy the "Facebook as Protector and Guardian of Your Data" thing if it weren't for Facebook Beacon. Obviously they're only interested in protecting your privacy to the extent it doesn't interfere with them turning a buck.
People seem to have mixed up expectations. It should be utterly obvious that the 'FAN ONLY' permission type Robert mentions does not exist at the moment - so why expect that to be honored?
"You know, back in the day, a lot of people put King, Jackson & Sharpton in the same bucket. Though we have a holiday for MLK now."
And there's a reason we don't have a Jackson or Sharpton holiday. At one time I'm sure Jackson was a true supported of MLK, given he was there the day King was shot. But then he saw he could make a lot of money preying off of perceived racism. But...we digress.
"I do not know what you mean by “concerned more about visiblity.” Doesn’t knowing his true “concerns” involve the ability to read his mind? Scoble says he just wants to try out this Plaxo program, but you (being able to read minds) know that his real motivation is “visibility,” whatever that means."
True I cannot read his mind. I can only go by his actions. I'm sure there is some reason he didn't want to handle this privately and not tell the world what happened. Just like Jackson never does much behind the scenes
"The story Scoble commented on (mentioned by Lisa @ 61) was about a guy who took 4,600 addresses out of Gmail, and MASS E-MAILED ALL 4,600 ADDRESSES with invitations to join Facebook.
Scoble left a comment calling that “spam behavior.” Presumably because it is. :-) If AOL or Comcast sees several hundred messages dumped on their doorstep by a Facebook mail server, Facebook might end up on a spam/UCE blacklist.
Sending unsolicited email to 4,600 people isn’t the same thing as harvesting 5,000 email addresses. They’re totally different things. You can be against sending email to 5,000 people while being in favor of being able to collect 5,000 email addresses. One involves annoying people and the other doesn’t. :-)"
True. But had he not gotten caught and his hand slapped, we have no idea what Plaxo would have done with the data. But, given their past history....... True, Scoble says "he didn't do anything the data", but we will never know for sure.
"Remember, Facebook is one in power here: they’re the ones with the 15 billion dollar valuation, they’re the ones “erasing” people without so much as a WARNING, they’re the ones sponsoring Presidential Debates in New Hampshire. We’re just the people. So yeah, power to the PEOPLE, baby! Can you dig it? :-)"
This again is the two wrongs make a right illogical argument. You do understand the concept of "participate volunaritly"?. Facebook users signed up for this when they created an account. Shame on them for finding out later how one sided their TOC's are. Do I agree with them? No. But, they are really not all that different than other types of FREE services. The user assumes all the risk. Until you start paying money, that's pretty much how it is. Users agreed to these terms when they signed up. Facebook will only change them if they can still legally protect themselves.
2Pad was developed by 3 French entrepreneurs as the only private photo and sharing service. Using the latest in web technology, such as Ajax, 2Pad allows you to privately share your media from your personal gallery.
Simply start by sending your media via email to 2pad@2pad.com and 2Pad automatically creates your personal gallery. We would love you to test it out and send us feedback!
Thanks!
Susi and the 2Pad Team.
People signed up for Facebook and made you a "friend". They didn't give you permission to fold, spindle, and mutilate their personal information via non-Facebook systems, spam them, drop by their RL residence uninvited, or stalk them.
Your actions are one of the reasons people point out as the evils of social networking.
I've never read a TOS that involved paying money that promised me anything more than a refund if the product failed to perform (and even then the costs associated with getting that refund seem to exceed the refund amount).
The issue here involving TOSs is an ethical one, not a legal one. As far as I can see, nobody has broken any laws.
It seems clear that there are Facebook users here so rabid that they can't conceive of the company being wrong about anything. Considering their recent and documented excesses, this is quite impressive. You can indeed fool some of the people all of the time. But we already knew that.
I'm starting to think that Google was very lucky to not have gotten involved with this company.
I feel sorry for some of my friends who have given out so much information on themselves via Facebook to companies that they know nothing about, in exchange for being able to throw virtual sheep or food items at one another.
I read one post above from someone who had never installed a single Facebook app. There must be very few people in that category. The Facebook apps are hardly a replacement for e-mail, photo sharing, blogging or dozens of other things people do on the Internet. Facebook is in the cat-bird-seat, collecting all the profitable information about their users and leaving the heavy lifting to companies and individuals all over the world, in many cases way out of reach of our legal system.
The people who have used some of these apps are going to need something like Plaxo, because there will be a flurry of e-mail address changes in the next couple of years as all of this information gets out and the old addresses become unusable.
#41: You got the hypocrisy right. You need more typos in your message though. It's getting really hard to believe that Facebook started out with an exclusive college user base. A bit scary too.
"The issue here involving TOSs is an ethical one, not a legal one. As far as I can see, nobody has broken any laws."
No, it IS a legal one. There's civil and criminal law. This has to do with civil law, which more often than not doesn't involve law breaking. The user, when signing up, is given adequate opportunity to read and view the TOS, and also has to AGREE to them. Basic contract law 101.
"I’ve never read a TOS that involved paying money that promised me anything more than a refund if the product failed to perform (and even then the costs associated with getting that refund seem to exceed the refund amount)."
I find that difficult if not outright impossible to believe. If you've ever opened a box of software you've agreed to similar Terms of Use, also known an End User License Agreement. If you've ever downloaded beta software you've agree to similar terms of use; particularly in the are of indemnity and the company's responsibility for your data when using your software. My guess is, you've agree to similar types of TOS's. Whether you actually read them or not is another question.
First, as long as people disagree on who owns PII (Personally Identifiable Information), there will always be disagreements over privacy. To me, it's very clear - any PII data I possess through legitimate means, is my information. It may be information about me, my pet, my family, or my acquaintances... but the information is still my information... and I may do with that information whatever is legally permissible.
If I post my information (or a subset) someplace where others can access it and read it... the source is still my information, but if others make a legitimate copy of the data, then that copy is now THEIR information. There is no copyright protection for contact details. If I don't want others to have it, I should take better care when posting. By posting information in a public place, I should have full understanding of the possible implications.
People are free to use their information as is legally permissible. Different countries may have different types of restrictions and laws when it comes to PII. But there is no country I'm aware of that prohibits the possession and storage of PII for personal purposes. Furthermore, there is no country that requires permission from the data subject in order for a data owner to posses and store PII information for personal purposes. Thank goodness for this, cause imagine the lunacy of requiring permission from the data subject everytime you wished to save their Name, email address, or phone number.
In Scoble's case, my understanding is he had legitimate access to the information and therefore has the ability to make the information his own. TOS issues aside, whether he writes the information down on his own, or uses some other tool, it's simply a matter of degree and effort. I think it's a stretch to describe's FB's TOS prohibiting automated screen scraping as an effort to protect members' privacy. FB already protect's members' privacy by prohibiting unauthorized access to members' information, regardless of what mechanism is used. Specifically prohibiting automated tools is more likely to protect the service from service attacks as well as maintain vendor lock-in, which I think is partially Scoble's point.
But one thing I do appreciate is FB statement regarding data ownership: Facebook doesn't own a member's data - the member does. This was one of the main principles we established at Plaxo and I'm happy to see other services have picked up on this as well. While I was at Plaxo, the basic privacy principles we established were: the member owns their information and decides who will have access to it; the member maintains ownership of their data at all times, even if the company is sold or merged, and the member can add, delete, or modify their information at any time. Read the privacy policy of other popular services, you'd be surprised how many of them service DON'T state this. Does this mean that THEY own their user's data??? It's scary.