Robert Scoble and Plaxo: Data Thieves

Update: And if done in the EU we’d ave you mate.

Update again:Jeremiah is now allowing people to direct questions to Plaxo via his blog. Well done to him. Let’s see how they react to probing questions

Update: Jeremiah basically gave Plaxo a free pulpit where they tried to justify their actions using a smokescreen about a “Data Trust”. Total and utter bollox. Looks like they are going to roll this out and are unrepentent.

We’re going to have a conversation with Facebook (that is starting now) and will roll this feature out.

There’s a minor, gnat on a rhino’s arse issue going on around the tech blogger and twitter communities at the moment about data and Facebook. It will not change the world or unsteady it. If you are bored by this (and you should be) I’d suggest you skip this post. If you’re hardcore tech gossip nerd, then read on.

I really do like Robert Scoble and I don’t think he is malicious or someone with criminal intent. Saying that, I do think what he did today is very wrong.

So to begin: A while back Robert Scoble friended anyone on Facebook that wanted to be his friend, like he still does on Twitter. It was the in-thing that all the coolnerd kids did for a while – Friend the Scobleizer. Grand I suppose. Trouble is that the Facebook API allows any application to access the data of people I’m connected to. It can suck down their name, date of birth and other bits and pieces but NOT email address.

But then Robert decided he’d use a new unreleased tool from Plaxo to get the data on all 5000 people connected to him AND their email addresses too. Name, location, date of birth, full contact details. Alarm bells yet? Facebook’s security through obscurity meant I had limited protection if data identity thieves wanted to get my details. But now Robert has an automated tool that took disparate information and combined them. While many are happy for their data to be scattered about the place, it is through technnology and aggregation that all these pieces which were once scattered or loose are now firmly joined. This issue is about how weak identity it, but it is also about the fact that this is simply data theft in my view and Robert Scoble, a guy I have a lot of respect for is the one with the crowbar coming into my world taking things I stored on Facebook without permission. Robert broke into Facebook to get information he was not allowed.

I gave Facebook permission to store my data, I give it to Google. They give me some lightweight guarantees that they’ll be careful with it. Plaxo and I are not friends and they have not asked to hold or transport or fondle my data. Robert gets rewarded in ways with our friendship by being able to access data but this doesn’t mean I wanted him to harvest it. I’m ok with some of this information being exported but en masse? People are talking about this being a gambit for Data Portability. That’s utter bollox. That’s a smokescreen. You can campaign for data portability without stealing. You can tell me my identity is not secure without accessing my bank account. This is not some proof of concept on how insecure Facebook is either. This was a commercial move by Plaxo. If Google did this or Microsoft they’re be war.

I’d like to know what Robert is doing with my contact data and what Plaxo is also doing it it and what they are doing with the other 4,999 names, addresses, phone numbers, dates of birth and email addresses. I really hope they destroyed it right away. I’d also like to know whether Facebook will notify authorities about my data being stolen from them and see are there better ways to protect the data I invested in them?

I agree 100% at what Nick Carr said today too. Dare to a degree too.

2500 people have subscribed to my website instead of coming back each day. You can subscribe to the site using a feedreader or email. I'm also on Twitter. My online marketing blog might also be worth a visit. Thanks for visiting - Damien.

26 Responses to “Robert Scoble and Plaxo: Data Thieves”

  1. Alexia says:

    I disagree that bored folks should skip this post and that only hard-core tech gossip nerds should read it. Everyone with a Facebook account should at least scan through this post, even just to get the gist of how identity theft can be executed so fast and easily from a social network site.

  2. Alexia says:

    social networking* site, even :)

  3. Damien says:

    Will your comment only be seen with those bothered to read through AND then read the comments? :)

  4. Alexia says:

    Yeah – those people. :) I’m the sound of one hand clapping. It still doesn’t take from the weight of my comment though.

  5. [...] Damien has written a good post on this and seems to think that  think that only tech nerds and people who aren’t bored by the the post should skip it. I differ. Everyone with a Facebook account should be aware of how easy it is for someone with a scraper tool to kick it off against a social network and harvest off member data for their own nefarious reasons. Check out Paul’s take on the situ too. [...]

  6. [...] Winer pitches in but he misses the point. Its not Scoble’s data, as Damien says more cogently than [...]

  7. Ina says:

    Damien

    Do people realise the amount of social network analysis you can do on Facebook?
    Ego networks are the way forward.

    Ina

  8. Ina says:

    These companies are there for profit.
    Unbelievable that so much information is offered up by so many for nothing and then these companies sell their databases of information what do people expect when you give all these companies information about yourself?

  9. Alexia says:

    * Pushes Damien down and jumps in *

    @Ina: I thought ego networks were social networks. :) All companies are there for profit. Point me to a company that isn’t there for profit, and I’ll point to you a crock of fools. They’re not companies, they are charities.

    There’s nothing in this story about selling of databases of information. There’s the potential, but no evidence of selling information. This is about the easy harvesting of information against the TOS of a company holding that same information.

  10. [...] has been no lack of commentary [ Mulley | Alexia | Nick | Dare ] on Robert Scoble’s use of an unreleased data scraper tool to mine [...]

  11. [...] In short, Scoble took copies of 5000 identities using an automated script from those Plaxo folk. Damien says: I gave Facebook permission to store my data, I give it to Google. They give me some lightweight [...]

  12. Anthony says:

    Surely users give their data over in the context of how it’s to be used. I scatter bits around Twitter, my blog, Facebook, Bebo etc but harvesting it all together is different. It never becomes the group owners data or my friends data it should always be mine.

  13. Segala says:

    Cancel your Plaxo account if you care about privacy…

    I wrote a blog post earlier today about Facebook disabling Robert Scoble’s account for attempting to extract his contacts’ information using a script.
    Since writing my post and conversing with what felt like the universe on Twitter about the ma…

  14. Anonymoose says:

    Is it really ‘theft’ if you make your information freely available?
    It’s up to you to be careful about what information you make available about yourself online.
    This ‘theft’ has been possible to do by hand, now the process has just been automated.
    I hope people with 100s of friends on facebook don’t do the same.

  15. Damien
    thanks for the link, this is not a free pulpit to Plaxo, I was trying to show a part of the story that had not been told.

    Originally when I posted it, I didn’t include my opinion, (I’m not saying anything that hasn’t been said by many others) but after your suggestions, I did. You’ll find that I’m pretty much not in agreement with what happened, as I believe in a social contract where I need consent where my information is going to be used and know how it’s going to be used.

    I hope you consider my point of view and the intentions of why I wrote this post.

    Either way, your opinion is important to me (as I see mine is to you) and we’ll set the bar there going forward.

    Thanks for your honesty.

  16. Thank you for updating the post, I’ve sent an email to Plaxo specifically linking to the post and had your questions embedded in the email.

    Wow, you’re a tough interviewer!

  17. Great stuff Damien.

    Trying to do my bit, this side of the channel too. It’s pissing me right off. So much for Open Social!

  18. Paul Walsh says:

    @Jeremiah the fact that you said you thought Plaxo and Robert were both wrong, was good enough for me. You don’t have to be as harsh with your wording as me – it amounts to the same thing.

  19. [...] that be acceptable? No. Damien Mulley has it right. It could be considered data [...]

  20. Ina says:

    Alexia agreed.
    However social networking is in the very early stages of evolution.There is plenty of scope for the development of new networks.Ego networks are more personalised types of networks yet to evolve based on the needs of the individual/ego involved. It is good for information to be decentralised. Different types of networks will be needed according to the individuals requirement.Networks of quality over quantity.Data should be portable and flexible not restricted to one site and one app.Its very easy to harvest information once it is centralised.

  21. Alexia says:

    I beg to differ on social networking being in the ” very early stages of evolution”. Social networking has always been in the comms habitat back to the very first bulletin boards. And for the record, the first was over 30 years ago. The year was 1973, the place – a record store in Berkley, CA. It may not have the bells, whistles and vampire apps that we are all accustomed to on Facebook, but it was social networking. Conversation around a social object.

    However, I believe you are missing the point here, Ina. You see – social networking doesn’t really fit into little, tidy boxes of profiles and throwing sheep. You see what we are doing here? Commenting and responding on Damien’s space. This is the core of social networking. We are hankering close around a social object. This post. And socialising. That’s the point.

    New networks? But don’t these networks really just instansiate the actions of the old networks around a new social object.

    Data portability at who’s benefit? Have you investigated Plaxo in this example to see what they have done in the past?

    And do you really think that have data decentralised makes a jot of difference to an entity that really wants to harvest your data? Having personal collateral in different places actually increases the amount of data sitting there, waiting to be harvested. Look at the checks and balences added to further secure your identity. Mother’s maiden name, cat’s name, first car. Home address. Likes. Dislikes. Having this data in many spots, duplicated simply reinforces the truth of a harvested identity. Indeed, it’s a more scary proposition.

  22. Paul Walsh says:

    @Ina – are you saying you want that information to be easily harvested?

  23. [...] weren’t enough, we have Famous-For-Nerds Robert Scoble trying out an automatic Data scoop, collecting personal information from members’ profiles for his own [...]

  24. Johnny says:

    I just read on ENN that Plaxo is up for sale.

    From ENN:

    Finally, social networking site Plaxo is reportedly up for sale. The New York Times is claiming that Plaxo has hired Revolution Partners to take charge of an auction that it hopes will yield as much as USD100 million. The site has over 15 million registered users and has taken USD20 million in funding to date from backers including Sequoia Capital and DAG Ventures. As of late, it has been overtaken by more popular social networking sites such as Facebook.

  25. Evert Bopp says:

    Maybe now the people who start “friend-ing” others in every next-big-thing network learn to be a bit more selective.
    If you do not want someone to have access to this info you should not be so eager to list him/her as a friend…
    In the end it is you that is responsible for your data security.

    E.