Get documents about "social applications.pub - Halte au Spam
Document Sample
Contributions - Reflections
Paris, November 3rd 2003
Do social applications pose a threat?
By Frederic Aoun & Bruno Rasle, co-authors of the book “Halte au Spam” (éditions Eyrolles)
This contribution was presented at the “Spam Forum Paris” event, held on November 3rd 2003
France is no longer spared by the Plaxo1 phenome- The creator of a French start-up declares: “Plaxo is a
non – the most representative application of a new killer application for me. I have gathered more than 2,600
breed of cooperative applications. Keeping an up- contacts in the last few years. Plaxo allowed me to update my
to-date address book, without too much effort is a entire base in less than a week! It’s fabulous!”It is quite
dream to most e-mail users. Plaxo contacts, by the common to find quotes praising the application on
start-up with the same name, solves the matter. The related discussion forums: “Great Product. I have been
tool automatically syncs and updates Outlook ad- looking for something to keep my contact list up to date on
Social applications are in dress books. Its impressive success can be attributed both my computer at home and at work. This product is
vogue. This type of softwa- to its viral marketing distribution scheme as well for fantastic. I highly recommend it. Best of all it is free.”
re is based on human rela- it being free of charge. Upon installation of the
plug-in, selected address books are duplicated and Based in Mountain View, Plaxo is a typical Califor-
tionships. Some examples uploaded to servers at the California-based com- nia star-up. Around twenty employees are under the
are Plaxo’s service (allows pany. Emails are then sent to all selected contacts management of 23 year old Sean Parker2. The young
for automatic updates of asking them to correct and update their informa- CEO comes from the Napster team. After manag-
Outlook address books) tion. The update request messages (figure 1) can be ing to leverage 2 million dollars on the first round
and Friendster (get to know partially custom- of financing last year, the company has raised an
your friends’ friends). Their ized. Responses are
impressive success can be then automatically
attributed to their viral mar- processed in order
to update users’
keting distribution scheme
address books.
as well for being free of Users may also
charge. visualize their con-
tacts over the Inter-
However, these applica- net via a web inter-
tions worry antispam devo- face.
tees. Are these fears justi- Users who have
fied? adopted Plaxo will
be called
The objective of this docu- “sponsors” along
ment is to shed some light this document. His
on the way these applica- correspondents,
tions function and help who appear as con-
tacts in his address
consumers make their choi-
book, will be re-
ces. ferred to as
“sponsorees”.
Sponsorees that
have decided to use
the application are
said to have
“converted”.
Plaxo Contacts
brings a simple
solution to a com-
plex problem. Ac-
cording to the com-
pany, studies
showed that in the United States, a third of email Figure 1: Update email sent by Plaxo to sponsorees on behalf
addresses changed every year. Users unanimously of the sponsor. Most of the text is in English and cannot be
praise the application’s ergonomics and stability. translated into French.
Frederic Aoun & Bruno Rasle (www.halte-au-spam.com)
Page 2
additional $8.5 million this summer. Expenses are limited to the mini-
mum: no advertising costs are incurred since the tool is promoted
virally by its adopters. Plaxo does not expect any short or mid term jean
revenues, its model has failed many times: conquer a client base with a
free offering and then try to make companies pay for the service. Will
they be able to pull it right this time? Only a few competitors are to be
found on the market niche, among them: GoodContacts and Addres- marie
Sender.
“There is no free lunch”
But what is the economic model of a company that vows to keep Plaxo
Contacts free of charge and plans to propose a pay-for feature-enriched
“business edition” of the tool? In such a case the free version would john
have permitted to validate the development as well as to capture inves- bernard
tors’ attention. The company has also announced a revenue source
from the sale of demographic data. Does this refer to ongoing research ana maria
mitsuko
on the theory of “six degrees of separation3”? Data mining analysis of
Plaxo’s base could partially answer many questions: How does informa- Figure 2: This diagram illustrates social networks managed by Plaxo. Users of
tion flow among a decentralized network, and in particular viruses? Can the application are shown in red (sponsors and converted users).
social relations on the Internet be charted? How do these relations
evolve in time? It seems that several ongoing research projects at US
universities may be more suitable to find answers to these questions. which a telephone number was judged to be nominative data since it allows for
the identification of its subscriber.” Thus every address database holder
The number of contacts held by Plaxo is undisclosed, but the growth
is obliged to declare its lists to the French privacy authority
rate, according to one of Plaxo’s officers, is said to be exponential. The
lack of clarity of the business model was blatant during the launch of (CNIL) and respect a number of constraints. Particularly, indivi-
the service in November 2002. Plaxo’s founder would then dismiss all duals must be informed – at the time of data collection – of the
questions with the same answer: “We think one of the most clever aspects of eventuality of a sale or transfer of the database to a third party.
what we're doing is the business model, but right now we're talking exclusively about This potential transfer must have also been declared to the privacy
the product launch, not about the business model!” Doc Searls, senior editor at authority. Furthermore, a 1995 directive specifies that the sale of
Linux Journal4 was not convinced: “If they won't explain how they personal information can only be performed if individuals are
intend to make money, one can only assume they intend to spend it," previously informed of that eventuality and are given the possibili-
Searls said. “The product looks like a new way to hire a company to annoy your ty to oppose it in a simple and free-of-charge-manner. For the
friends. It feels like spam. It's annoying, and I don't think there's a viable plan specific case of database export to a foreign state, specific res-
here.” Judging by the amount of candidates that rushed to the last fi-
traints exist on a per-country basis (for the US, the European
nancing round5 it is likely that Plaxo was more articulate about its busi-
ness model then. Union has settled that companies which comply with the “safe
harbour6” initiative ensure an adequate level of data protection).
Even in case Plaxo’s commitments are held, a few common sense This been said, the recent position of the French privacy authority7
questions may be asked: regarding the transfer of US-bound passenger data to the US cus-
Can messages addressed to sponsorees be considered as spam? toms service is interesting. In addition of violating French law’s
Even under the light of the endless list of spam definitions it is principle of “diversion of objectives in data processing”, since the
difficult to see the service’s update messages as such: the recipient’s data was initially collected for commercial purposes and not for
address was collected in respect with French law by the sponsor. security ones, the French authority has expressed doubts over the
The message is sent in a transparent manner without forged hea- level of privacy protection under which the data will be treated by
ders. Recipients can easily refuse/return/filter such messages and the American authorities.
may request their personal data to be erased from the sponsor’s But can an Outlook address book be considered as a personal
database. Furthermore, update requests are personalized and sent information database – and therefore subject to declaration to the
in limited numbers. privacy authority? This suggestion may sound ridiculous for the
Are these practices in accordance with US law? The opposite address book of an individual with a couple dozen addresses, com-
would be surprising. The fact that the service is limited to users posed mostly of friends and family. What about for the case of
older than 13 is an indication that Plaxo has taken legal precau- professionals who manage address books of several hundred
tions. In February 2003 two American companies were sentenced contacts? French privacy law was amended in 1995 in order to
to $85,000 and $100,000 fines by the FTC for not respecting take under consideration technological progress, in particular the
COPPA’s (Children’s Online Privacy Protection Act) guidelines. widespread use of electronic mail. Personal address books were
excluded from the scope of the law. However, we have intervie-
Does the service respect French laws and in particular 1978’s wed French Plaxo users who manage several thousand addresses-
“Informatique et Libertés” legislation? Electronic addresses are long contact books – mostly professional contacts. Are these users
considered as personal data in France. On this precise question the abiding by law? Only jurisprudence will tell.
CNIL (French equivalent to the FTC) specifies: “The commission
recurrently considers an email address to be nominative data, in a direct man- In addition, the approach is not at all in accordance with the
ner if means of identification appear on the address, or indirectly since an email French privacy authority’s opinion on sponsorship-based data
address is always attributed (or read by) to a physical person. This position collection. On its last report8, the commission recalls that Internet
was strengthened by the 1992 ruling by BREY’s correctional tribunal in users who wish to act as sponsors are to “get prior consent from
Frederic Aoun & Bruno Rasle (www.halte-au-spam.com)
Page 3
their sponsorees, before their personal data is communicated to a
company with which they have no relationship”. Belgium decided
in March 2003 to forbid sponsorship altogether.
Since Plaxo states to not use its database in order to send promo-
tional mails, its procedures should not infringe on the future Euro-
pean antispam law. Plaxo’s founder replied to an attack regarding
this particular point in June 2003: “we are a software/services company,
not a direct marketing company. In fact, the raw contact data that passes
through our system without associated behavioural data is pretty worthless to Plaxo Inc.
marketers. If we were in the business of selling this kind of data then we would
not have a business at all. In case your readers are still not convinced I urge sniff
TP
S
them to head down to their local software retailer where they can pick up a few
TP
SM
HT
million addresses on CDROM for around $30.” Does Mr Parker Spammer
confuse spammers and direct marketing professionals? In any case
the response we got from Plaxo was very clear: “We do not sell or
exchange anyone’s contact information with third parties, and we believe very
strongly in protecting the privacy rights of our users and non-users alike.”
There’s also the language problem. Not all French Internet users Sponsor
master English. It is not easy for them to clearly understand nei- Sponsoree
ther how the service works nor its potential risks.
Sponsoree
How about if we now loose ourselves to paranoia, what are the
potential dangers? Figure 3: Potential risk of personal data being sniffed by a spammer.
• The company’s commitments are not held – which we can-
not imagine The dialog between Plaxo’s plug-in and the central server is
sent using HTTPS. This encryption avoids data being snif-
• Spammers gain access to the database one way or another. It fed by middlemen. However, when a sponsor decides to
is difficult to not think about Microsoft’s Passport9 recent launch an update of his “unconverted” contacts, emails are
security flaw. Without doubt, Plaxo’s base must constitute a sent using regular SMTP (unencrypted). A spammer or a
premium target for spammers all over the world. The hacker could listen to this dialog – the closer to Plaxo’s
“freshness” of the addresses must be particularly attractive. server, the better – and recover all the personal data being
transmitted. We interviewed one user who felt his data was
◦ An unhappy employee quits the company with a copy of the
safe: “communications between my computer and Plaxo are sent using
file. Security experts agree on this scenario to be a common
SSL.” It should be noted that arrows on figure 3 represent
threat.
the logical flow of information between sender and recipient
◦ Spammers order hackers de break into the system. After and hide the actual physical path of the data (where interme-
SoBig10, a new reason to fear collaboration between the two diate servers are involved). Theoretically all exchanges could
communities? be encrypted. However, very few servers implement encryp-
tion (TLS).
◦ A spammer is able to sniff Plaxo’s links to the Internet –
although the transfers of users’ address books to Plaxo are • What will happen in the event of bankruptcy or sale of the
secure, update e-mails are sent without any encryption, as company? Will data privacy engagements be held? Even in
described on figure 3. France, where the transfer of personal information data is
only permitted with the users’ consent, many abusive cases
have been observed. Plaxo’s web site states: “If Plaxo is
sold, acquired or dissolved, we will notify you about this
transaction. We will do our best to make sure that any com-
pany who acquires us or purchases our assets will treat your
information in the same manner that we do, but we would
not control those companies and therefore cannot make any
binding commitments on their behalf.” Danah Boyd, a Ber-
kley Ph.D. student, states in her thesis “Data Identity Mana-
gement11” a similar case when Google acquired the Deja
Usenet archives. Many users reacted to the valorisation of
their intellectual property. Google agreed to remove any
entry upon demand from the submitter…except in case the
submission had been incorporated into someone else’s reply!
Frederic Aoun & Bruno Rasle (www.halte-au-spam.com)
Page 4
• More troubling, imagine the following scenario: It’s the year
2004 and Plaxo’s base has reached 150 million contacts… A
spammer buys a file containing one million unqualified jean
contacts, consisting only of email addresses, with no other
data. He becomes a Plaxo user (under several usernames)
and asks the system to update his file, presented under the marie
form of harmless Outlook contact files. Very shortly, the
spammer will have retrieved a personal-information-
enriched file with: name, telephone numbers, physical ad-
dresses… All this, without users even knowing! This proce-
dure is already possible since the system will automatically
reply (by default) to any update request for a contact that is a john
bernard
Plaxo user (the “allow people who know my e-mail address
to lookup this information” checkbox is checked by default mitsuko
ana maria
– see figure 4).
Figure 5: Potentially Plaxo may be able to collect data that could allow obtaining:
direction and frequency of exchange between users.
contractor of the Army. The data manipulation was to allow identifying
“abnormal events or activities that may include rebel actions before
damaging events occur”. Lee Tien of the Electronic Frontier Founda-
tion14 declared: “We should put the brakes on all these data-mining programs,
and have a serious national conversation, because travel data is just one example of
the many kinds of data every data-mining operation wants to suck in from private
businesses."
The ability to cross correlate entries and be able to reconstruct someo-
ne’s online personae with several e-mail addresses can also be imagined.
These aliases are often used in order to manage online identities users
present to be able to keep certain anonymity. Plaxo’s reply to this parti-
cular point is quite explicit: “We do not attempt to cross-check the
accuracy of the data in our users’ address books, e.g., there might be
Figure 4: By default the system authorizes automatic update of contact information. thousands of entries that refer to John Smith, but no way to determine
The “Public Cards” help window opens by clicking on the “What’s this” link, whether these entries refer to the same person”
explaining the implications of this option. John Robb, ex Forrester Research senior analyst, believes Plaxo may be
preparing to launch an antispam offer15: “After a little thinking, I suspect the
• Phishing scams can also be feared. It is quite easy to imagine way that they will make money on this is by offering spam filters for $$. These
a message which looks like a legitimate Plaxo update mes- filters would block all incoming e-mail that isn't in an address book. Since the
sage, with a copy of the logo… This type of frauds has been majority of e-mail traffic is with people in your address book your e-mail would be
on the rise during the last several months12. spam free. Those people that send you e-mail that aren't in the address book, would
be automatically sent an e-mail that asks them to enter in contact information (when
• Besides these spam-related subjects, it is difficult not to
they do, the original e-mail would be delivered). Of course, the spammers won't do
wonder about potential relational network information that
that and therefore will be automatically excluded.”
could be data-mined from the database – industrial espio-
nage? The mere notice of repeated entries of a client coveted Are French users aware of the way Plaxo works, and of all its potential
by an American company in a European corporation’s ad- risks? For some of them language is definitely an obstacle. After asking
dress books may represent valuable information… One can users whether they had really acknowledged the system’s operating
also imagine a sales representative of a French company who mode when they downloaded the application, we often received the
decides to use the system and selects to update not only his same answer: “Not really, I read the contract quite fast. Everything is English,
personal address book, but also the company’s shared ad- and I do not speak it very well.”
dress books. The entire client/prospect list is then transfer-
Can Plaxo e-mails be seen as spam by spam filters? We have seen that
red outside the company!
under a legal point of view such cannot be the case. Furthermore, Plaxo
Figure 5 shows information that could be potentially gathered by the proactively restrains users from abusing the system by limiting the fre-
system: frequency and direction of exchanges between users. Intelli- quency of updates. But spam filters do not rely on the same criteria. In
gence agencies all over the world must be interested for this type of order to avoid been blacklisted and to increase the confidence of spon-
information… Wired News13 recently revealed deviant use of passenger sorees, Plaxo’s update requests are made to seem to emanate from the
data. The information had been gathered by JetBlue and used by a sub- sponsor’s computer. Whenever a sponsor decides to request an update
Frederic Aoun & Bruno Rasle (www.halte-au-spam.com)
Page 5
from within Plaxo’s Outlook plug-in, he or she selects the contacts he and others).”
wishes to update and launches the procedure. What follows is an
Plaxo’s FAQ indicates that if someone wishes his personal information
HTTPS dialog between the users PC and Plaxo’s servers. Next update
to be removed from the system he should ask the respective Plaxo user
e-mails are sent (using SMTP) from Plaxo’s infrastructures towards the
to delete the entry (the company refuses to modify any contact informa-
sponsorees. Headers from one such message are presented on figure 6.
tion from users’ databases). Plaxo also offers to make that request to
X-From_: baddr-8590105644-11720313-1212841164-1S@mx.plaxo.com Mon Sep 8 12:21:03 2003
the user on his behalf.
Return-Path: <baddr-8590105644-11720313-1212841164-1S@mx.plaxo.com>
Received: from mx.plaxo.com (mx04.plaxo.com [66.54.249.37]) Plaxo may also automatically reply to any update requests on behalf of
by smtp4.clb.oleane.net with SMTP id h88AM26X010721
persons wishing to opt-out16 from having their data on the system. Any
for <filleul@son-domaine.c0m>; Mon, 8 Sep 2003 12:21:02 +0200
further update requests are automatically replied to. Of course, in order
Received: (qmail 538 invoked from network); 8 Sep 2003 10:21:23 -0000
Received: from unknown (10.1.0.2)
to do this, one needs to create a special account and provide…one’s e-
by mx04.plaxo.com with QMQP; 8 Sep 2003 10:22:23 -0000
mail address.
Received: from 123.123.123.123 by pas02.plaxo.com; 8 Sep 2003 10:21:53 -0000
Message-ID: <1063016542.30926.201712.sendUpdate@mx.plaxo.com>
What advice can be given to a French Internet user who receives an
Date: 8 Sep 2003 10:21:22 -0000
update request from a relationship? Maybe a reply among the lines of:
From: "Parrain" <parrain@un-domaine.c0m> “You are a Plaxo Contacts user. Have you thoroughly understood its
To: "filleul" < filleul@son-domaine.c0m> operating mode? You have communicated my personal information
Reply-to: "Plaxo Contact Update for Parrain" <addrupdate-8590105644-11720313-1212841164-1S@mx.plaxo.com>
without my consent to a foreign private company. This violates several
Precedence: bulk
articles of the 1978 law “Informatique et Libertés”. Please take the
Subject: Any changes to your contact info?
MIME-Version: 1.0
necessary steps to remove all my personal data from their system.
Content-Type: multipart/mixed;
Please forward me an acknowledgement proving this.” This request
boundary="------------C0302C3E1ADE2168BC4F49CB" should be directly sent to the sponsor without using the “reply-to”
function which would send the reply back to Plaxo.
Figure 6: No e-mail is actually sent via SMTP from the sponsor’s computer.
Launched in March 2003, Friendster17 responds to a different need:
The headers tell that the message was sent from a computer with IP extending one’s social relations. With a peer to peer model, this applica-
tion allows to create a contact with “my friends’ friends”. In this case
address 123.123.123.123 (which corresponds to the sponsor’s address)
toward a server belonging to Plaxo. Next the message is relayed to the no software needs to be installed on users’ computers. Users create
their profiles on Friendster’s web site. He or she may fill the informa-
sponsoree’s server (smtp4.clb.oleane.net). This tale does not reflect the
reality. Although it may seem there was an initial SMTP connection tion fields with real or made-up information (see figure7).
between the sponsor’s PC and Plaxo’s infrastructure, we have seen that
this exchange is performed under HTTPS using a proprietary protocol.
“The emails are sent from our servers at the moment, though we may
change that in the future” was Plaxo’s reply to our question on this
behaviour.
In spite of all these precautions Plaxo’s update request must be regularly
blocked by filters. The company has added a related answer to its FAQ.
Plaxo also says to regularly test its mails against antispam filters in order
to avoid being blocked… They also say to be in permanent contact with
ISPs in order to make sure the messages get delivered.
What type of personal data is collected? By default Plaxo handles the
“professional” fields present on VCards. The company avoids collecting
“meetings” and “notes” fields for security reasons. It is quite troubling
that a system that pledges to be secure, avoids collecting certain types of
data for… security reasons. But users may select to allow “personal”
fields of VCards. Home addresses, home phone numbers and cellular
phone numbers are then collected…
But can one really prevent his personal data being communicated
to Plaxo-likes, most of the time by close relationships? What kind
actions can be taken? The closest relationship circle, made up of family
and close friends can certainly be informed (in a humane and friendly
way) that we do not wish our personal data being communicated to
third parties under any circumstances. Many of us have done similarly
regarding the desire not to receive chain letters or jokes. For the exten-
ded circle (casual friends and work acquaintances), it is almost impossi-
ble. A disclaimer after of the e-mail signature may have some effect:
“Please take care not to communicate my personal information – including my e- Figure 7: Friendster’s user profile fields
mail address – to third parties without my authorization. This remark is also valid
regarding applications that perform automatic updates of address books (e.g. Plaxo
Frederic Aoun & Bruno Rasle (www.halte-au-spam.com)
Page 6
Upon this first step, new users need to find at least one known user and Danah Boyd, researcher at Berkeley, currently conducts a study on
ask him to “become his friend”. The two will then be able to browse Friendster and other tools that allow weaving relationships. She is parti-
through each others friends’ profiles. We tested this service. By associa- cularly interested in understanding how users manage their social facets
ting to two direct friends (in the first degree) we gained immediate ac- online. Her site19 presents a survey where Friendster users can partici-
cess to a network of more that 2,900 potential “friends” (up to the pate.
fourth degree, see figure 8)!
In France, the online dating sector is very popular
with sites such as NetClub, TurboDating or Mee-
tic. All of them are currently free of charge and
have a business model based on online advertise-
ment. Only Amoureux.com has decided to rent its
users’ information to direct marketers.
The concept of French Startup iPropi20 is directly
based on the theory of “six degrees of separation”
applied to a common daily life problem: “If my
friends cannot help me, the friends of my friends
may be able to help, and their friends will for
sure.”
Stanley Milgram21 was a Yale social science resear-
cher. He stated the theory on the six degrees of
separation22 in 1967. According to Milgram, any
US citizen could be in contact with any other US
Figure 8: Friendster’s user interface. citizen through 6 other citizens at most. He empi-
rically verified his theory using the postal service. He asked a few Oma-
At this point users may perform searches by using different criteria ha (Nebraska) residents to send a letter to an unknown person living in
(interests, sex, age, etc.) or simply navigate through associated friends’ Boston (Massachusetts), only identified by his name, profession and
profiles. In order to establish a direct (first degree) relationship with a geographical region. Subjects were asked to send the letter to people
friend’s friend, a message can be sent via the user interface. Friendster they knew who could possibly reach this person either directly or indi-
has numerous points in common with Plaxo such as the notion of rela- rectly through their relationships. On average five to seven “middle-
tional networks. The system seems to have been well thought out in men” were necessary in order to deliver the letter.
order to limit potential abuses. For instance e-mail addresses of users
This empirical test has been eagerly debated over the years, with criti-
are not available online. Any messages exchanged between users are
done so internally, and not through SMTP (without ever knowing the cism focusing mainly on the choice of the user panel. Recently, two
concurrent studies23 have sought to validate Milgram’s idea on a larger
recipients e-mail address). Finally, it is impossible to broadcast messages
to several users simultaneously. The service says to have over one mil- scale by using e-mail: The Electronic Small Word Project24, conducted
by Ohio State University sociology professor James Moody, and The
lion members with more than 500,000 new subscribers just for June
2003. The user base growth is announced to be of 20% per week18. Small Word Research Project, conducted by a team of sociologists lead
by Peter Sheridan Dodds25 from Columbia University.
Friendster’s base represents without any doubt a target for spammers.
Fabrice Cavaretta, CEO of iPropi came up with the idea of a small ads
Not only does it conceal millions of e-mail addresses, but it also
contains profiling information which may be extremely valuable to site based on the principle of friend to friend e-mail propagation.
“Propagators” are reward prizes for helping the advertising user (who
sophisticated spammers. Unlike Plaxo, it is difficult to imagine users
inviting their entire list of contacts to join the system. The perimeter of published the small ad) find what he was looking for. This rewarded is
paid for by the advertising user. So far the service is free of charge but
sponsorship seems limited to close acquaintances. As in the case of
most sponsorship-based schemes, the system allows to send invitation the business model is inspired on eBay’s. Fabrice Cavarretta revealed on
an interview26 that the virality threshold level had not been yet reached.
emails to sponsorees. One can legitimately wonder about the destiny of
all the submitted sponsoree addresses (including the ones belonging to iPropi’s economic model seems clear and healthy. There is no language
people who do not become users)? As in Plaxo’s case, Friendster adver- barrier (for French users), however, users should take time in order to
tises a strong antispam policy and says to never resell personal data to thoroughly read the contract and help pages. The system limits potential
third parties: “The friend may contact Friendster to request removal of abusive usage, for example by restricting the amount of messages that
this information form our database.” may be sent. The company also reserves the right to terminate any ac-
count if the system is misused. Nonetheless we have identified three
Friendster’s service is currently free of charge. However the company
points which may be improved: while the antispam policy information
has announced that in the future some of its features will be available
page commits to “never sell user’s personal information”, the online
for a fee. Several competing offers have recently appeared, including
contract indicates that “iPropi may be authorized to disclose personal
some in France. Perhaps a proof of its success, Friendster has even got
a parody site, fiendster.com. Some competitors have sought the niche information to third parties.” A user whishing to have his information
erased from the system is asked to send a letter to iPropi, while a simple
of professional contacts networks (among them: ryze.com, ecademy,
linkedin, everyoneconnected.com). click is enough to accept the legal contract and begin using the system.
Frederic Aoun & Bruno Rasle (www.halte-au-spam.com)
Page 7
Finally, the online contract states: “iPropi cannot be held responsible mission is to “build users' trust and confidence on the Internet and, in
for damages resulting from the loss, the alteration or fraudulent access doing so, accelerate growth of the Internet industry”… But after a clo-
to personal data…” The French “Informatique et Libertés” law is very ser look it appears that TRUSTe’s coverage is limited to data collected
clear on these issues: the person in charge of a personal information file only on Plaxo’s site, and doest not cover data collected through the
must take appropriate action to protect it – this protection should be in Outlook plug-in. Mr Carlos Gil, compliance Analyst at TRUSTe
accordance to the sensitivity of the data that is stored. We contacted confirms this point: “TRUSTe currently only reviews and covers the data collec-
Fabrice Cavarretta regarding these points. He promised to analyze them tion and use practices on TRUSTe certified websites and does not review/cover
and carry out appropriate modifications. downloadable software. For technical reasons TRUSTe does not deal with issues
related towards downloadable software. Our Account Managers are able to walk
Two new French services are following on iPropi’s lead: Friendset and
through websites and review them finding pages that collect PII and ascertain the uses
NetFriends. Their respective CEO’s did not want to comment on their
of consumers PII to help licensees write their privacy policies. Our Account Mana-
economic model upon launch27. Friendset terms and conditions reveal
gers are not programmers and cannot fully understand every downloadable program
the following note: “We may send our members promotional offers
in a way to accurately help write a privacy policy for our licensees. That is why if one
from third parties. Should a member not want to receive such offers
of our licensees offers software, TRUSTe has them place a disclaimer for consumers
[…] he or she may opt-out when subscribing to the service or at any
stating that TRUSTe only covers the information collected on the Web site.”
other time by using the user interface, by sending an e-mail to priva-
cy@friendset.fr or through regular mail.” Once the new “loi pour la When we began studying Plaxo, we were intrigued by the fact that seve-
confiance dans l’économie numérique” law is voted, op-out28 will be ral sponsorees received update requests from people who knew almost
replaced by opt-in29. The entire user database will then need to be re- nothing about them, besides their e-mail address. After downloading
qualified. the application we discovered an uncommented function (see figure 9)
which allows extending the number of contacts beyond one’s address
Databases represent a real asset to these companies. In August 2003,
book to anyone with whom you have exchanged an e-mail. Does this
Harvard Business School professor John Deighton raised a polemic
function explain such update requests?
question: “if our personal information is so valuable
to enterprises, why shouldn’t we be the first to profit?”
His “Market Solutions to Privacy Problems”
study suggests compensations such as pre-
mium offers or specific services for consu-
mers. He adds, “The solution is to create institutions
that allow consumers to build and claim the value of
their marketplace identities, and that give producers the
incentive to respect them.” 30
The ideas behind these new services do res-
pond to actual needs. What is to blame is that they are often applied Figure 9: Plaxo’s plug-in has the ability to collect the e-mail addresses of episodic
without enough care for cultural differences and local legal constraints – correspondents – they are classified per exchange frequency.
in our case France’s. Furthermore, some of these initiatives may seem a
Ideally such services should allow users who do not want to use the
little clumsy under the current spam crisis, even when the companies
system anymore to be able to delete their entire records with a simple
behind these services say to be well aware of the problem.
operation. We hardly see any of these companies implementing such
Coming back to Plaxo’s example, our advice to potential users is to functions without being forced to do it (will this be a role to be played
thoroughly understand its mode of operation. Users should be careful by future labels?).
of default options such as the “allow people who know my e-mail ad-
Users should weigh the benefits against the risks involved. Cases
dress to lookup this information” checkbox which permits someone
where users are asked to trade-in sponsorees’ data in order to gain
who only knows your e-mail address to collect all one’s information
benefits are far more delicate. All this is done without taking into
without one even knowing it.
account the “Informatique et Libertés” law. One user who responded
The service could probably be more trustworthy if it would only store a to our interview declared: “the people’s data in my address books belongs to me.
fingerprint of each contact’s information – and not the actual data. This According to the CNIL, name, surname, and e-mail address cannot be considered as
fingerprint could be obtained by using a one way hash function and nominative data”… This is completely false. Another respondent said to
would allow detecting any changes in a contact’s information while be “aware that Plaxo collects addresses, but honestly, looking at where we are to-
rendering the data unusable to spammers (and other deviant uses). This day”, he prefered his “address to be used by them rather than by a spammer who
system could rely on a true peer to peer network for the exchange of will be sending hundreds of e-mails without one being able to say stop.” The point
the actual private information, without passing through a central server. here is that it is not the user’s address but his contact’s that are being
Thus data would be directly sent between users. communicated without their approval. Another user entrusted us: “I
guess the base will be used. After all it’s a free service. There must be compensa-
Would a label help improving trust? The new 95/46/CE31 European
tion”… There seems to be some sort of connivance on behalf of
directive law project would give the CNIL and other European privacy
“converted” users. These new “social applications” put the spotlight on
authorities the prerogative to award labels to services that comply with the importance of human behaviour in order to prevent spam. Users
a certain level of data protection32. However, the reach of these certifi-
should at least understand thoroughly how these services function and
cations is yet to be defined. Would label holders be subject, for exam- take appropriate time in order to master them (for example, for Plaxo,
ple, to regular intrusion tests in order to verify proper data safeguard?
users should understand the impact of the “allow users who know my
Plaxo’s site displays TRUSTe’s33 logo. This non-profit organisation’s
Frederic Aoun & Bruno Rasle (www.halte-au-spam.com)
Page 8
e-mail address to look up this information” checkbox). References:
As for enterprises wanting to control the use of this type of applica-
1 http://www.plaxo.com
tions, we can make a few suggestions. Education is of course the first
step. Access (at the gateway level) can be also restricted so that these 2 http://www.wired.com/news/technology/0,1282,56322,00.html “Napster Co-
services cannot be reached. In a recent article34, lawyer Isabelle Renard, Founder's New Venture” by Xeni Jardin. Wired News –November 12 2002
reminded French companies their obligation to secure information
3 http://www.sciencemag.org/cgi/content/abstract/301/5634/827
assets. A sales representative who divulges the enterprise’s address
« An experimental Study of Search in Global Social Networks » by Peter Sheri-
books may be liable to the potential prejudice that shareholders may dan Dodds, Roby Muhamad et Duncan J. Watts. Institute for Social and Eco-
suffer. nomic Research and Policy, Colombia University. Sciencemar.org. August 8 2003
Jean-Michel Yolin, president of Enterprise Innovation Section at the French 4 http://www.linuxjournal.com
ministry for economy and finance and antispam devotee tags the appli-
5 http://sanjose.bizjournals.com/sanjose/stories/2003/08/04/smallb4.html?
cation as a worm-hoax: “trust me your address book… I’ll update it for you!
page=1 “Banking on its customer base, Plaxo raises $8.5 million more” par Sarah
This allows to build a gigantic data file with the possibility of mapping social net-
Lacy. Business Journal – August 4 2003
works.” Mr Yolin regrets every time one of his acquaintances “gets trapped
by such rubbish.”
6 http://europa.eu.int/comm/internal_market/privacy/adequacy_fr.htm
Danah Boyd adds “Even if data is being collected with the best of intentions,
7 http://www.01net.com/article/218717.html « La Cnil s'oppose au détourne-
aggregation of data becomes valuable, quickly. As such, it's acquisition may be
against the will of the aggregator. In 1930 the Netherlands decided to collect citizen’s ment d'informations vers les Etats-Unis » by Philippe Crouzillacq. 01net, Octo-
ber 2 2003
religious faith in order to provide proper burials. Good intentions accidentally allowed
the Nazis to easily execute thousands of Jews 10 years later35.” Without going to 8 23rd CNIL activity report (year 2002)
such extremes, troubling connections have lately been made public.
Sean Parker was recently appointed a chair at Friendster’s advisory 9 http://www.silicon.fr/click.asp?id=1129 « Nouvelle faille dans Passport (ID de
board36, he is also Plaxo’s CEO… Would a merger make sense? Will we Microsoft) » d’Olivier Chicheportiche . Silicon.fr. May 11 2003
see users using both applications in order to try to make a profit from
10 http://www.vnunet.fr/actu/article.htm?numero=11252&date=2003-08-22
their address books? Are we on the brink of seen the first self-made
men thanks to the prices collected using Ipropi which they would have « SoBig : attaque mondiale prévue à 21 heures » par Christophe Lagane.
Nvunet.fr le August 22 2003
valued with an always up-to-date address book thanks to Plaxo, in turn
made ever larger thanks to Friendster? Not counting cumulated points 11 http://smg.media.mit.edu/people/danah/thesis/ “Faceted Id/entity: Manag-
for all the sponsorships... Journalist Bruno Le Marcis recently titled one ing representation in a digital world”. Danah Boyd, MIT Media Lab
of his articles in French journal Le Figaro “How about if your address 12 http://www.reseaux-telecoms.com/cso_btree/03_07_24_135458_247/CSO/
book brought you some revenues?”… Newscso_view « Vol d'identité, le successeur du Spam ?» by Marc Olanié.
Réseaux et Télécoms. July 24 2003
13 http://www.wired.com/news/print/0,1294,60540,00.html « Army admits
using JetBlue data » by Ryan Singel. Wired News. September 23 2003
14 www.eff.org/ Electronic Frontier’s Foundation Web site
15 http://jrobb.mindplex.org/2002/11/15.html John Robb’s Weblog
16 Here the term refers to a message sent without prior consent from the recipi-
ent.
17 http://www.friendster.com
18 http://www.journaldunet.com/0307/030722friendster.shtml « Rencontres
“- Lottery?” “- Nope, address book!” d’un nouveau type sur Friendster » par la rédaction. Journal du Net – July 22
2003
19 www.danah.org
20 http://www.ipropi.fr
21 http://www.stanleymilgram.com/blass.html
22http://www.sciencemag.org/cgi/content/abstract/301/5634/827
« An experimental Study of Search in Global Social Networks » by Peter Sheri-
dan Dodds, Roby Muhamad et Duncan J. Watts. Institute for Social and Eco-
nomic Research and Policy, Colombia University. Sciencemar.org. August 8 2003
23 « Courrier électronique : qui communique avec qui ? » de Chantal Dussuel. Le
Monde.fr. February 13 2003.
Frederic Aoun & Bruno Rasle (www.halte-au-spam.com)
Page 9
24 http://smallworld.sociology.ohio-state.edu/html/homepage.html
25 http://smallworld.sociology.ohio-state.edu/html/homepage.html
26 http://www.journaldunet.com/0308/030806ipropi.shtml « Ipropi sur le long
chemin de la viralité » by Raphaële Karayan. Journal du Net – August 6 2003.
27 http://www.journaldunet.com/printer/031013networking.shtml « Les pre-
miers pas du networking social à la française » by Raphaële Karayan. Journal du
Net. October 13 2003
28 Opt-out here is used to caracterize the data collection method. Checkboxes are
usually checked by default. Whereas under an opt-in scheme check boxes are
unchecked.
29 Data collection with prior consent from the consumer as set forth in Seth
Godin’s “Permission Marketing”.
30 http://hbsworkingknowledge.hbs.edu/tools/print_item.jhtml?
id=3636&t=notebook « Should you sell your digital identity ? » by Sean Silver-
thorne. HBS Working Knowledge. August 25 2003
31 www.cnil.fr « Textes de référence »
32 http://www.journaldunet.com/printer/juridique030916.shtml « La CNIL
passe aux sanctions » by Jérôme Martin, Avocat à la Cour. Cabinet Salans. Jour-
nal du Net. September 16 2003
33 www.truste.org
34 http://solutions.journaldunet.com/0309/030910_juridique.shtml
«Administrateurs systèmes et cybersurveillance : entre le marteau et l'enclume »
by Isabelle Renard (cabinet August & Debouzy). Journal du Net. September 10
2003
35 Information verified with the Nederlands Instituut voor Oorlogsdocumenta-
tie, in Amsterdam : « There is no question that the extensive pre-war population
registers in the Netherlands played a significant role in the history of the Holo-
caust. There had been a census in 1930 in wich, under the category « religion »,
almost 112.000 persons had registered as « Jews ». Innocent in peacetime…the
registers were used by the Nazis to compile and to check lists for arrests and
deportation.”
36 http://news.com.com/2100-1026-5071021.html « Frienster : A little cash goes
a long way ? » by Paul Festa. Cnet News.com – September 2003
For any further information, comments or criticisms please contact us at:
informations@halte-au-spam.com. The book “Halte au Spam” is presented at
www.halte-au-spam.com
Frederic Aoun & Bruno Rasle (www.halte-au-spam.com)
