Erick over at Techcrunch recently posted a review of the just-relaunched Spokeo, what one might call a web 2.0 aggregator. (Spokeo consequently experienced an onslaught of new registrations, including my own). FriendFeed, started by four ex-Googlers, is a similar service that has received more press, including a New York Times write-up. These services basically scour the web for updates from your friends on various web 2.0 services such as Pandora, Google Reader, and Amazon.com Wishlists, and consolidates them into a single feed. What you essentially have, then, is the equivalent of the Facebook News Feed for all web 2.0 services that have publicly accessible information. When your friends add pictures, make comments, listen to music, or add a book to their wish list, this information is delivered directly to an “inbox” where you can review and even comment on it.
Like many major innovations these days, this new type of service can be seen in both positive and negative lights. On the positive end, you no longer have to spend hours each week jumping from service to service looking for updates from your friends. It is the most efficient way to passively find out what your friends are up to in their online lives. Hopping onto Spokeo, FriendFeed, or a similar service, you can very quickly browse through photos, blog posts, and other updates. Strictly speaking in the interest of facilitating the flow of information not into or out of “the cloud,” but within the cloud itself… this sort of service is revolutionary.
Now for the scarier stuff.
Spokeo not only allows you to aggregate information on the friends that you specify, but it also automates that process. After registering, you simply enter the login information for your Gmail, Yahoo! Mail, or other web-based email account. Spokeo then proceeds to login to your email account and download your address book. Having compiled the e-mail addresses of all your contacts, Spokeo then cross-checks those addresses against 15 or so services with publicly accessible feeds or search services. For example, if I had a friend Bob with a certain email address, Spokeo would search MySpace for that address and see if any results return. If there is a MySpace account associated with his address, the update feed for that account is added to my Spokeo dashboard. This process repeats itself across all the addresses you provide through your email account, for all the services that Spokeo is able to troll.
Pretty cool, right? Here’s the rub: no one besides you knows who you’re tracking and what sites you’re tracking. When I signed up and went through the process, I was amazed to discover how many of my friends were on services I didn’t know they were on, and some on services I had never even heard of! And unless I tell them, they have no idea I’m watching every update they make. Maybe the reason I didn’t know about their presence on a certain service was precisely because they wanted to make it private, but they had no idea that their profile or account was searchable, linkable, and streamable by their email address.
So what’s the fallout on this? Should there be an equivalent of a robots.txt file for web 2.0 services, telling sites like Spokeo that they cannot automate the search and discover process? Should users of web 2.0 services specifically have to opt-in to having their feeds aggregated in such a way? Or are Spokeo’s practices legitimate?
Speak up in the comments.
Image used under a Creative Commons license from Flickr user piccadillywilson
As I post this comment, I wonder how many of my friends and casual contacts will be alerted that I have done so through FriendFinder or Spokeo? I guess I will keep this post clean.
Wait a sec, that’s actually a point I’d like to make. One upside of Spokeo and similar services is they add an element of transparency, and personal accountability, to the web that users have previously escaped. Anonymity on the web, and anonymity in general, as numerous psychology studies have shown, can lead to pretty inhumane and unethical behavior.
I may be some kind of social radical, but I don’t think that everyone has an inherent right to total privacy.
That being said, the bottom line is that, when I communicate, I do have the right to know who will likely hear/read/react to it.
Plus, I do not think the general public (with the intense individualism that pervades the U.S.) will stand for these types services as they exist now, just as Facebook became mainstream, the public demanded that it integrate extensive and sophisticated privacy controls over the news feed, etc.
Having just had a bizarre experience with Spokeo, I was Googling for information and found your blog. Sorry, then, that this is a late comment.
A debate on Live Journal about Spokeo got me frustrated enough to make a public post. Someone had suggested we all go to Spokeo and try it, and I was against giving out email passwords (webmail or otherwise) on principle. I just pointed out that giving a password to allow address book access, also gave access to your email account, allowing messages to be downloaded (or sent on your behalf). I didn’t go to the Spokeo site myself.
Within 60 minutes of making the LJ post, I had been contacted by Spokeo reps on both LJ and Facebook (the LJ comment was from a registered LJ user, “spokeo”. OK it was a public post, but 60 minutes??
The messages both said the same thing. They were encouraging me to copy my OUTLOOK (not webmail) address book to a .csv file and upload it to their site. Obviously an Outlook address file can contain real names, addresses, telephone numbers, and other information / notes.
This unwanted and incredibly bizarre personal attention I was receiving from Spokeo caused me to immediately close my LJ, Facebook and Hotmail accounts. A lot of my LJ posts were public, but I’d rarely recived comments from new users, and I was amazed that Spokeo were promoting their web service this way (which is also contrary to LJ TOS).
This “gimme your contact list” message convinces me (if I needed further convincing) that the owners of Spokeo are doing (or plan to do) far more with this information than simply track friends for subscribers.
I’ve made a strong complaint to LJ, and given the details of the approach to the US Department of Justice web fraud dept., and other North American agencies.
At the end of the day though, I’m still amazed that anyone would trust ANY of these web ’services’ (free or fee based) with a personal password. Unwarranted trust is the biggest security issue of all. If someone wanted your driver licence number, would you hand over your whole wallet and let them find it for themselves??
I’m glad I found this site. I received e-mails on two of my e-mail addresses stating somebody gave Spokeo my information and is now tracking me. I’m pissed that one of my friends would be dumb enough to give Spokeo unrestricted access to my contact information.
Spokeo is simply using the business mantra “ask for it, you would be surprised what people will give you.” However, I never authorized the release of my personal information to this third party and I’m fairly certain it is illegal for somebody else to release my private information, friend or not.