Privacy, paranoia, and Plaxo

For those of you reading my blogs and primarily interested in the TIPS category, I’ll get the useful / utilitarian part of this post out of the way first:

The Plaxo service is pretty darn cool. Despite some annoying quirks, it’s useful, it’s fun, and it’s free. I definitely recommend giving Plaxo a try.

What is it? Well, in a nutshell, Plaxo is a service (with optional software) that allows you to:
– Keep your addressbook up-to-date pretty effortlessly.
– Send out contact-info changes to your friends easily.
– Access your entire addressbook securely on the Web from anywhere.

Read on for my detailed thoughts about Plaxo.

The Plaxo Controversy

First, the boring ‘legalese’:

DISCLAIMER:
I’m not affiliated with Plaxo in any way except as a generally happy user of the service and software.

Okay, now with that out of the way… 😀

Since Plaxo’s inception, there’s been a bit of a firestorm on the Internet about privacy, trust, and the evils the service could and might do with your personal info.

After all, they have your e-mail address, full name, and possibly company name, job title, phone numbers, and more. What a treasure trove for telemarketers and other sleazoids, right?

Well, sort of. Plaxo vehemently insists, via their privacy policy, that they’re not going to do any of that nasty stuff with your info. And you know what? I believe them. I also like and respect how they prominently feature both a plain English summary of their privacy policy and also a longer, more detailed version for those interested.

Personally, I think lots of people on the Web are far too paranoid for their own good. Of course, everyone is and should be free to make their own judgement calls about what services and people they trust, but what bothers me is the foaming-at-the-mouth invective and often outright nastiness that’s been flung at Plaxo and other companies like it. “They could sell all our data!” some scream, and “If they get bought out, they’ll betray us!” Many of these people have loudly lumped Plaxo into the category of spammers and virus-makers and worse… IMHO unfairly tarnishing Plaxo’s reputation and unfortunately dissuading many from making an informed opinion about the service.

Do those folks who are angrily ranting about the ‘threats’ of Plaxo realize what data is ALREADY widely (and sometimes freely or cheaply) available about them via their banks, their health insurance company, the department of motor vehicles, the Direct Marketing Association databases, and so on (all of whom are, without a doubt, FAR more palpably evil than companies like Plaxo)? And unlike Plaxo, most of these companies have actively resisted disclosing, much less openly inviting people to check out their privacy policies.

Plus other online entities already have demonstrated the concept of trust. Amazon.com not only has my personal contact info, they also have several of my credit card numbers and my purchase history. What if Amazon.com got bought out, huh, bub? ;-). Strangely, I don’t see too many people flinging epithets at Amazon in their blog entries, speculating about how all their data’ll be sold to the highest bidder if Amazon gets bought out.

* * *

Personally, I’m much more worried about my credit card companies’ policies (especially since they STILL persist on trying to sell me crap over the phone!) than I am about Plaxo. For that matter, I also think there’s a zillion-times greater chance of my personal data being stolen and sold by a waiter who has my credit card number in a back room for a few minutes.

Comparative risks, people. Intelligent weighing of risks and benefits. Plaxo offers what I think most would agree is a useful and interesting service. The tradeoff, in my mind, is a no-brainer. Or, in a more direct / less-eloquent way of putting it: get a grip.

* * *

LEGITIMATE PROBLEMS WITH PLAXO

Despite my defense above, I should, in fairness, point out that there are quite a few problems and annoyances with Plaxo.

1) Privacy issues
There actually is one argument I’ve read from privacy advocates that I can respect. Unlike with services such as Amazon.com, for instance, where each person has the choice of whether or not to submit his or her personal data, with Plaxo, it’s not really up to each individual. In other words, because I have Jim Smith in my addressbook and I send a query to him via Plaxo’s servers (AND I store his data on Plaxo’s site so I can access my addressbook on the Web), Jim has effectively had his data shared without his consent… and possibly even without his knowledge. Of greater concern, if Jim is particularly concerned about Plaxo ‘n’ Privacy, he really has no recourse for getting his name OFF of Plaxo’s servers, short of demanding all of his friends to remove him from their personal addressbooks.

2) UI issues
Plaxo is pretty darn user-friendly, but there are quite a few UI niceties that its engineers have overlooked, and cumulatively, these issues are rather frustrating. For instance, when I’m looking through any large Plaxo list of my contacts, I can’t simply jump to a name by hitting the first few letters. I have to first sort, then scroll. With 600 names in my addressbook, that’s damn annoying, especially if I want to select more than a couple names.

3) Not very customizable
While I can change and add to some of the language in the “please update your contact queries that get sent to friends, far too much of it is fixed — and overly formal. The cringe-worthy closing is “Thanks, Adam Lasnik.” What friend signs off with a closing like that?! And while one can save the (partially) customized mails sent out for future use, they’re neither named nor editable nor deletable. It’s issues like this that suggest that Plaxo has been “dumbed down” er, simplified at the expense of customizability, and frankly, I don’t believe that having a highly customizable (power-user) and user-friendly UI should be mutually exclusive.

* * *

Okay, with all that out of the way, let me explain why I think Plaxo kicks ass and why I’m pretty excited about it.

WHY PLAXO ROCKS

1) One-button sync with secure Web version of my addressbook
This option, included as part of the free service, is wonderfully handy! Had I been using Plaxo when my Palm Pilot was stolen during a trip throughout Europe a while back, I would have had a much easier time (pop into an Internet cafe, log into Plaxo, access the handy PRINT version of my contact list, print it… voila!). Plus, it’s impressive and useful how the Web version offers nearly the identical (and in some cases, actually superior) functionality to the desktop/Outlook/Outlook Express front-end.

2) Support for FoaF (Friend of a Friend) standard
Granted, I’ll admit that I don’t quite yet grasp how this works, nor know if it will end up being widely adopted over time. But the fact that Plaxo has listened to and worked with pioneers in this realm suggests to me that the Plaxo folks are committed to a reasonable amount of interoperability and openness.

3) Good documentation, admirable interactions with customers
Though in the past Plaxo has been criticized for some slowness with customer service responses, I’ve actually been pleased with my experience so far, and also impressed that Plaxo representatives have intelligently and actively participated in multiple forums and even posted on blogs. Plus the Plaxo Web site is pretty informative, with a searchable knowledgebase and multiple ways to contact customer service (even an “emergency” form).

4) Plain English promises and reassurances
As mentioned earlier, Plaxo has admirably taken steps to be a responsible and ethical player in the Internet contact-sync space, and has also clearly articulated their stances and promises on their site.

5) Robust feature set and ease of use.
While Plaxo occupies a pretty busy space (with, among others, GoodContacts and AddresSender), it seems to have the edge in features and makes them nicely accessible via a number of different ways — both via client software and the Web.

and most importantly…
6) Strong usefulness!
When you start having many hundreds of contacts like I do from all over the world, something like Plaxo is a Godsend! I haven’t yet used it to do a full scan, but when I used the similar GoodContacts software a couple of years ago, I found myself instantly provided with literally dozens of critical contact info updates from friends, and also some friendly catch-up notes from people who hadn’t written me for a long time. I also got quite a few bounces, which saved me from writing long letters to people whose contact info was long since out of date.

* * *

THE RESULTS SO FAR IN MY TESTING…
I have tested out Plaxo on a handful of friends and personal test accounts so far, and the responses and results have been generally positive.
– All said the process of responding was straightforward and easy.
– In every case, the info they input was added flawlessly to my Outlook addressbook.
– In my own tests, Plaxo requests weren’t viewed as spam either on my Yahoo or Hotmail accounts. Unfortunately, one friend at Cornell found my Plaxo request in his spam folder. 🙁
– One friend was reluctant to supply his address, due to privacy concerns; he sent that to me separately via my Web forum, whereupon I mercilessly teased him about being a hypocrite :D.
– And one other friend was angry that I had disclosed his “personal” e-mail address to a third party, but that doesn’t say anything about Plaxo in particular.
– I’ve noticed a couple of minor bugs, such as an improper date stamp in one area of my Plaxo reports, but the engineer I corresponded with has noted that this should be fixed promptly.

After I square away a few things, I plan on doing a much larger test with Plaxo (over several hundred contacts), and — if there’s interest — I’ll report my findings back here in my blog.

In the meantime, I encourage you to post your Plaxo concerns, kudos, and questions below if you’d like, and I’ll do my best to address what I can and – within reason — test specific stuff out for you. Of course, if you’re as geeky and curious as I am, you’ll want to download and play with Plaxo yourself :-). I say go for it!


Posted

in

, , ,

by

Tags:

Comments

14 responses to “Privacy, paranoia, and Plaxo”

  1. Stuart Liroff Avatar

    Hi Adam,

    Thanks for your comments; I assume this is a “typo” and you meant to say “not”! 

    Thanks,
    Stuart

    Adam said: “…Plaxo vehemently insists, via their privacy policy, that they’re !![typo]!! going to do any of that nasty stuff with your info…..”

  2. Rikk Carey Avatar

    Adam,

    Regarding your suggestions to improve Plaxo:

    “1) Privacy issues
    There actually is one argument …”

    We’ve been reearching the idea of providing Recipients with a way to *request* to be deleted from the Sender’s plaxo address book and/or all address books. This is something that would take a lot of effort and time to implement. “2) UI issues
    Plaxo is pretty darn user-friendly, …”

    Gee thanks! 😉  Your suggestion is a good one and something that has been on our list for awhile. However, I believe that it’s an indication of a deeper problem: it’s too much trouble to go to the Update Request Wizard to send out individual update requests. Note that we do have two lightweight ways to do this:

    1. Click-to-Connect: This is the tiny graphic UI that we added to the From:/To: bar in Outlook.  It displays an icon that represents how well you know the sender.  If you click here, it enables you to send an update request to that individual.  Very handy, but many are not aware of it or have not taught themselves to use it.

    2. Outlook details view: Open a contact from your address book and you can click the “Request an update” link to send to that contact. “3) Not very customizable
    While I can change and add to some of the …”

    Maybe we should make the closing customizable.  This is the first time that I’ve heard any complaints about “Thanks” causing cringes, but more personalization is always a good thing.
    Also, we are considering a major enhancement in personalization as a premium feature (e.g. company branding).

    Thanks for your fair and balanced comments.

    Rikk Carey
    vp of engineering
    plaxo, inc.

  3. Adam Avatar

    Oh my goodness, Stuart… that’s pretty embarrassing for me to typo one of the core sentences in my entry!  Thanks for the heads up!  Now you see why I wouldn’t make it as a ‘real’ journalist (well, maybe the New York Times, but… 😉

    And Rikk, I appreciate the reply. A few thoughts about your thoughts…

    – I understand that it may be unfortunate and perhaps problematic to remove the data of people who do not wish to have their contact info on the Plaxo server.  Frankly, I’m not sure how you could address their concerns without the risk of having jerks social engineer the unwanted deletion of contact info.  In other words, I can imagine someone claiming to be “Jim Smith” e-mailing or calling you up saying “I demand that you delete my info from your server!” and you’d have no reasonable way of verifying the actual identity of the person making the request.

    With regards to my UI critique, I’ll admit that I’m coming at this particularly from a power-user perspective.  For instance, I cannot update any contacts via my Outlook contact forms because Plaxo does not appear to support custom contact forms (the Plaxo info and buttons do not show up).

    And lastly, about the ‘closing’ example; it’s not so much the “thanks” word that I have a problem with, but rather the fact that many of us would never sign off with our full names in any personal correspondence.  Can you imagine sending an e-mail to your sister or your parents, signed with your full name?  Though this may seem nit-picky, the out-of-place formality may trigger peoples’ mental spam alarms and credibility concerns.

    Anyway, thanks again for your note, and have a great week.

  4. Mike Marini Avatar

    I have to admit that I’m one of the people that
    are uncomfortable with being connected to Plaxo.

    I have discovered that once you install the Plaxo
    software, you can’t seem to get rid of it, or be
    taken off of the Plaxo database or mailing list

    It sounded like a good idea, but once I realized
    that it wasn’t going to be helpful to me, it won’t
    go away… that doesn’t raise my trust level in
    regard to how my personal information will be
    protected…

  5. Rosalind de Vera Avatar

    Hi Adam,

      I am the QA Manager at Plaxo. I entered your concern about not being able to jump to contact by hitting the first few letters into our bug tracking system. The developer responded with: I think you can already do this using the ‘search’ bar on the web client.     Please let me know if this is sufficient. Thanks again for using our product.

  6. Adam Avatar

    It’s cool to see that Plaxo folks are reading and responding to this!  Much appreciated 🙂

    With that said, I do recognize that the Web client surprisingly offers some additional functionality over the Outlook client, but IMHO that’s not all that useful.  The Outlook client is, or at least should be, a more convenient way of accessing and manipulating contact data for those of us who have and frequently use Outlook.

    Also, I think a more urgent thing to address would be Mike’s concern.  I’ve heard this mentioned in a few other places (people having troubles uninstalling Plaxo), and while this may simply be very isolated instances, I think it’d be worthy of checking out and solving 🙂

    Thanks again for stopping by!

  7. Marlen Avatar

    Great article, and a good counterpoint to my own rant:
    http://www.radicalapathy.com/mt/archives/journal/000129.html

    Unfortunately, I just don’t see how anyone can get past your first negative point:

    1) Privacy issues

    Until Plaxo lets people remove themselves from the system that they never voluntarily entered their information into, i consider the product broken. This can not be an afterthought. It is a serious violation of trust for anyone to give away your contact details without asking you first. And Plaxo encourages that behavior without giving people the ability to opt themselves out.

    When and if this is fixed, I will rescind what I said about it. Unfortunately, i don’t think Plaxo has any plans on doing that. And I fear that deep down they know that to allow people to opt out would cause a substantial decrease in Plaxo’s value. So they will claim technical difficulties, and those of us who care about our privacy will be left in the cold.

    You seem to casually make the point as a small downside. To many people, this is a very large downside.

  8. Adam Lasnik Avatar

    Hi Marlen,

    I’ve done some more thinking about this point, and while I can understand your concern about having your personal info in a system that you personally didn’t opt into, I don’t quite get the specific targeting of Plaxo.

    At this very moment, I bet your personal contact info is in the following places online:
    – Someone’s AOL addressbook (which, I believe, stores your data on their server)
    – On the Web via a Yahoo addressbook sync
    – In various peoples’ PDAs (which, alas, get stolen all the time—mine did, along with all my friends’ personal contact info!)
    – In a TON of peoples’ Outlook addressbooks on their personal computers… which, as you know, are highly vulnerable to viruses, trojan horses, and so on.

    Out of all of these, Plaxo to me seems the most secure, and the company with the strongest privacy policy… not to mention the most to lose with a data leak!

    Why single them out?  I’m honestly curious to know why you (and, to be fair, apparently many others) are especially concerned about having your info on Plaxo when it’s already irretrievably on so many other servers and desktops and PDAs around the world.

  9. Marlen Avatar

    Adam,

    I answered on my site: http://tinyurl.com/yrden. While I understand your point – the security of our contact data is obviously in question in numerous ways – I don’t see that as an effective argument against not wanting it to be any more exposed. Plaxo is an unnecessary possible security breach. That fact remains, no matter how many other breaches are in existence.

    I believe Plaxo is singled out because no other system is obnoxious enough to ask us to fill out our information into it, exposing the fact that they already have most of it, without our permission. They confront us with their audacity. I assure you, if I got multiple emails from AOL asking me to fill out my contact details, the article would have been about AOL. The second reason they are singled out is that no one has any idea who they are. And internet start ups have bad reputations for failing. A failure of Plaxo will make their database an asset that will be sold to the highest bidder. That is not a comforting thought.

    I do agree with you that Plaxo is not bad right now. And that it provides a useful service. In three years, if they show a positive business model and have consistently proved that they can be trusted, I may very well become a convert. Until that day, I think people using the service are a bit naive. My friends and I have all worked at companies that when faced with poor profit margins have done things that they said they would never do, at the expense of their users (About.com springs to mind). All it takes is a lawyer to rewrite the privacy policy and send an email to the users. Most of whom won’t read the email, or won’t care. And the shame is that those of us who do care, and never agreed to use Plaxo in the first place, would still have our information exposed without our consent. That sucks.

    I would be careful with Plaxo if I were you. Sometimes a wait and see attitude is the best attitude. Especially if you are risking not just yourself, but your friends as well.

    And I reiterate, if Plaxo begins to enable people who have been entered without their permission to have their info removed, then I would have little to complain about. But they are not going to do this. I feel this is a significant problem, one that essentially makes their service unworthy of recommendation, no matter how good some of its upside features are.

    [I tinyurl’d the URL so it would fit better – Adam]

  10. Adam Avatar

    Okay, now I better understand where you’re coming from.  In this case, it’s a difference in trust levels and comparative weighting of risks and benefits. 

    Just to address one more of your points directly, about Plaxo ideally enabling people to have their info removed from their system… you should know that if someone complains to Plaxo, they will send a note to those who have the concerned-party’s info in their addressbooks, asking them to remove that person’s data (so it is no longer sync’d).  I frankly don’t see how Plaxo could handle this better; if they simply removed the data upon request, people could spoof such requests, and additionally, those people who had their friends’ data in their contacts list would be possibly baffled and upset about having this data erased without their consent.  So it’s sort of a lose-lose proposition for Plaxo, I’m afraid.

  11. Marlen Avatar

    We’ll agree to disagree then. But if you have any paranoid friends, they’d probably side with me on this one – so you might want to be a nice guy and ask them if they are okay with it first. Courtesy.

    Perhaps Plaxo could do that. Perhaps Plaxo could send an email that says, “Hey, a friend of yours has put your contact details into Plaxo. If you want to help him out, fill out your up-to-date details and press Submit. If you don’t want to be entered into the Plaxo service, Click Here”

    If a guy like me doesn’t want to be involved, he’d “Click Here” and have his record removed, at which point an email would be sent to the subscriber telling him his friend didn’t want to do it. Then we’d all be happy.

    Adam – How would this be a problem for Plaxo? And Plaxo – if you are reading – this step would remove the majority of your critics. If you really care about everyone’s privacy, as you maintain, why not take the extra step for your users?

  12. Adam Lasnik Avatar

    Marlen,

    While I understand your concern and your intent on this… I have to say that I think your ‘cure’ would be worse than the problem, at least from my personal weighting.  I can personally vouch for the vast majority of my friends that they’d find this exceedingly frustrating.

    “Why am I getting asked this?  He’s my friend… I don’t care what addressbook he puts me in.  Is this spam?!”

    and

    “Holy crap.  I have 3000 contacts.  I can put them in my Outlook, I can put them in my Palm Pilot, I can put them on My Yahoo… but I have to have every single one of them bugged about putting them on Plaxo?  WTF…?!”

    Unfortunately, Marlen, I don’t really think there’s any easy solution on this issue.  You firmly believe that people’s right to have their own personal information secured exactly how they want it to be trumps others’ rights to freely incorporate their friends’ and associates’ data in ways that accentuate convenience and such.  I disagree.  Adding the restriction you’ve suggested would highly favor perceived privacy over convenience.  I prefer the other balance.  And given Plaxo’s market, I have to imagine that Plaxo would feel similarly.

    P.S.—I do indeed have a few (confirmed 3 out of 631) ‘paranoid friends.’  I do not add them to Plaxo, I don’t send them online greeting cards, I don’t buy them any gifts online (to be sent to their house, at least), and so on.  I’ve learned my lesson 😀

  13. Marlen Avatar
    Marlen

    “You firmly believe that people’s right to have their own personal information secured exactly how they want it to be trumps others’ rights to freely incorporate their friends’ and associates’ data in ways that accentuate convenience and such. I disagree.”

    Then we are at an impenetrable impasse. Thank you for the discussion.

  14. Madhu Avatar

    I am working for NetAccess. We provide IT Support Services. We are testing out Plaxo services to incorporate our contact list for our Professional use. Please give some suggestions and advice.

What do you think?