Plaxo just doesn’t get privacy
Plaxo is the very cool on-line address book app that keeps you up to date with all your friends addresses, and them up to date with yours.
But recently I was flabbergasted to find that my Plaxo “add me” page, containing all my information, was being indexed by search engines. Not only mine, but other people’s as well. Just try the query site:http://www.plaxo com bob.
I was equally astonished at the response I got when I reported this obvious violation of privacy to Plaxo’s “privacy officer”. S/he informed me that it was my problem: after all, I had invited Google to index the Plaxo page by including a pointer to it on my own home page (which I did).
I quoted to them a line from Plaxo’s own privacy policy, that “your Information is your own and you decide who will have access to it.”
The unbelievable response was:
Correct. And my point is that if someone has posted the link to their Add_me page publicly, then they have to understand that public bots will likely find and attempt to index this information. This would be similar to the user creating their own page with their information and a link to the page. By allowing robots to follow the link, it makes it one step easier to contact the individual.
Guess what, Plaxo, there’s a huge difference here. I can take down my page at any time, or I can tell Google not to index it or cache it. But once my address info page on your site is indexed, it always will be. I don’t “have to understand” anything other than that you don’t know what a robots.txt file is.
But can’t I just take down my Plaxo “add me” page, solving the problem (except for the Google cache)? Oops, not so quick.
Changing or taking down the add_me page, once created is a enhancement request that we’ve targeted for a future version of the Plaxo server. Unfortunately, the only method of taking down this page that currently exists is to recreate your Plaxo account.
Worse yet, I found in the Google index a link to a page which allowed me to change someone else’s address book entry. Plaxo’s lame response to me pointing this out was to say
But as there is no benefit to indexing these pages, we will correct this problem.
When I re-iterated, in my fourth e-mail exchange, that “I continue to believe that you should not let searchbots index add-me pages”, the “privacy officer” responded:”
Point taken, and I’ll bring it up for discussion with Engineering, but I do not foresee changing the existing functionality.
Huh? You need to talk to Engineering about adding one line to your robots.txt file? Let me help you out here. All you need is:
Disallow: /add_me
Plaxo is a useful concept, but we can’t possibly use it until they “get” privacy issues.
March 7th, 2005 at 10:42
Bob – I am the Privacy Officer that you’ve been correspondending with. I’m sorry that you feel my responses to your questions were inadequate, but I believe they are accurate and honest.
You do decide who can access to your information. If you chose to create a public link to your add_me page, this page can be found and indexed by anyone that can find that public link. Without this public link, the page is not retrievable.
And yes you can take down this page, quickly and easily. I was simply trying to be forthcoming that the current method is not the most elegant solution, but it will have no impact on any current information you maintain. We will improve this in future releases, as well as look into providing individual users the ability to specify if they wish the page to be indexed and cached.
And as for adding one line to our robots.txt file, this would be true if we wanted to fully disable the ability for people to have their add_me page indexed. But how do you handle people who wish this page to be indexed so it can be easily found when someone “googles” their name. If someone wishes to create a public link to their add_me page, the initial design and intent of the add_me page was to allow it to be found. Perhaps this is not appropriate for everyone, but many members appreciate this ability.
And as I noted in our previous correspondence, in order to protect the privacy of the individual, we have obuscated the information on the add_me page so as to make it difficult for bots to gather the specific details on this page.
But if after this and our previous correspondence, you feel that Plaxo is not appropriate for you, please note that you can delete your account at any time by going to:
https://www.plaxo.com/delete_account
and click the Delete My Account button.
If you have any further questions or concerns, please let me know.
Thank you,
Stacy Martin
Plaxo Privacy Officer
privacy @t plaxo.com