In Plaxo-land, There’s Still Some Confusion

This Plaxo issue is confusing. But it’s still worrying.
 
Here’s the story so far: Plaxo is a way to keep your contacts up to date, and it works well and simply. But privacy has been an issue: Can you trust a company to keep your personal data — not just your own details, but all your contacts who also use Plaxo — safe? Plaxo have been quite convincing about this issue, which is why I and a lot of other people use the service: More than a million, according to their website.
 
But here’s the tricky bit: In recent months I’ve noticed that some contacts have been updating themselves in my address book without me giving them permission to do so — or even requesting it. The responses I’ve received from Plaxo have been of the kind you can see in the comments on one of my recent postings about this, namely, that can’t happen, it must be a user (i.e. my) error.
 
Now I’ve got a more complete, and complicated response from Stacy Martin, Plaxo Trust Officer. Stacy’s gone to some trouble to answer my complaint, and readily acknowledges the system isn’t perfect. And I accept that my earlier fear — that people I have never met, or put in my address book, may be adding their contacts — is unfounded.
 
But, without wanting to be difficult, I’m still not satisifed. The problem is this: Plaxo doesn’t just handle the contacts you assign to be updated via Plaxo, it accesses — and can alter, without your approval — your whole address book.
 
It’s complicated, but to try to boil down the argument I’ve paraphrased. I hope I’ve done it correctly: Plaxo, Stacy says, can only UPDATE entries that already exist in your Outlook/Outlook Express address book. It cannot ADD new entries unless you approve the action. This automatic update can occur in one of two ways:
  • If you and someone else have both agreed to allow update requests, or
  • Your address book contains at least the e-mail address of another Plaxo member who has granted other Plaxo members access to his information contained on one or both of his cards.
It’s this second one that is causing the problem. It sounds complicated, I know, but it comes down to this: If you have in your Outlook or Outlook Express address book anyone who is also a member of the Plaxo network, whether or not you request it, that person’s contacts will automatically update themselves in your address book. This leads, as you may imagine, to some surprising results:
  • All the people in your address book — automatically added by you manually, your email program (Outlook versions prior to 2002 had this feature), or any other program interacting with your address book — can now be altered remotely by those people, so long as they are Plaxo subscribers (In one case a contact was not only altered but the name given to that person — his actual name — was altered, making him, er, hard to locate);
  • This appears to override your original settings, that is, the list of people you requested updates from when you first configured the program.

In short, with Plaxo you’re no longer in control of your address book. Signing up to Plaxo means your whole address book is accessible by Plaxo (and presumably stored on their server, not just those contacts you’ve chosen to update via their service).

Stacy readily accepts some of this is confusing, and says we feel there is much more work we can do on our end to make this action more clear and understandable as to not alarm the member. Hopefully, future versions of Plaxo Contacts will make this more evident.”

That’s a start. Here’s my tupennies’ worth:

  • I think other Plaxo users would be as surprised as I to find out that Plaxo has a complete record of, or access to, our address book, whether or not we submitted all those contacts to Plaxo initially, and
  • that as a result people we have not contacted have updated themselves in our address book, without our permission.
  • How does Plaxo ’synchronise’ our contacts? Is this done only with those contacts marked as ones we have agreed to update via Plaxo, or is it all of them?
  • What about the embarrassment quotient? What happens, for example, to contacts we have at some point deleted from our Outlook address book? Is this information — the deletion — passed onto onto the Plaxo-fied contact?

The bottom line here is, in my view, that Plaxo have got to give much greater control to the user as to who and what is updated in the address book. My assumption was always that those people we’ve not selected to update via Plaxo would not be updated, or even accessed, by Plaxo. And to me the logical idea would be that if that did happen, we would get the chance to scotch such updates and sever contact with that person if we so desired. I’m relieved to know that Plaxo folk aren’t able to add themselves to my address book without my sayso, but I still believe there’s a lack of user control over who gets to update what.

Plaxo is a great concept, and a good service, but it must abide by its own promises, like this one: ”At all times, members of the Plaxo Contacts service control how their information is used and with whom it is shared.”

30. January 2004 by jeremy
Categories: Software, apps | Tags: , , , , , , , , | 5 comments

Comments (5)

  1. Response from Plaxo

    Short answer: This is a reasonable feature request, but not something that comes up very often and there’s a simple solution already.

    Problem: People in your address book (that you have consciously added to your address book) are also using Plaxo. These people have created their Plaxo contact info (“Plaxo cards”) and this is now appearing in your address book as planned (this is Plaxo doing it’s sync thing). In a very few cases, these people (who you know) have entered contact info that you did not like (e.g. weird title).

    Solution: Plaxo assumes that you trust your friends to know their own contact info better than you, and therefore accepts the info. However, if you don’t like it, you can change it to whatever you want since Plaxo accepts your “manual” changes over the data coming from the user. Note that this requires you to re-enter the data.

    Conclusion: We have considered adding an “approve/reject” feature to Plaxo to enable users to approve the contact info coming in from the contacts. However, this has not been making the feature cut since very few people have asked for it. This is because in 99.9999% of the cases, the user enters reasonable info.

    Important note: Plaxo stores BOTH the info that you entered for the contact AND the contact info entered by the contact. However, we have not created UI to enable you to revert or switch back and forth yet. This is something that we will get to eventually.

    See more comments below:

    Jeremy: “How does Plaxo ‘synchronise’ our contacts? Is this done only with those contacts marked as ones we have agreed to update via Plaxo, or is it all of them?”

    Plaxo: All of them. As I said, in most cases this is not an issue. With over 1.3M users, we have had very few people complain about this. REGARDLESS, the accept/reject feature is something that we will probably get done this year.

    Jeremy: “What about the embarrassment quotient? What happens, for example, to contacts we have at some point deleted from our Outlook address book? Is this information — the deletion — passed onto onto the Plaxo-fied contact?”

    Plaxo: No. Plaxo does not pass on deletion or permission changes to the other user — that would be bad. We have been very careful about these embarrassment issues.

    Jeremy wrote: “… Plaxo is a great concept, and a good service, but it must abide by its own promises, like this one: “At all times, members of the Plaxo Contacts service control how their information is used and with whom it is shared.”

    Plaxo: Thanks for the support.

    Rikk Carey
    vp of engineering
    Plaxo, Inc.
    rikk@plaxo.com

  2. Awful, horrid, nasty, and rude. Plaxo is brought to you by a founder of Napster. Trust them with my data? Never.

  3. Question 1: My company is thinking about using
    plaxo, and my quesition is. “If everyone in the office is network together and sharing all contacts, how will plaxo work?”

    Question 2: If by chance a hacker (i.e. virus) does get through Plaxo and sends out to all
    contacts via e-mail, What does plaxo do to prevent that?

  4. Hi,

    If Plaxo is installed on a client PC running outlook xp with an Exchange 2000 backend is it possible for plaxo to access the global address list held in exchange?

    Thanks.

  5. Hi,

    Plaxo is an amazing great tool to manage an adressbook. I use it since a few months and I am really happy of doing so.

    However, in France too the use of Plaxo gives rise to a real debate: is Plaxo’s system and are Plaxo’s users respecting the Laws as far as individual rights are concerned.

    An EU-law (directive) goes as far as writing that nobody is allowed to transmit “personal data” like contacts of an addressbook to a Third without having first noticed each of the contacts.

    What’s the case in the US? Have you ever heard of the point earlier?

    Please do not hesitate do write a comment on my Blog on http://is-plaxo-good-or-not.blogspot.com

    Many thanks,
    best regards,
    Vincent