It seems that there’s renewed interest in Plaxo, the contact sharing service that has attracted attention both for its inventiveness and its privacy implications. First off, a reader from France, Vincent Prêtet, wrote in comments to a previous post that
Plaxo is an amazing great tool to manage an adressbook. I use it since a few months and I am really happy of doing so. However, in France too the use of Plaxo gives rise to a real debate: is Plaxo’s system and are Plaxo’s users respecting the Laws as far as individual rights are concerned.
An EU-law (directive) goes as far as writing that nobody is allowed to transmit “personal data” like contacts of an addressbook to a Third without having first noticed each of the contacts.
Vincent asks whether any similar case being made in the U.S. He’s also started his own blog on the subject (in French).
Another reader has sent in a screen capture from Zone Alarm that seems to indicate Plaxo “does much more than just collecting personal info”:
I’ve asked Zone Labs about this message, who offer the following:
Yes, it does appear to be one of our alerts. The “Enables Plaxo to Securely Integrate with Outlook Express” is probably the name of Plaxo’s process that that triggered the alert. The rest of the copy is the standard message for all “suspicious” alerts. The idea is to let consumers know when a process is occurring that we believe can have security ramifications and let them choose to move forward or not. One of our primary goals is to make sure people have control over what installs on their PC.
Let me know if you’d like me to check with our security team on Plaxo specifically, but typically with the OSFirewall we aren’t looking so much at specific programs, more at the actual behavior of a process (at a glace, I suspect any program that tries to integrate with Outlook that we don’t have specifically whitelisted would trigger the same alert).
At first glance, then, it looks suspicious. But on closer inspection I feel this is more a case of Zone Alarm being a bit too alarmist, or at least not building up a decent database of programs it can whitelist. Plaxo is not exactly a new kid on the block, and although I have my reservations about what Plaxo does, I’m not sure it’s tracking keystrokes, mouse movements or other ‘user behavior’.
Doubtless Stacey, Plaxo’s privacy officer, will weight in shortly on this!