Plaxo Drops the “Hi, I’m updating my address book” Email

Plaxo is dropping the “Hi, I’m updating my address book. Please take a moment to update your latest contact information…” email which has, over the past three years, raised more than a few hackles. (What is a hackle? And can they ever be in any other state than raised?) Anyway, people (including myself) have objected to the rather cavalier way that Plaxo software would send these update requests out to people. Writes Tom, one of the founders, on the Plaxo blog:

Obviously, a lot of people loved this feature, but some people did not. Journalists, A-list bloggers, and anyone else who is known by more people than they know were inundated with requests. We quickly responded by adding opt-out and throttling features, but we’ve always known that the update requests were a means to an end — our goal has always been to get as many members as possible so that these e-mails were unnecessary. And it looks like we’re finally getting to that end.

Plaxo now say that’s not going to happen anymore, because there’s no need:

As of last week, we’ve past 10 million members. We are now growing at over 50,000 users a day. Due to this great growth, the depth of our network, plus our heartfelt desire to be good net citizens, we have started phasing out update requests.

This feature will probably always exist in some form, but we are no longer aggressively pushing new users to send out e-mails and are adding restrictions to prevent existing users from sending out large batches. Within the next six months (allowing for releases and upgrades to our base), you should see these messages drop to a trickle.

This is good news. I wonder, though, about the 10 million members thing. After resuming my Plaxo account the other day I got the distinct impression that a) there were quite a few new members from among my contacts on Plaxo but not a massive amount and that b) a lot of those members were not actively updating their contacts. Indeed, it’s not clear to me how one can tell whether an account is dormant, and if so, whether the information that is being updated to your contact list is current or not. (I guess in some ways this may actually reduce the effectiveness of Plaxo, in that your updated contact details for a person may be overwritten by those in a long dormant Plaxo account.) (I just asked Stacy Martin, Plaxo’s longsuffering and patient privacy officer, and he suggests users who no longer update their Plaxo account delete by going here. )

Anymore, I don’t want to be churlish. It’s good news that Plaxo is phasing out those emails. I can understand their predicament; the product’s usefulness grows the larger the more people use it, so the emails were an important part of spreading the word. Trouble was, some folk found it irritating. Hackle-raising irritating.

The Unintentional Narcissism of Plaxo

Plaxo is beginning to irritate people again. Now it’s David Weinberger, who is back to hating Plaxo:

Today I hate it again. I got an update notice from someone and noticed that my own info was out of date. So I took the seemingly innocuous step of updating my phone number.

Lo and behold, Plaxo apparently took that as a command to send mail to everyone in my address book (actually, I don’t know whose address book) that I have new info that they simply must attend to. I am, I seem, an inadvertent Plaxo spammer and unintentional narcissist.

What’s interesting here is the thread that follows: The tireless Stacy Martin, Plaxo’s privacy officer, jumps into the fray to try to explain what has happened. I don’t envy Stacy’s job: While Plaxo may not mean to be intrusive, and in David’s case didn’t behave quite as badly as he’d originally suspected, it clearly hasn’t fully addressed the issues that were irritating users two years ago.

The crucial thing here, I think, is not so much privacy of data as giving the user full control over how they present themselves to others. I get several requests from Plaxo users every month, and I ignore all of them. But how many of those requests are sent with the full knowledge and understanding of the user? Not many, I suspect. These folk’s public image — how they appear to all their contacts — is being largely determined by a piece of software.

Pretty much everyone is going to have in their contact database a range of folk from close friends to important sources you’re careful not to overburden with casual contact. What you don’t want a contact updater to be doing is to start sending out emails on your behalf without you being in full and easily comprehensible control. If someone like David can’t figure out the process and ends up feeling like an “unintentional narcissist”, what chance do the rest of us have?

Plaxo Gets A Pounding

It seems Plaxo has been given a bit of a drubbing at the PC Forum.

Jason Calacanis of thespamweblog reports about how Plaxo’s Tim Koogle has been hit with questions about the company’s concealed business model, its intrusiveness, and why people should trust Plaxo, or the future owner of Plaxo. People even hissed when Plaxo was mentioned during Tim Koogle’s introduction.

But a poll of the audience revealed the software’s most obvious problem: It looks and feels like spam. Asked how many people had erased Plaxo requests almost everyone raised their hand, Jason writes. When asked if they had deleted more then 10 almost everyone kept their hands up. “Not a shock, and it is certainly not spam—but it sure feels like it to people,” Jason concludes.

More on Tim Koogle’s reception here, along with a response from the tireless Stacy Martin, whose job as ‘Plaxo Privacy Officer’ must have sounded a lot easier than it has turned out. Stacy reports that Plaxo will be adding a feature to address one of the biggest turnoffs: That even if you answer one ‘contact update request’, you’ll still get more.

I’m (slowly) building a resource on Plaxo issues here.

Does Plaxo Have My Data?

Here’s more on the Plaxo discussion about the security of data held by the contacts managment service.

Plaxo has kindly responded to my earlier post about the security issue raised by Britain’s Lodoga (their comments are definitely worth reading). I’ve also had a chance to talk to the folk at Lodoga about the problem. One or two points worth making.

  • Lodoga point out it’s not just Plaxo that are — or were; they moved quickly to fix the problem – vulnerable to this kind of attack. Many, if not most, websites that use forms are. So Plaxo could quite reasonably claim they’re being unfairly singled out here.
  • Plaxo say that the vulnerability is limited to specific attacks on specific individuals. This could be misleading. As Lodoga points out, it’s the very specificity of the attack that’s worrying. In such cases, and like some phishing cases, the attack could be aimed at certain companies, and certain individuals, in order to extract data for more complex and broad attacks (for example, to impersonate someone to hijack data, fool other people into giving up data or even control a website). Just because the vulnerability is limited doesn’t mean it’s not a vulnerability.

Plaxo ‘correct’ a couple of points in my earlier point, which themselves need clarifying. It comes down to a couple of basic questions:

If I use Plaxo, is my address book stored on Plaxo’s servers?

Plaxo quote me as saying ”that information will be stored in Oliver’s contact details on Plaxo’s servers in addition to whatever data he adds”, and respond thus: ”Storing a person’s address book on our servers is an option, not a requirement for using the service (we refer to this as web-enabling your address book).  Users can select this option when installing Plaxo, or change this option anytime through their preference settings.  Enabling this option has certain benefits such as automatic backups, quick restore capabilities, enhanced synchronization capabilities and Web access, but it is still an option.”

Well, up to a point. It’s true that as a Plaxo user you can elect to prevent your contacts from being stored on Plaxo’s computers. But once again, it’s not a straightforward process, and unless my configuration is weird, having your data stored at Plaxo is set as a default, as far as I can work out, and the option to change it can only be found in the ‘Advanced’ tab of the Preferences window. What’s more, the option is called ‘Allow web acccess to contacts’ (i.e. not ‘Store copy of your contact data on Plaxo servers’, or something more explanatory. If you try to uncheck it, you’ll get a warning message: ‘Are you sure you want to disallow web access to your account? Doing this will also disallow you from synchronizing your address book on multiple computers and disable much of Plaxo’s functionality.” It then gives three options: Yes, No and Cancel (what’s the diffrerence between No and Cancel, exactly?) All this is hardly a way to reassure the wary. (If you do go ahead and uncheck this option there’s no way that I can see of confirming that your data has been removed from Plaxo’s servers; synchronizing your data does not result in any message to incidate the deletion has taken place.) My verdict: This option is not transparent and only likely to be pursued by the more advanced user. It needs to be more clearly presented, the warning dialog needs to be rephrased (or preferably removed, since it tries to dissuade the user from selecting it) in the early stages of setting up data.

Plaxo make a couple of other points in this regard: You don’t have to Plaxo your whole address book, just those folders you want to. True, but within those folders — and for most users, that means their complete address book — there’s only two states: all stored at Plaxo, or none.

If I don’t use Plaxo, what can I do to avoid having my data stored at Plaxo?

First off, the issue is: How do I find out if Plaxo is storing my data? I wrote: “There’s no way for a non-user to tell whether your data is being stored at Plaxo unless you email all your contacts” to which Plaxo adds: “Well I suppose this is only partially incorrect.  This statement is true regardless of Plaxo – there is no way for anyone to tell whether your data exists in someone elses address book.” 

The only ‘incorrect’ bit of the statement I can find in Plaxo’s answer is this: You could also find out whether your data is being stored at Plaxo if you receive an update request from someone who uses Plaxo. Plaxo’s Stacy Martin says, “Personally, I feel this is one of the benefits to receiving Update Requests from Plaxo members.  The Update Requests at least tells me who maintains my information.  It gives me cause to follow up with the person to request the remove my information if I desire (as you mentioned, we also provide this as a courtesy to make that request on your behalf).”

Once again, I’m not sure this is a plus. It comes down to what many users see as the intrusiveness of Plaxo. If you have to respond to an email to opt out of something — either by creating a fake contact, sending an email to your friend requesting they delete you from their contact list, or asking Plaxo to do it for you — then you have, in the eyes of many, abused their privacy. Many users have complained to me about receiving dozens of these ‘update’ requests, which are sent very, very easily from an unschooled Plaxo user. So any argument that posits these updates are a benefit is not going to be a popular argument, since it requires the recipient to take action to avoid further requests: An intrusive form of spam if ever there was one.

More importantly, Plaxo does not contradict the basic idea here, namely that there’s no easy way to find out if Plaxo has your data, and there’s no easy way to remove it if they are. Stacy’s response is philosophical: do we control our own data anyway, and do we have the right to ask others to delete our data if they do choose to store it? Well yes, it’s true to a certain extent. Any Tom, Dick or Harry can have our email address in their address book, and if we’ve learned nothing from recent viruses, it’s that our email address can pop up in the oddest of places.

But while this may hold true in the cases of individuals, Plaxo is treading on dangerous ground by arguing the same with what is a commercial service. Users are extremely sensitive about their private information being held by companies, governments and institutions without their knowledge or consent. In the case of companies the issue is particularly sensitive, for two important reasons:

  • Companies have shown that they cannot be trusted to stick to their promises about not making commercial use of that information, by altering privacy policies, by transferring ownership of the data to a company that has not made the same commitments about the privacy of that data, or just by misleading the user. The short history of e-commerce has been a disastrous loss of trust on the part of the public in this issue. So while you may not care that much about an individual holding your data in their Outlook address book, if a corporation has that data on their servers is quite a different matter. Users do care, and companies that try to sidestep the matter face a hostile audience.
  • Secondly, security. Lodoga has proven that web servers with web access are not safe places. Their theoretical attack has been plugged, but there are likely to be many more. It’s not a useful argument to say that such attacks are limited, and have to be specific to be successful. That is not the point. The point is that if you store your address book on Plaxo you, and everyone in your address book, are vulnerable. So, while it’s true that your personal data is never completely safe — someone could steal someone’s PDA which happens to have your address data on, say — having that same data stored on Plaxo’s servers is a different matter. It’s there, and everyone knows it’s there. It’s a clear target for someone looking to leverage such data for a broader attack.

So, I have to conclude that answering the question with a philosophical discussion about ‘ownership of data’ is steering the reader away from the core issue: Plaxo is a well-known, well signposted store of data that is valuable to others, criminal or otherwise, and that data may include your own personal data, without you being able to a) find out and b) do much about it.

It’s good that Plaxo go to the trouble of answering such questions, and I hope this post takes the discussion further forward. I should once again point out for the record that I still use Plaxo, although I’ve now disabled the ‘web access’ component, meaning, I hope, that my data — and any of yours which I happen to have in my Outlook — is no longer on Plaxo’s servers.

More On Plaxo, Privacy and Opting Out

This is likely to be the last exchange on Plaxo: Hopefully some of the issues that have concerned me and readers have been cleared up by this and other recent posts.

Plaxo have kindly added a comment in reply to my posting on how to avoid Plaxo, in which they’ve pointed out that they have added an opt-out feature, meaning that instead of receiving endless ‘reminders’ to update your contacts from users, you can avoid either specific or all such requests via a link in the update email. (This link takes you to a page offering three options: Blocking all update requests from that person, using an auto-reply feature I mentioned in the previous posting, or a ‘permanent opt-out’.)

This is good news, and thanks for pointing this out. Plaxo says in the comment, ”It’s right there in every Update Request sent and has been provided by Plaxo for some time now.” However, I’ve gone back through Plaxo updates requests and readers’ mail on the issue and can only find Plaxo update requests sent to me in December to have included this feature. Unless I’m mistaken, prior to that there was no readily obvious way to opt out, and I have received complaints as recently as October of readers receiving multiple update requests with no visible method of avoiding future ones. (The webpage that refers to this feature does not indicate when the option was added, but says the page was updated on December 23.) In emailed responses to questions, Plaxo’s Stacy Martin says this opt-out became a standard option in November.

I accept that Plaxo now makes it easier to non-users to opt out of future requests, and I can readily understand that it’s difficult to find the right balance. On the one hand you don’t want to bug people who don’t want to be bugged; on the other, the only way to do this is for those who want to opt out to register all their known email addresses with Plaxo, since the company has chosen to use email addresses as the best way to recognise and store individual records. If users want to opt out, some sort of record needs to be kept of their wanting to opt out, in the same way a spammer is (supposedly) bound to keep a record of people who don’t want to receive more spam from them.

That said, this opt-out feature could be easier to find on the Plaxo website. It’s not mentioned on the front page, as far as I can see. On the support page linked by Plaxo’s Trust Officer I could find no mention of it, or direct link there. It was not on the page of frequently asked questions. You can find information about the opt-out feature by, among other possible ways, typing in ‘opt-out’ or ‘optout’ into the search support box selecting either in the ‘all search topics’ option or the ‘Information for IT departments’ option. Performing the same search in the (more logical, in my view) ‘Troubleshooting’ or ‘Security and Privacy’ categories will not provide this link — except tangentially, for example at the bottom of one page referring to the question ‘Does Plaxo send spam to my contacts?‘. (Plaxo’s Martin demurs, saying “In looking at the traffic flow on our web site, we’ve found the large number of users looking for assistance go straight to using the search within the Help Center and search on all topics rather than browsing around or searching on a subset of topics… Searching for “opt-out”, “stop”, “opt”, “no mail”, “out”, “optout” all provide users the proper information on how to stop receiving update requests.”)

Finally, if you’ve made it to the opt-out page – or clicked on the opt-out link provided in the update requests I mentioned at the start — you’ll be warned against using this feature. Click on the link in an email and you’ll be told ‘If you choose this option, friends and contacts with important update e-mails will no longer be able to contact you using Plaxo’. On the opt-out page itself, you’ll be told, in bold:  ’Note that by permanently opting-out, friends and business associates can no longer request your latest information or send you their latest contact information’.

I find the wording of both messages somewhat alarmist to the casual user: Both seem to suggest that somehow people will not be able to contact anyone who accepts this option. I believe the wording could be better constructed to make clear that accepting this option is ONLY going to remove them from future Plaxo emails and not have any more disastrous impact on their social, business or family life. If someone has gotten this far to opting out, I think Plaxo have probably lost them as a potential customer and they should give up gracefully.

All this said, and despite some residual concerns about Plaxo’s practices, I remain a Plaxo user and have, on balance, found it to be very useful. It appears that Plaxo has been responsive to user concerns and tried to hone its approach. But there’s clearly some ways to go, and, at least on the opt-out issue, I think Plaxo could be clearer, by at least

  • posting a link on the home page,
  • marking it clearly on the support page and
  • by avoiding language on the opt-out page itself that may confuse or deter the casual user.

Plaxo’s Martin says they’ve already made some changes to accomodate these suggestions, which I emailed to her before posting here. It’s good to see that they are responsive to these and other concerns: Another feature that bugged readers, if my mailbag is anything to go by, was the way Plaxo kept a record of how many update requests were sent to any non-user, even if they weren’t from the same source. This kind of intrusiveness raised hackles, understandably, in that Plaxo appeared to be targetting prospective users and keeping tabs on them. Stacy says this feature was dropped last November.

In Plaxo-land, There’s Still Some Confusion

This Plaxo issue is confusing. But it’s still worrying.
Here’s the story so far: Plaxo is a way to keep your contacts up to date, and it works well and simply. But privacy has been an issue: Can you trust a company to keep your personal data — not just your own details, but all your contacts who also use Plaxo — safe? Plaxo have been quite convincing about this issue, which is why I and a lot of other people use the service: More than a million, according to their website.
But here’s the tricky bit: In recent months I’ve noticed that some contacts have been updating themselves in my address book without me giving them permission to do so — or even requesting it. The responses I’ve received from Plaxo have been of the kind you can see in the comments on one of my recent postings about this, namely, that can’t happen, it must be a user (i.e. my) error.
Now I’ve got a more complete, and complicated response from Stacy Martin, Plaxo Trust Officer. Stacy’s gone to some trouble to answer my complaint, and readily acknowledges the system isn’t perfect. And I accept that my earlier fear — that people I have never met, or put in my address book, may be adding their contacts — is unfounded.
But, without wanting to be difficult, I’m still not satisifed. The problem is this: Plaxo doesn’t just handle the contacts you assign to be updated via Plaxo, it accesses — and can alter, without your approval — your whole address book.
It’s complicated, but to try to boil down the argument I’ve paraphrased. I hope I’ve done it correctly: Plaxo, Stacy says, can only UPDATE entries that already exist in your Outlook/Outlook Express address book. It cannot ADD new entries unless you approve the action. This automatic update can occur in one of two ways:
  • If you and someone else have both agreed to allow update requests, or
  • Your address book contains at least the e-mail address of another Plaxo member who has granted other Plaxo members access to his information contained on one or both of his cards.
It’s this second one that is causing the problem. It sounds complicated, I know, but it comes down to this: If you have in your Outlook or Outlook Express address book anyone who is also a member of the Plaxo network, whether or not you request it, that person’s contacts will automatically update themselves in your address book. This leads, as you may imagine, to some surprising results:
  • All the people in your address book — automatically added by you manually, your email program (Outlook versions prior to 2002 had this feature), or any other program interacting with your address book — can now be altered remotely by those people, so long as they are Plaxo subscribers (In one case a contact was not only altered but the name given to that person — his actual name — was altered, making him, er, hard to locate);
  • This appears to override your original settings, that is, the list of people you requested updates from when you first configured the program.

In short, with Plaxo you’re no longer in control of your address book. Signing up to Plaxo means your whole address book is accessible by Plaxo (and presumably stored on their server, not just those contacts you’ve chosen to update via their service).

Stacy readily accepts some of this is confusing, and says we feel there is much more work we can do on our end to make this action more clear and understandable as to not alarm the member. Hopefully, future versions of Plaxo Contacts will make this more evident.”

That’s a start. Here’s my tupennies’ worth:

  • I think other Plaxo users would be as surprised as I to find out that Plaxo has a complete record of, or access to, our address book, whether or not we submitted all those contacts to Plaxo initially, and
  • that as a result people we have not contacted have updated themselves in our address book, without our permission.
  • How does Plaxo ’synchronise’ our contacts? Is this done only with those contacts marked as ones we have agreed to update via Plaxo, or is it all of them?
  • What about the embarrassment quotient? What happens, for example, to contacts we have at some point deleted from our Outlook address book? Is this information — the deletion — passed onto onto the Plaxo-fied contact?

The bottom line here is, in my view, that Plaxo have got to give much greater control to the user as to who and what is updated in the address book. My assumption was always that those people we’ve not selected to update via Plaxo would not be updated, or even accessed, by Plaxo. And to me the logical idea would be that if that did happen, we would get the chance to scotch such updates and sever contact with that person if we so desired. I’m relieved to know that Plaxo folk aren’t able to add themselves to my address book without my sayso, but I still believe there’s a lack of user control over who gets to update what.

Plaxo is a great concept, and a good service, but it must abide by its own promises, like this one: ”At all times, members of the Plaxo Contacts service control how their information is used and with whom it is shared.”