Log in

No account? Create an account

Previous Entry | Next Entry

A few weeks ago I heard about this website called "UpScoop" (Won't give the link, but you can find it easily enough) which offered to check your address book and see what social networking sites your contacts are using. I hesitated about trying it for several reasons: the sites I use most (LinkedIn and Facebook) have pretty decent lookup services of their own, and I was not especially interested in extending this sort of drain on my time.

But I was convinced to give it a try, mainly because their assurances on the privacy of my data appeared pretty watertight. At that time, the following statements, dated 10 April, still appeared on their website privacy statement (scraped from a Google cache as the original page has disappeared):
We will not email or contact any email address obtained from address books.

Upscoop does not email, contact, or spam any friends from an email address book.

Upscoop does not sell, rent, or lease email addresses to partners, clients, third-party marketers, or other third parties.
That all seemed to me pretty watertight, though I did a bit more due diligence by checking around its reputation in the blogosphere and it seemed to be OK. So I let it run through my address book, which found actually very little that I didn't already know (I think two people who are on Livejournal, and that's it; also it introduced me to the rather useless Hi5.com social networking site).

NB however that for a lot of you, my address book includes your real name along with your normal address. There was nothing in UpScoop to suggest that they were scraping real names as well as email addresses, let along that they were retaining that data to set up their own new service.

Boy, was I wrong.

Given the fact that almost everyone I know seems to have received an email from UpScoop's parent company RapLeaf this week, and that the UpScoop privacy policy has now been scrapped along with all of the above crucial reassuring sentences, I can only assume that a) they retained all my address book details, certainly including personal names, for their own use and b) they then themselves ran it through their system as part of setting up the new RapLeaf service earlier this week (since I haven't been near it for weeks).

This is extraordinarily scummy behavior.

Having got hold of my address book on false pretences, they have then used it to market their own business, in the course of which they have intimidated and harassed my friends.

I am sorry to all of you for having believed their lies, and thus being indirectly responsible for them spamming you earlier this week.

I would be very interested to hear from American lawyer types as to whether I have any case against them.

I am posting a reference to this entry to every recent blog entry on RapLeaf I can find.

Edited to add: I see that RapLeaf have now posted a public apology, which includes hat-tips to rfmcdpei and sevenorora. Good for them. I'm still hopping mad, though; it doesn't explain their apparent retention of data from my address book for their own commercial purposes.



( 48 comments — Leave a comment )
Page 1 of 2
<<[1] [2] >>
Sep. 7th, 2007 07:22 am (UTC)
Thanks for the info. Since I try to keep my LJ name and real name separate, and have be wracking my brain as to how the two might have been linked, I'm glad it's sorted out.

I take it you'll be removing real names from your address book?
Sep. 7th, 2007 07:24 am (UTC)
I am sorry to all of you for having believed their lies, and thus being indirectly responsible for them spamming you earlier this week.

No worries. It happens. Makes a change from the gender-incorrect spam that I ususally get! :)
Sep. 7th, 2007 07:26 am (UTC)
Do they still insist on snail mail opt-out?
Sep. 7th, 2007 07:32 am (UTC)
No, you can now opt out by email.
(no subject) - annafdd - Sep. 7th, 2007 07:47 am (UTC) - Expand
Sep. 7th, 2007 07:42 am (UTC)
It makes more sense now!
Sep. 7th, 2007 07:50 am (UTC)
Thanks. It may explain a rather nasty peice of anonymous comment on my lj yesterday. It contained my real name which was particularly strange.
Sep. 7th, 2007 08:41 am (UTC)
Thank you for commenting on my post so I could find all the information contained here.

The developments regarding the emails and change of privacy policy highlights the fear that I was talking about, what is a privacy policy really worth if they can annoy thousands of users with unsolicited emails, completely scrap the privacy policy they had earlier published, create a new privacy policy, then say sorry on their blog?

This is not just a problem with RapLeaf - a privacy policy should be transparent and binding.
Sep. 7th, 2007 08:51 am (UTC)
My email may be in your Outlook address book from recent correspondence, but I don't *think* I had a notification from Rapleaf. However, I may have done, and junked it as spam.

Does anyone know a safe way I can inquire whether I'm in Rapleaf's database, without typing my details in and therefore alerting them to my existence? Or should I just keep shtum and count my blessings?
Sep. 7th, 2007 12:35 pm (UTC)
I should keep shtum if I were you!
(no subject) - drasecretcampus - Sep. 7th, 2007 01:45 pm (UTC) - Expand
Sep. 7th, 2007 08:52 am (UTC)
No problems on my part, as you really can't be held responsible if someone outright lied to you. It is, however, a bit odd to see that they've already got this much information about me. Still, I'm one of the people who always puts my name on things, so I can see how they would manage to find it all. What's really interesting is that they've managed to put the fadas in the right places!
Sep. 7th, 2007 09:18 am (UTC)
It's still scummy of them; the apology completely doesn't cut it. They didn't even apologize for scraping the addresses--just for sending the e-mails.

The e-mail address they have for me--the Livejournal one--can't even be replied from, and shortly I won't even have it anymore. I sure as hell don't want to give them another address by sending e-mail from a main account, so they have victims a bit stuck.
Sep. 7th, 2007 09:25 am (UTC)
Another thing that bothers me about them is that it's a flat-out lie that you have to have an e-mail address to search someone by. The pages are set up under someone's real name, so typing in "http://www.rapleaf.com/pub/firstname-lastname" for anyone turns up their page. :P

AND they make you delete information by e-mail address rather than by name, and they don't let you do it preemptively. I can't request that they delete my information until someone has already searched for it.
(no subject) - deannahoak - Sep. 7th, 2007 01:46 pm (UTC) - Expand
(no subject) - redfiona99 - Sep. 7th, 2007 02:11 pm (UTC) - Expand
(no subject) - deannahoak - Sep. 7th, 2007 02:26 pm (UTC) - Expand
(no subject) - matgb - Sep. 7th, 2007 04:36 pm (UTC) - Expand
(no subject) - deannahoak - Sep. 7th, 2007 06:46 pm (UTC) - Expand
(no subject) - matgb - Sep. 7th, 2007 06:52 pm (UTC) - Expand
(no subject) - deannahoak - Sep. 7th, 2007 03:15 pm (UTC) - Expand
removing oneself from rapleaf - (Anonymous) - Sep. 7th, 2007 03:12 pm (UTC) - Expand
Sep. 7th, 2007 09:20 am (UTC)
Ah, that's how they connect my lj to my surname. I was wondering. Not-directed-at-you Grrrr.
Sep. 7th, 2007 09:55 am (UTC)
Absolutely not your fault, Nick, and thanks for the heads-up.

"It is humbling being wrong, and we’ve been wrong a lot at Rapleaf."

Their apology is that of a company that admits to being consistently "stupid", and are desperately trying not to be even more stupid and offensive, which they also admit is very probable. How they honestly expect anyone to have any confidence in them as a business is completely baffling.
Sep. 7th, 2007 11:09 am (UTC)
All of this says *AVOID* in big flashing letters regarding Rapleaf and any other company this Auren character is involved with. "We're a young company and we didn't know any better" is no excuse - anyone with half a brain can see that the way he's been grabbing at private data is just plain wrong (and probably quite illegal). This guy portays himself as an entrpreneur, his companies have big name investors who will have done due diligence. This is not some teenage kid in a back bedroom saying 'whoops'. I do not believe that no-one considered the privacy issues here, or bothered to think about the legalities. This was just a blantant landgrab, and one that has hopefully blown up very badly in their faces.

Yeah I'm angry these scumbags have stolen private personal data (and at the time of writing I have yet to receive any assurance it has been permanently deleted from their systems). I don't think it was just down to you - they seems to have grabbed at least one e-mail addy I've never given to you.

I will say that it is never a good move to give your e-mail password out to a third party (or any other login details), no matter what the reason, and I'd advise you to go and change it immediatly if you haven't done so already.
Sep. 7th, 2007 11:45 am (UTC)
I threatened them with reputation-destroying
by pointing out that I *have* a reputation online already, thankyouverymuch, one that is way older than theirs and way more trusted in my comms, and I could easily post a diary at one of the larger political blogs and get them vast amounts more of negative attention than they already have gotten, and they deleted my profile without a peep about having to send in snail mail, which I also pointed out to them that as someone who has worked in database maintenance back in the days of DOS only, I knew was simply bullshit for them to claim as necessary. I see they've also taken that requirement down wholesale, although I cant claim that my threats to further trash them online if they didn't stop making people jump thru that hoop (a clear effort to dissuade people, just like the hoops for sending in rebates) were the clincher in their decision.

The unctuous tone of the groveling apology doesn't fool me, either. I worked with a guy who thought "How To Win Friends & Influence People" was gospel, and he would pull this kind of shit all the time - the overstepping of boundaries, the bullying, the arrogant "I know better than you what's good for you" and the cringing Gollum-impersonation and fulsome proclamations of having had "a learning experience" when enough people responded to make him realize that he couldn't get away with *this* time-yeah, there are enough old internet hands involved in this whole project on so many levels that for them to claim they were just wet-behind-the-ears babes in the woods rings smarmily hollow...
Sep. 9th, 2007 07:44 am (UTC)
Re: I threatened them with reputation-destroying
Having read the Valleywag articles about him, I think your characterisation of the CEO's apology is spot-on!
Sep. 7th, 2007 11:49 am (UTC)
Thanks Nicholas
Am most relieved to find where they got the info from...

Anne (www.belgianwaffle.net)
Sep. 7th, 2007 12:06 pm (UTC)
More on the Smarm Factor
I wondered at the egregious breast-beating of putting a long list of all the people who have criticized them at the end - you know why they did that?

For the trackbacks.

Now anyone who comes across and reads one of those posts about their clusterfuckery via Google etc, will also see the link at the bottom to Auren's apologia.

Sneaky. And very very clever, in a Gollum-y way.
Page 1 of 2
<<[1] [2] >>
( 48 comments — Leave a comment )

Latest Month

February 2019


Powered by LiveJournal.com
Designed by yoksel