News leaked prematurely today about a new Plaxo Pulse feature that allows users to match Facebook contacts to Pulse contacts, and then import contact data about the matches into Pulse.
Plaxo has been testing the feature with a number of journalists and bloggers. It involves running a script against Facebook. You tell Plaxo your Facebook account credentials; Plaxo then goes in to Facebook, looks up every one of your friends, and pulls down their contact information.
Plaxo could have done most of the work via the Facebook API (and in fact we covered a startup called FriendCSV that does just that). But the Facebook API doesn’t allow exporting of a crucial piece of data, email addresses. In fact, emails are shown as images instead of text on Facebook so that scripts cannot easily download them.
So Plaxo avoided the API and went with screen scraping. They developed optical character recognition software to recognize email addresses and add them to the export.
Facebook doesn’t like this, of course. But it isn’t Plaxo that’s paying the price. It’s the journalists and bloggers who’ve been testing out the service. Robert Scoble was banned yesterday from Facebook for running the script. He received an email from Facebook that said “Our systems indicate that you’ve been highly active on Facebook lately and viewing pages at a quick enough rate that we suspect you may be running an automated script. This kind of Activity would be a violation of our Terms of Use and potentially of federal and state laws.”
Plaxo was certainly aware of the risk. In an email from the company asking me to try the service last week, they said “We don’t know whether Facebook will try to shut us down (despite their increasing verbal support for the concepts of open-ness), so we want to let a few key folks have access to the functionality before we make it available to everyone.”
Yeah, they guessed right. Plaxo started running automated scripts against Facebook without any warning or discussion with them beforehand, in violation of their terms of service and, I’ll add, common sense. Of course users were shut down. Facebook must regulate this kind of behavior, without it the service would crumble.
Beyond the automated script issue, Facebook also has a very good reason for protecting email addresses – user privacy. Robert Scoble may be perfectly fine with having my contact information be easily downloaded from Facebook, but I may not be. Ultimately it should be me that decides, not him. And if Plaxo wants to push the envelope on user privacy issues, again, perhaps they should at least have given Facebook a heads up. And be prepared to take the consequences themselves instead of passing them off to their users. Robert Scoble was Plaxo’s lab rat in this experiment. I’m glad I wasn’t one, too.
Update: Loren Feldman basically agrees with me.
Mike, good call! I’d only add that Scoble was a very willing lab rat. The downside (temporary banning) had a very big PR upside. I’d also applaud your recognition that FB is in a tough spot and did what the vast majority of users would ask them to do – protect them.
In an email from the company asking me to try the service last week, they said “We don’t know whether Facebook will try to shut us down (despite their increasing verbal support for the concepts of open-ness
well, facebook is protecting their servers, not my email address. I have an issue with them simply deleting Robert’s account. Hopefully it will be recovered and no harm done. If not, I’ll write another post, trashing Facebook.
Way to go Mike! I like your no nonsense attitude!
Mike I agree that Plaxo is in the wrong here but equally in the wrong is Robert for using the scrapping script. But as I wrote this morning he’ll come out of this a winner regardless of whether they re-instate his account.
http://www.wine...s-only-kidding/
It is one thing for FB to support open development.
It is something totally different to allow external sites to data mine/run scripts/spam and/or scrape your site.
The purpose behind these scripts are useful, they way the idea is being executed is destructive.
I have to agree with FB on this one.
Entrepreneurs should be innovative enough to execute the idea without having to resort to screen scraping and running scripts with potentially destructive consequences.
I’ve openned a Facebook group to re-open Robert Scoble account.
Come and join us at: http://www.face...gid=19628302696
Finally we are getting to the core of what “openness” realy means. There are dozens of post each week on facebook and openness, yet the whole thing is very simple: startups want facebook to allow importing of emails. Nothing more, really!
There is a pretty cool firefox plugin that reads that automatically converts facebook email GIFs to text. We pondered using it but it was obvious it was not a sustainable thing. Plaxo is probably using some variation of that code.
“Robert Scoble may be perfectly fine with having my contact information be easily downloaded from Facebook, but I may not be.”
Mike, if your email address is visible in your Facebook profile then it’s available to Robert whether he decides to type it into Plaxo or scrape it. If you want to protect your contact information, just don’t display it.
Keep in mind this is Plaxo’s business – scraping and synchronizing addressbooks. They scrape email services et al. for the same information.
Sean – sure. but part of the reason I display my email is because it’s an image, not pure text.
I suspect the only Facebook scraper tool with long-term effectiveness will be a user-run Firefox plugin with sensible throttler.
Facebook has created an environment where we only allow access to certain items that we want people to see. If I have let Scoble see my entire profile, meaning my education, my employment, my DOB, etc., and he takes any of that with him, to where ever he is taking it (and he could take it elsewhere), he is violating my right to privacy.
Not only does this affect the careful identity construction that I’ve done, but it also undermines my ability to only be a part of communities that I wish to take part in. He is porting my identity to sites unknown and using it in a way that I haven’t consented to.
If today it is Robert Scoble, who is to say that tomorrow it’s not someone stealing my identity and using it on sites that are unsavory?
Instead of jumping on a revolution bandwagon, we should be thinking about the overwhelming social issues here. I believe in portability for MY OWN identity. I don’t think that you should be allowed to take my information anywhere you want to go with it.
Mike, Here is how Scoble could have gotten his data out of facebook in 3 steps!
http://blogfort...-from-facebook/
The bigger isssue is this: If a company makes money out of my data they need to let me export it! The days of companies making money of my efforts are ending ..
Will be interesting to see how this plays out. I don’t think Facebook’s position is tenable long-term. Address book import is fuel for the social web, and Facebook is a modern equivalent of an address book.
On their site, they are happy to let users import from GMail and other services (and they were talking to us about enabling import from Outlook).
Why not let users import from there, if they can import to there? If I have permission to see you contact info because we have “friended” there, should I not be able to sync that data with Outlook?
You people are really serious? You TYPED your information into an external system and you have some kind of notion that that information is protected? Or that someone is ‘violating your privacy’ if they screen scrape with optical character recognition… really? REALLY?
This isn’t credit card information where there are laws governing the legal usage and security of information – this is info that you entered in a third party website without reading their TOS.
Hold your selves accountable people!!!! If you don’t want people to have your information, then don’t share it. It’s as simple as that.
The way I see it, Facebook created an API and limited what data you could retrieve from it for a reason. Scraping their site is something you would do as a proof of concept, not actually release in to production. Especially without contacting them first.
>If a company makes money out of my data they need to let me export it! The days of companies making money of my efforts are ending ..
@12 – I guess you will no longer have bank account, a doctor, a telephone, insurance, … Don’t get me wrong, I’m with you, but how is it you plan to fight Experian, Equifax, Allstate, your credit card companies, … I’d love to see (let alone port) all of the raw data real companies collect about me, but I’m not thinking it is likely anytime soon. Remember how big a fight it was just to get a free look into the credit bureaus aggregated data?
Robert Scoble is a 40-something married man with 2 children, who has just pulled a sophomoric stunt and got caught, but instead of saying sorry, he is now asserting “his right” to harvest the email addresses and birth dates of his so-called “5000 friends on Facebook”???
I opened a Facebook account just to see what the fuss was about, and got chills thinking all these faceless people were ready to poke me and leech on me.
They say MySpace is high-schoolish, but Facebook is only about a notch better. It is well-known that Facebook and Scoble dislike each other, so this seems like a fit soap-opera ending to this “frienemyship”.
Nail + head = bang!
Great post Mike – straight to the heart of the issue.
Plaxo is just plain evil. They have never cared one iota about their user’s privacy, in fact their entire business is based on violating the privacy of every user added to the system. I don’t trust them one bit, or their assertions that they will use the data they’ve collected properly. This appears to be just more evidence indicating that my distrust of them is well-founded.
Good article Mike – I wrote about the same topic:
http://www.cent...-social-network
it’s a pretty damn interesting topic of discussion!
just because we are friends does not mean you can steal or borrow my data.
I guess there’s a foul play in there, with Plaxo guys expecting facebook to act against that, and take advantage of the angry mob “blogosphere” expected reaction to bitch-slap facebook around for reasons of un-openness and the like
I think Plaxo needs to be a bit mature in their beta releases. I remember they had a problem with Google Calendars too. Their sync software used to delete the calendars entirely. Google caught it and immediately advised the users to address the situation. Google did not block the accounts though.
Plaxo has to be better about its Quality Assurance processes. I am sure such issues could have been caught before the wider beta release.
I have been a beta users of theirs and I am glad I didn’t use the Facebook feature.
ps — I do also believe that Facebook needs to grow up and allow users to extract graph data, which they clearly own.
If I were Facebook, I’d do the following if I really wanted to stick it to Plaxo … or any other company that tried scraping my data.
In short, anytime I detected Plaxo scrapers, I’d insert “fake” email addresses into the images (perhaps even email addresses to spam porn sites). This way, they might only end up with 20 – 40% accurate info, which is not acceptable. In fact, the 60 – 80% that would come back inaccurate would really screw up my current address data … and I’d be hesitant to have them scrape in order to preserve the integrity of my current address book … even though my current address book might not be 100% up to date.
For the record, I do support openness … I wish my social network (even Facebook’s) were “portable” to any network I wished.
However, I do have a visceral hatred from Plaxo. I wish I could go to there website, enter in all of my email addresses, and they would respect that and never send me an unwanted solicitation again. So much for wishful thinking!
FYI, in case you missed this:
Plaxo up for auction …
http://www.nyti...amp;oref=slogin
… burned $20 mil and never made a dime.
Auction price is a hopeful $100 mil for about 15 mil of Plaxo Users. ($6.66 / user).
Buh bye, Plaxo.
I am not the biggest Plaxo fan.., but it does kind of annoy me that Facebook, and I would have to assume other social networks, are putting these limitations on accessing of information when its made publically available by people.
If I add you as a friend.., and my email address is set to be shown to you publically.., then what is the big deal with you having the ability to export it to another system.., or write it down in your address book?
The social networks are VERY forward with getting your hotmail, gmail, yahoo, etc credentials for temporary use to add contacts and invite friends to sign up. Are they not violating the personal information of people you have emailed with when they go into your email accounts?
I have a problem with the preaching of “open-ness” is the future, then limiting what developers have access to.
People should have control over their data.., if you dont want people to have access to your information, set it to private.., or dont add them as a friend.
Remember that anyone you have emailed with has the potential to have added your email to their contact list.., they can then import that info and invite you via Plaxo, Facebook, and a number of other networks as well.
I really don’t disagree with your article. Plaxo was violating the terms of serivice. So I have no problem with facebook going after them in any way they can.
I do have one point of contention though. You wrote referring to your email address, “Ultimately it should be me that decides, not him.”
You already decided to share your email address with anyone on your friends list by posting it to your facebook account. So if someone uses that information you freely gave them, then you really have no cause for complaint. If you don’t want your friends to get that address, then don’t post it.
I think the scary thing about the hole thing is, that companies are getting more and more greedy. Ok they have always been greedy, but the only thing they wanted was your money. A great system called economy. Now the want your “friends” and the “friends” of your “friends”. Data is the new dollar.
I am really not the kind of guy who cares about the privacy issue, but the way some companies are acting right now, gives me the feeling, that their search for the “one ring” directly leads em to mordor.
Does anyone know what software Plaxo used for this?
iMacros maybe?
i don’t know…
I think friending someone in Facebook without the “allow only partial view” option needs to imply that this friend can see and take your information. Therefore, you should only friend people you trust with this data.
Ideally, it could/should be implied that all of Scoble’s friends trusted him with this data. However, it should not be implied that all of his friends trust Plaxo with this data.
I don’t know why people are letting Scoble off the hook here. I support Facebook’s ban, and I think it should be extended to anyone who tries to run scripts against their service. Scoble violated the terms of service in a nefarious way, period.
Oh and a word about Plaxo– spam me once, shame on you. Spam me twice…. I won’t get spammed again!!!
When I first started using Facebook they offered the ability to export such data. Facebook was a “bin” for YOUR social data, not a “lockerbox” for this information. As Facebook evolved and became more of a business than a convenient tool, it has made decisions that adversly effect the free flow of YOUR information aka “data portability”.
Fortunately for facebook, most users are too stupid to care about THEIR information and don’t mind that facebook claims to own THEIR social graph so long as they get to play pirate games on some stupid app or continue browsing their friends photos.
It will be interesting to see how Facebook chooses to evolve as the demand for data portability increases. Will ill other services that offer more openness impede on their ownership of other peoples social data?
To Michaels point, some people don’t want their e-mail address to be too easily withdrawn from facebook by others. But, I say that once it is out in the wild its fairgame. My desire to export a CSV of my MUTUAL friends trumps your desire to semi control your personal data. If you don’t want to share it, then don’t…
If you want to keep an address book for your friends on facebook you can give one of these applications a go: http://apps.fac....com/sendmesms/ (you can also send and recieve free text messages with this one) or try this one which just keeps email addresses http://apps.fac....com/emailbook/
Fortunately for facebook, most users are too stupid to care about THEIR information and don’t mind that facebook claims to own THEIR social graph so long as they get to play pirate games on some stupid app or continue browsing their friends photos.
that’s a good comment and a good example of how this is a losing game for Facebook if they continue down the closed path. The value of stupid users, who can easily be enticed elsewhere to play pirate games, is less then the users who want the best possible way to manage their own social graph.
Mike,
Damned well said. I couldn’t figure out how to express this and you did it well. The supposed hubub over what Scoble did has — until your post — been getting the issue backwards. It’s not about portability of his data but the protection of mine.
The way i view this is sort of the phone book vs anywho.com. They both have the same information, but people have come to expect that if your number is in the phone book, it will be on the internet (which has its advantages and disadvantages). People need to realize if you post your email on the internet, it will be accessible as well. I don’t really see an email address as being any sort of private information more than my physical address or phone number, all of which are readily available on the web because it makes things easier for my friends and family and the world at large if they need to contact me.
My hope is that in 10 years we’ll have the equivalent of a do-not-call list for e-mail, with federal penalties for unsolicited commercial emailing, and people will realize that putting your email on the internet is not the same as your social security number, bank account number or chromosomal makeup.
This would be less troublesome if it were a company other than Plaxo. Remember this?
Sure, they stopped doing that, but their reason was:
Obviously harvesting Facebook email addresses is a means to another end (probably a whole new round of spam).
Plaxo has consistently made decisions that are at odds with Internet ethics and has not shown an ability to act responsibly.
as an aside, couldn’t they get around this by doing a “slow scrape”, say do an initial scrape at ~1/minute over a day or 3 and then once it’s synced up scrape a random 60 an hour for updates? Would not be instant, but could be a reasonable solution.
Also, we should congratulate Facebook for trying to protect user privacy in the same way we criticized their earlier efforts. The fact that users may not care about privacy or the fact that users entered their own email addresses into the site is not the issue, the issue is that Facebook stopped a company from harvesting the email addresses and violating the privacy of thousands of its users.
“Yeah, they guessed right. Plaxo started running automated scripts against Facebook without any warning or discussion with them beforehand, in violation of their terms of service and, I’ll add, common sense. Of course users were shut down. Facebook must regulate this kind of behavior, without it the service would crumble.”
so now you’re not supporting scoble? dont get me wrong, I think he was a jackass for turning his breaking the TOS into some sort of a nerdy flag to unite anti-facebook people behind, but techcrunch as a whole should pick one side or the other on this issue (either he is an ass for trying, or he is a maverick for fighting back).
well said Mike.
I don’t know why there’s so much vitriol toward Facebook in this, what Plaxo encouraged their users to do was violate FB TOS, plain and simple.
Is this a limit of the free market where Scoble can’t just take his business elsewhere if he thinks FB’s TOS are unconscionable? Then maybe he should write about that.
I applaud FB for being decisive on this, but from the comments here it looks like nothing FB does will be accepted. They’re damned if they do (Plaxo) and damned if they don’t (Beacon).
Bill @39, get real, FB is not trying to protect user privacy. If you have been keeping up with what FB has been trying to do recently, you would know this. This is being done for their own self-interests. Linkedin allows you to export your contacts and they are doing a great job at increasing their user base. The fact is that FB can create a way to pull your friends contact information is a very simple easy way without creating a big fuss and continuing their great momentum. FB is maintaining their amateur hour in PA.
Not even getting into the spam/privacy argument overt Plaxo, but what the hell made them think it was a good idea to violate the ToS for Facebook? There’s an API, guys, and there are good reasons that some things are accessible through it, and other things aren’t. Why not talk to the company if you feel like you need, and can negotiate towards, special access to their data?
It’s kind of annoying that they tried to phrase the thing as a David v Goliath struggle, too: We don’t know whether Facebook will try to shut us down (despite their increasing verbal support for the concepts of open-ness). That’s it, Plaxo, way to go. Blatantly taunt the service you’re mis-using. Clearly FaceBook is the bad guy here.
Just a dumb move all around, by Plaxo.
I am sure a few people already mentioned it but…If I can see your email address on facebook that is because YOU shared it with me. Once YOU put it out there it is going to get scraped, copied, moved etc etc. If you share your email with someone you don’t know on facebook who has 5,000 friends and then get upset about it you need to go to a remedial information literacy class.
Get it together people!
yes, but the screen scraping that Mint does (via yodlee) is just fine!
can’t imagine this helps with their effort to get bought, if true.
but it does speak volumes about the level of their desperation.
(or else just really poor judgement… can’t imagine this effort not getting shut down in a heartbest)
Shanya: FB is protecting user privacy, even if their reason for doing it is selfish. “Beacon” was for self interests, and we rightly criticized it. I want my email address protected from spammers, and I’m going to thank Facebook when they protect that, regardless of their motives.
Scoble is a great guy, which is causing most of the outrage towards Facebook. Scoble and the other bloggers were used by an evil company who was aware of both Scoble’s friend count and geek cred. Unfortunately, this mistake will hurt both Scoble and Plaxo’s credibility, when it should only hurt Plaxo’s.
[didn't closed an italic tag--can someone clean that up?]