August 31, 2007 4:00 PM PDT

At Rapleaf, your personals are public

(continued from previous page)

He said Rapleaf has about 50 million profiles, which include people's associations with Facebook, MySpace, LinkedIn, Bebo, and's Wish Lists, among other networks. Hoffman said the company soon plans to add blog searches to its database, among other coming features.

To illustrate the power of Rapleaf, CNET did a search on Hoffman. From his profile page, you'll find out he's a 33-year-old single white male originally from New York. He graduated from UC Berkeley in 1996 with a degree in industrial engineering and operations research. He has profiles on 17 different social networks, pens a blog, and is linked to 11 e-mail addresses. (Eight are kept private on Rapleaf, but that domain has been in use since March 2005.)

From these links, you can find out that he's founded and sold three companies, including enterprise software firm Bridgepath and lead-generation company GetRelevant, which Lycos bought in 2002. He's also an investor in ad firm Brightroll and is an adviser to Pacific Research Institute, a nonprofit political group. From MySpace, you'll find he's an Aries who likes "anyone who stands up to the Man." And his Amazon Wish List shows that he wants a self-inflating travel pillow and the book More Sex Is Safer Sex: The Unconventional Wisdom of Economics.

One big question about Rapleaf is how it obtains access to people's social-networking profiles, considering that sites like Facebook, MySpace and LinkedIn don't publish their members' e-mail addresses as a matter of policy. When asked, representatives from these social networks said that they do not have partnerships with Rapleaf, nor other search engines, to provide access to e-mail addresses.

"People are exposed because they're out there on the Internet, but they're not exposed because of anything we did."
--Kay Luo, director of communications, LinkedIn

Kay Luo, director of communications at LinkedIn, said it plainly: "People are exposed because they're out there on the Internet, but they're not exposed because of anything we did."

Rapleaf's Hoffman said that the company finds profiles through the e-mail search at certain sites, including MySpace, LinkedIn, Facebook and Amazon. MySpace, for example, lets visitors find a profile by e-mail address or first and last name. But for other sites, Rapleaf employs a "secret sauce," according to Hoffman. It's not always easy either. Hoffman said the company hasn't figured out how to crack into accessing members on Digg, for example, even though it would like to.

According to Upscoop's privacy policy, the company "is able to obtain and may display information on a person or e-mail from other sources that are at our discretion. This information obtained from other sources is publicly available. Information may also be extracted from private social-networking sites and online communities based on special access." Hoffman said the company has no special access, however.

Security experts say one technique used to find people on social networks could be joining the social network and then ferreting e-mail addresses by deducing naming conventions at big companies. Employees at Google, for example, have addresses with the person's first name and last initial, with By understanding naming conventions, an automated crawler could scour a social network for profiles by trying out various combinations of names.

Ali Partovi, CEO of the social music service iLike, said he considered hiring Rapleaf/TrustFuse to figure out how many of its Web users were also on Facebook and other social networks, so iLike could cross-market to those who weren't. But he ultimately decided against using the service because it meant divulging the e-mail addresses of his own users.

"One of the reasons we decided not to work with them is because it would violate our privacy policy. Our privacy policy wouldn't allow us to give a third party access to our e-mail database," he said.

Clavier said Rapleaf is only working off what's already available. "What's interesting is that when you read about what Wink, Rapleaf and others have been doing, it's suddenly like, 'Oh my God, this is a lack of privacy.' But it's only aggregating what's out there. It used to take several Google searches to find the information--now it's a one-stop shop."

Previous page
Page 1 | 2 | 3

See more CNET content tagged:
marketer, privacy policy, social networking, e-mail address, client


Join the conversation!
Add your comment
Avoid at all costs...
So essentially this site is one half of the equation.

That is, they say thay they will grab any and all data about you that they can. *BUT* THEY WON'T reveal your *E-MAIL* address to a prospective client.


So Rapleaf doesn't spam. But their customers can now send a more targeted spam message.

Anyone who uses Rapleaf deserves what they get. More spam.

Its still spam, regardless of how "targeted" they attempt to limit the message. Think about it.
Posted by dargon19888 (412 comments )
Reply Link Flag
privacy laws?
this has to break some privacy laws and if it doesn't then we don't have any privacy guarantees with existing laws. simple as that.
Posted by dondarko (261 comments )
Reply Link Flag
Nope doesn't break any privacy laws...
When you sign up for this "service" you acknowledge their ToS and privacy statement.

If they tell you up front that they are going to collect any and all information from you and then sell it (sans e-mail addresses) to third party marketers, you're essentially SOL.

You gave up your rights to any privacy that they capture on their site.

Now you know why I suggest that you avoid this site or any other site like this at all costs.
Posted by dargon19888 (412 comments )
Link Flag
So you sign up for a social networking site, use your personal email address, thus allow other users to find you via email address to see your profile and you think this is private? If you are so concerned then maybe you should complain to MySpace or not use social sites. Some social sites let you lock your information to varying degrees. You really have to pay attention to what their privacy policies are (you could even use different email addresses for home, business, spam use, etc). I think we are all naive if you think RapLeaf is the only company doing this. Collecting publicly available data is the job of every marketing firm. Just because the publicly admit and even let you see what data they have collected this makes it worse?
Posted by powella (1 comment )
Reply Link Flag
Just reviewed Rapleaf's policies and based on my understanding, two things come to mind:

1) dargon19888 is right about what rapleaf does -- they have a database of emails that companies can match and see if you have public profiles on social sites. After calling in to rapleaf, although no specific companies were mentioned, found out that companies like drugstores, electronic goods stores -- any one who you might have made a purchase from -- have large email databases that they don't know. these companies already communicate with you via email, and they don't spam you more just because they know you're on facebook...

2) re: privacy laws, if you read rapleaf's policies, sounds like they follow privacy policies of the social networks themselves. not sure how they do that, but since they only find PUBLIC data on people, they can't be hacking the system.

final thoughts: if you don't want your info found by the companies you buy from, DON'T MAKE YOUR PROFILES PUBLIC ON SOCIAL NETWORKS. if it's public, anyone can see it and you give up rights to it (even though your info online already belongs to sites like myspace, facebook, etc). if you make it private, no one can see it besides ur friends.

side note: another point i picked up from talking with rapleaf is that if you have a lot of friends and are a big fan of a company, you're more likely to special offers/promotions from companies because you have more influence :)

see? it's not all bad
Posted by asharpe2 (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.