August 31, 2007 4:00 PM PDT
At Rapleaf, your personals are public
(continued from previous page)
He said Rapleaf has about 50 million profiles, which include people's associations with Facebook, MySpace, LinkedIn, Bebo, Classmates.com and Amazon.com's Wish Lists, among other networks. Hoffman said the company soon plans to add blog searches to its database, among other coming features.
To illustrate the power of Rapleaf, CNET News.com did a search on Hoffman. From his profile page, you'll find out he's a 33-year-old single white male originally from New York. He graduated from UC Berkeley in 1996 with a degree in industrial engineering and operations research. He has profiles on 17 different social networks, pens a blog, and is linked to 11 e-mail addresses. (Eight are kept private on Rapleaf, but that domain has been in use since March 2005.)
From these links, you can find out that he's founded and sold three companies, including enterprise software firm Bridgepath and lead-generation company GetRelevant, which Lycos bought in 2002. He's also an investor in ad firm Brightroll and is an adviser to Pacific Research Institute, a nonprofit political group. From MySpace, you'll find he's an Aries who likes "anyone who stands up to the Man." And his Amazon Wish List shows that he wants a self-inflating travel pillow and the book More Sex Is Safer Sex: The Unconventional Wisdom of Economics.
One big question about Rapleaf is how it obtains access to people's social-networking profiles, considering that sites like Facebook, MySpace and LinkedIn don't publish their members' e-mail addresses as a matter of policy. When asked, representatives from these social networks said that they do not have partnerships with Rapleaf, nor other search engines, to provide access to e-mail addresses.
Kay Luo, director of communications at LinkedIn, said it plainly: "People are exposed because they're out there on the Internet, but they're not exposed because of anything we did."
Rapleaf's Hoffman said that the company finds profiles through the e-mail search at certain sites, including MySpace, LinkedIn, Facebook and Amazon. MySpace, for example, lets visitors find a profile by e-mail address or first and last name. But for other sites, Rapleaf employs a "secret sauce," according to Hoffman. It's not always easy either. Hoffman said the company hasn't figured out how to crack into accessing members on Digg, for example, even though it would like to.
Security experts say one technique used to find people on social networks could be joining the social network and then ferreting e-mail addresses by deducing naming conventions at big companies. Employees at Google, for example, have addresses with the person's first name and last initial, with @google.com. By understanding naming conventions, an automated crawler could scour a social network for profiles by trying out various combinations of names.
Ali Partovi, CEO of the social music service iLike, said he considered hiring Rapleaf/TrustFuse to figure out how many of its Web users were also on Facebook and other social networks, so iLike could cross-market to those who weren't. But he ultimately decided against using the service because it meant divulging the e-mail addresses of his own users.
Clavier said Rapleaf is only working off what's already available. "What's interesting is that when you read about what Wink, Rapleaf and others have been doing, it's suddenly like, 'Oh my God, this is a lack of privacy.' But it's only aggregating what's out there. It used to take several Google searches to find the information--now it's a one-stop shop."
5 commentsJoin the conversation! Add your comment