People search engine Rapleaf revises privacy policy

Specialized search engine Rapleaf changed its privacy policy and removed a Web site on Friday in an effort to disclose the part of its business that sells data to marketers about people's online social ties.

Following inquiries for an article published Friday by CNET News.com, Rapleaf added nearly 700 words to its privacy policy to show its relationship with TrustFuse, a formerly separate part of its business that sells personally identifiable data about Internet users, which it obtains through various social networks and sites. The company also removed the Web site for TrustFuse.com, which now redirects visitors to a page at Rapleaf.com. The updated Rapleaf privacy policy lets people opt out of its system by sending an e-mail to the company.

Rapleaf CEO Auren Hoffman acknowledged that the changes were prompted by inquiries from News.com and that operating two different brands "was confusing." "When you're a small company you have to move quickly. We make small mistakes and you move to correct those mistakes," Hoffman said.

Despite the swift changes, privacy experts still say Rapleaf may be breaching the privacy of people using social networks like MySpace.com and Facebook, among the other social networks to which it links. Rapleaf lets you retrieve the name, age and social-network affiliations of anyone, as long as you have his or her e-mail address. But what the company does not disclose are the details on how it obtains people's ties to social networks through their e-mail addresses--a nifty feat considering social networks typically don't publish members' e-mail addresses.

Because of this, some people believe Rapleaf's practices may be violating the terms of service of MySpace and Facebook by linking to people's profile pages and scraping data from the sites for commercial purposes.

"It seems to undermine the whole social-network model, where small communities are formed within the larger online world. Users typically decide who to 'friend' and who not to friend. But if companies have found a way to scarf up e-mail addresses and affiliations, then that's serious and the Federal Trade Commission should investigate," said Marc Rotenberg, executive director at the Electronic Privacy Information Center, a nonprofit privacy advocacy group.

"Basic privacy rules would require Rapleaf to allow individuals to inspect and correct personally identifiable data that Rapleaf collects," Rotenberg added. "And basic ownership rules suggest that individuals are entitled to any profits that might result from the sale of their data."

"When you're a small company you have to move quickly. We make small mistakes and you move to correct those mistakes."

--Auren Hoffman, CEO, Rapleaf

Hoffman said his company is trying to respond to such concerns, and Rapleaf plans to make further changes to its site and privacy policy, including eventually giving people access to all of the data it has collected about them so they can manage that information and opt out of its data-collection practices.

Right now, Rapleaf has profiles on roughly 50 million people. According to the company's privacy policies, those profiles might include a person's age, birth date, physical address, alma mater, friends, political affiliations, and favorite books and music, as well as how long that person has been online, which social networks he frequents, and what applications he's downloaded.

In interviews this week and last, Hoffman said the company obtains data on people from Web sites including social networks, and soon, blogs. The company does not have partnerships with any social network, including MySpace and Facebook, to obtain member profile information, including e-mail addresses, he said. Rather, Rapleaf may use the e-mail search features at these social networks to find people's profiles. For other networks, the company uses "proprietary methods," he said.

But in a review of user agreements at various social networks, Rapleaf's business practices appear to violate the terms of service at MySpace and Facebook, among others.

For example, MySpace's terms of service state that MySpace services are for the "personal use of members only and may not be used in connection with any commercial endeavors except those that are specifically endorsed or approved by MySpace.com."

"Illegal and/or unauthorized use of the MySpace services, including collecting usernames and/or e-mail addresses of members by electronic or other means for the purpose of sending unsolicited e-mail or unauthorized framing of or linking to the MySpace Web site is prohibited," according to the social network's terms of service.

A MySpace representative did not immediately respond to a request for comment about Rapleaf.

[pencoyd]

What's the email address for getting data removed?

This line in the article attracted my interest.

"The updated Rapleaf privacy policy lets people opt out of its
system by sending an e-mail to the company."

What's the address??

Thanks.

[pokeypup]

Shame on them

This is my .02 for what's it worth. I have already had some dealings with Rap Leaf. It seems as though any one can start information about people on this site and trust me when I tell you this some people are taking advantage of this and trying to tear people up on this site. My brother had a problem with this site a few weeks back someone added his name to the site and then proceeded to say bad things about him. I think this site should be shut down and anyone doing anything simliar should also be shut down this is unacceptable and the folks over at Rap Leaf should be ashamed of themselves for even allowing this type of thing to happen.

I will admit though that I wrote them an email and in a short period of time they did take all information related to my brother and myself off of their site. The email as asked in an earlier comment is abuse@rapleaf.com.

Pokeypup

[inachu]

rap leaf is just a fly by night company.

What about at news dot com? Are people allowed scan data and use it as they wish for commercial purposes?

[directorblue]

Could be grounds for a class action?

It would appear that these policies clearly violate many TOS agreements (e.g., LinkedIn, Facebook, etc.).

What they are doing may be clever... but it is also flat-out wrong.

[dargon19888]

Round 2 of AVOID AT ALL COSTS...

I was surprised that no one really caught this.
The first article there were only a handful of comments, including mine.

This company should clearly be avoided at all costs.
"Opt out"??? C'mon. How do you know or trust them?
Remember that they are marketing your bio information and not your e-mail. (Or so they claim.) This means that the company already has your e-mail address (From whatever source) and that you have no way of knowing how they got any of your personal information.

Nor do you have any way of knowing if this company really didn't sell your e-mail address to a third party.

Clearly they are motivated on making a quick buck and don't consider anything close to ethics or the law in their business plan. There is no excuse for their actions.

As to suing them, that's up to the companies' who's TOS/AUP they violated.

[skyper]

I'll still use Rapleaf

The fact that Rapleaf responds to users' feedback and suggestions so swiftly tells me that they are pretty responsible. Almost all websites out there collect your information in some way or another. I don't think signing up on MySpace or Facebook is any more dangerous than signing up on Rapleaf. In fact, many social networks, notably Tagged and Flixster, trick people to send "invitations" to emails in their address book. And Rapleaf doesn't seem to do that.

I don't exactly know how Rapleaf collects their information. However, look at other search engines like Wink, they all seem to do the same thing.

[cybervigilante]

I dont care about the Marketers so much

I don't have to buy what they want to sell.

But given out government's increasing intrusiveness, this Administration could use such a database to find out that a prominent activist or critic was, let's say, a fan of S&M videos. Or a member of an alcoholics online support group. This info would, of course, be accidentally leaked to a media always on the lookout for the seamy.

If you ever wanted to run for Any political office, you would either have to be a Sunday school teacher or stay off the Internet entirely. The scum who work at the politics of personal assassination can make Anything look bad.

They used to only go after the big guys, but in this era of increasingly targeted harassment, who knows how low they would go? Maybe to street-level activists. It might only take an email to their employer to get them in trouble.

[cybervigilante]

But what about stupid emails?

I'm just kind of amazed anyone would give their email password out. They could read every bit of personal or financial mail you send, including the dumb stuff. And don't tell me no on ever writes something stupid they would never want on the evening news ;')