Plaxo Flubs It

News leaked prematurely today about a new Plaxo Pulse feature that allows users to match Facebook contacts to Pulse contacts, and then import contact data about the matches into Pulse.

Plaxo has been testing the feature with a number of journalists and bloggers. It involves running a script against Facebook. You tell Plaxo your Facebook account credentials; Plaxo then goes in to Facebook, looks up every one of your friends, and pulls down their contact information.

Plaxo could have done most of the work via the Facebook API (and in fact we covered a startup called FriendCSV that does just that). But the Facebook API doesn’t allow exporting of a crucial piece of data, email addresses. In fact, emails are shown as images instead of text on Facebook so that scripts cannot easily download them.

So Plaxo avoided the API and went with screen scraping. They developed optical character recognition software to recognize email addresses and add them to the export.

Facebook doesn’t like this, of course. But it isn’t Plaxo that’s paying the price. It’s the journalists and bloggers who’ve been testing out the service. Robert Scoble was banned yesterday from Facebook for running the script. He received an email from Facebook that said “Our systems indicate that you’ve been highly active on Facebook lately and viewing pages at a quick enough rate that we suspect you may be running an automated script. This kind of Activity would be a violation of our Terms of Use and potentially of federal and state laws.”

Plaxo was certainly aware of the risk. In an email from the company asking me to try the service last week, they said “We don’t know whether Facebook will try to shut us down (despite their increasing verbal support for the concepts of open-ness), so we want to let a few key folks have access to the functionality before we make it available to everyone.”

Yeah, they guessed right. Plaxo started running automated scripts against Facebook without any warning or discussion with them beforehand, in violation of their terms of service and, I’ll add, common sense. Of course users were shut down. Facebook must regulate this kind of behavior, without it the service would crumble.

Beyond the automated script issue, Facebook also has a very good reason for protecting email addresses – user privacy. Robert Scoble may be perfectly fine with having my contact information be easily downloaded from Facebook, but I may not be. Ultimately it should be me that decides, not him. And if Plaxo wants to push the envelope on user privacy issues, again, perhaps they should at least have given Facebook a heads up. And be prepared to take the consequences themselves instead of passing them off to their users. Robert Scoble was Plaxo’s lab rat in this experiment. I’m glad I wasn’t one, too.