Mike, good call! I’d only add that Scoble was a very willing lab rat. The downside (temporary banning) had a very big PR upside. I’d also applaud your recognition that FB is in a tough spot and did what the vast majority of users would ask them to do – protect them.

well, facebook is protecting their servers, not my email address. I have an issue with them simply deleting Robert’s account. Hopefully it will be recovered and no harm done. If not, I’ll write another post, trashing Facebook.

Way to go Mike! I like your no nonsense attitude!

Mike I agree that Plaxo is in the wrong here but equally in the wrong is Robert for using the scrapping script. But as I wrote this morning he’ll come out of this a winner regardless of whether they re-instate his account.

http://www.winextra.com/2008/01/03/hey-robert-i-was-only-kidding/

It is one thing for FB to support open development.

It is something totally different to allow external sites to data mine/run scripts/spam and/or scrape your site.

The purpose behind these scripts are useful, they way the idea is being executed is destructive.

I have to agree with FB on this one.

Entrepreneurs should be innovative enough to execute the idea without having to resort to screen scraping and running scripts with potentially destructive consequences.

I’ve openned a Facebook group to re-open Robert Scoble account.
Come and join us at: http://www.facebook.com/group.php?gid=19628302696

Finally we are getting to the core of what “openness” realy means. There are dozens of post each week on facebook and openness, yet the whole thing is very simple: startups want facebook to allow importing of emails. Nothing more, really!

There is a pretty cool firefox plugin that reads that automatically converts facebook email GIFs to text. We pondered using it but it was obvious it was not a sustainable thing. Plaxo is probably using some variation of that code.

“Robert Scoble may be perfectly fine with having my contact information be easily downloaded from Facebook, but I may not be.”

Mike, if your email address is visible in your Facebook profile then it’s available to Robert whether he decides to type it into Plaxo or scrape it. If you want to protect your contact information, just don’t display it.

Keep in mind this is Plaxo’s business – scraping and synchronizing addressbooks. They scrape email services et al. for the same information.

Sean – sure. but part of the reason I display my email is because it’s an image, not pure text.

I suspect the only Facebook scraper tool with long-term effectiveness will be a user-run Firefox plugin with sensible throttler.

Facebook has created an environment where we only allow access to certain items that we want people to see. If I have let Scoble see my entire profile, meaning my education, my employment, my DOB, etc., and he takes any of that with him, to where ever he is taking it (and he could take it elsewhere), he is violating my right to privacy.

Not only does this affect the careful identity construction that I’ve done, but it also undermines my ability to only be a part of communities that I wish to take part in. He is porting my identity to sites unknown and using it in a way that I haven’t consented to.

If today it is Robert Scoble, who is to say that tomorrow it’s not someone stealing my identity and using it on sites that are unsavory?

Instead of jumping on a revolution bandwagon, we should be thinking about the overwhelming social issues here. I believe in portability for MY OWN identity. I don’t think that you should be allowed to take my information anywhere you want to go with it.

Mike, Here is how Scoble could have gotten his data out of facebook in 3 steps!

http://blogforthought.com/2008/01/03/how-scoble-could-have-gotten-his-data-from-facebook/

The bigger isssue is this: If a company makes money out of my data they need to let me export it! The days of companies making money of my efforts are ending ..

Will be interesting to see how this plays out. I don’t think Facebook’s position is tenable long-term. Address book import is fuel for the social web, and Facebook is a modern equivalent of an address book.

On their site, they are happy to let users import from GMail and other services (and they were talking to us about enabling import from Outlook).

Why not let users import from there, if they can import to there? If I have permission to see you contact info because we have “friended” there, should I not be able to sync that data with Outlook?

You people are really serious? You TYPED your information into an external system and you have some kind of notion that that information is protected? Or that someone is ‘violating your privacy’ if they screen scrape with optical character recognition… really? REALLY?

This isn’t credit card information where there are laws governing the legal usage and security of information – this is info that you entered in a third party website without reading their TOS.

Hold your selves accountable people!!!! If you don’t want people to have your information, then don’t share it. It’s as simple as that.

The way I see it, Facebook created an API and limited what data you could retrieve from it for a reason. Scraping their site is something you would do as a proof of concept, not actually release in to production. Especially without contacting them first.

>If a company makes money out of my data they need to let me export it! The days of companies making money of my efforts are ending ..

@12 – I guess you will no longer have bank account, a doctor, a telephone, insurance, … Don’t get me wrong, I’m with you, but how is it you plan to fight Experian, Equifax, Allstate, your credit card companies, … I’d love to see (let alone port) all of the raw data real companies collect about me, but I’m not thinking it is likely anytime soon. Remember how big a fight it was just to get a free look into the credit bureaus aggregated data?

Robert Scoble is a 40-something married man with 2 children, who has just pulled a sophomoric stunt and got caught, but instead of saying sorry, he is now asserting “his right” to harvest the email addresses and birth dates of his so-called “5000 friends on Facebook”???

I opened a Facebook account just to see what the fuss was about, and got chills thinking all these faceless people were ready to poke me and leech on me.

They say MySpace is high-schoolish, but Facebook is only about a notch better. It is well-known that Facebook and Scoble dislike each other, so this seems like a fit soap-opera ending to this “frienemyship”.

Nail + head = bang!

Great post Mike – straight to the heart of the issue.

Plaxo is just plain evil. They have never cared one iota about their user’s privacy, in fact their entire business is based on violating the privacy of every user added to the system. I don’t trust them one bit, or their assertions that they will use the data they’ve collected properly. This appears to be just more evidence indicating that my distrust of them is well-founded.

My Social Network Data Is Not Yours To Steal or Borrow…

I had a lengthy conversation this morning with Steve Poland about Robert Scoble getting banned from Facebook. Apparently Scoble was banned due to "stealing" user info and taking it outside the Facebook network. What we discussed was whether R…

Good article Mike – I wrote about the same topic:
http://www.centernetworks.com/whose-data-is-it-on-a-social-network

it’s a pretty damn interesting topic of discussion!

just because we are friends does not mean you can steal or borrow my data.

I guess there’s a foul play in there, with Plaxo guys expecting facebook to act against that, and take advantage of the angry mob “blogosphere” expected reaction to bitch-slap facebook around for reasons of un-openness and the like

[...] 2: It seems that the script which Scoble ran was part of a new feature from Plaxo Pulse being tested with few [...]

I think Plaxo needs to be a bit mature in their beta releases. I remember they had a problem with Google Calendars too. Their sync software used to delete the calendars entirely. Google caught it and immediately advised the users to address the situation. Google did not block the accounts though.

Plaxo has to be better about its Quality Assurance processes. I am sure such issues could have been caught before the wider beta release.

I have been a beta users of theirs and I am glad I didn’t use the Facebook feature.

ps — I do also believe that Facebook needs to grow up and allow users to extract graph data, which they clearly own.

If I were Facebook, I’d do the following if I really wanted to stick it to Plaxo … or any other company that tried scraping my data.

In short, anytime I detected Plaxo scrapers, I’d insert “fake” email addresses into the images (perhaps even email addresses to spam porn sites). This way, they might only end up with 20 – 40% accurate info, which is not acceptable. In fact, the 60 – 80% that would come back inaccurate would really screw up my current address data … and I’d be hesitant to have them scrape in order to preserve the integrity of my current address book … even though my current address book might not be 100% up to date.

For the record, I do support openness … I wish my social network (even Facebook’s) were “portable” to any network I wished.

However, I do have a visceral hatred from Plaxo. I wish I could go to there website, enter in all of my email addresses, and they would respect that and never send me an unwanted solicitation again. So much for wishful thinking!

FYI, in case you missed this:

Plaxo up for auction …

http://www.nytimes.com/2008/01/03/technology/03plaxo.html?_r=2&ref=technology&oref=slogin&oref=slogin

… burned $20 mil and never made a dime.

Auction price is a hopeful $100 mil for about 15 mil of Plaxo Users. ($6.66 / user).

Buh bye, Plaxo.

I am not the biggest Plaxo fan.., but it does kind of annoy me that Facebook, and I would have to assume other social networks, are putting these limitations on accessing of information when its made publically available by people.

If I add you as a friend.., and my email address is set to be shown to you publically.., then what is the big deal with you having the ability to export it to another system.., or write it down in your address book?

The social networks are VERY forward with getting your hotmail, gmail, yahoo, etc credentials for temporary use to add contacts and invite friends to sign up. Are they not violating the personal information of people you have emailed with when they go into your email accounts?

I have a problem with the preaching of “open-ness” is the future, then limiting what developers have access to.

People should have control over their data.., if you dont want people to have access to your information, set it to private.., or dont add them as a friend.

Remember that anyone you have emailed with has the potential to have added your email to their contact list.., they can then import that info and invite you via Plaxo, Facebook, and a number of other networks as well.

I really don’t disagree with your article. Plaxo was violating the terms of serivice. So I have no problem with facebook going after them in any way they can.
I do have one point of contention though. You wrote referring to your email address, “Ultimately it should be me that decides, not him.”
You already decided to share your email address with anyone on your friends list by posting it to your facebook account. So if someone uses that information you freely gave them, then you really have no cause for complaint. If you don’t want your friends to get that address, then don’t post it.

I think the scary thing about the hole thing is, that companies are getting more and more greedy. Ok they have always been greedy, but the only thing they wanted was your money. A great system called economy. Now the want your “friends” and the “friends” of your “friends”. Data is the new dollar.
I am really not the kind of guy who cares about the privacy issue, but the way some companies are acting right now, gives me the feeling, that their search for the “one ring” directly leads em to mordor.

Does anyone know what software Plaxo used for this?
iMacros maybe?

[...] to TechCrunch, it looks like Plaxo Pulse was responsible for Robert Scoble’s recent banning from Facebook. [...]

i don’t know…

I think friending someone in Facebook without the “allow only partial view” option needs to imply that this friend can see and take your information. Therefore, you should only friend people you trust with this data.

Ideally, it could/should be implied that all of Scoble’s friends trusted him with this data. However, it should not be implied that all of his friends trust Plaxo with this data.

I don’t know why people are letting Scoble off the hook here. I support Facebook’s ban, and I think it should be extended to anyone who tries to run scripts against their service. Scoble violated the terms of service in a nefarious way, period.

[...] as it stands? Here’s more fuel to the fire. Robert Scoble, tech blogger and vlogger, today used an unreleased scraper to easily pull out friend information on his 5,ooo or so friends on Facebook. Facebook said this was [...]

Oh and a word about Plaxo– spam me once, shame on you. Spam me twice…. I won’t get spammed again!!!

When I first started using Facebook they offered the ability to export such data. Facebook was a “bin” for YOUR social data, not a “lockerbox” for this information. As Facebook evolved and became more of a business than a convenient tool, it has made decisions that adversly effect the free flow of YOUR information aka “data portability”.

Fortunately for facebook, most users are too stupid to care about THEIR information and don’t mind that facebook claims to own THEIR social graph so long as they get to play pirate games on some stupid app or continue browsing their friends photos.

It will be interesting to see how Facebook chooses to evolve as the demand for data portability increases. Will ill other services that offer more openness impede on their ownership of other peoples social data?

To Michaels point, some people don’t want their e-mail address to be too easily withdrawn from facebook by others. But, I say that once it is out in the wild its fairgame. My desire to export a CSV of my MUTUAL friends trumps your desire to semi control your personal data. If you don’t want to share it, then don’t…

[...] Arrington gets it right in the kerfuffle over Robert Scoble using a Plaxo scraper to take email addresses of his friends [...]

If you want to keep an address book for your friends on facebook you can give one of these applications a go: http://apps.facebook.com/sendmesms/ (you can also send and recieve free text messages with this one) or try this one which just keeps email addresses http://apps.facebook.com/emailbook/

Fortunately for facebook, most users are too stupid to care about THEIR information and don’t mind that facebook claims to own THEIR social graph so long as they get to play pirate games on some stupid app or continue browsing their friends photos.

that’s a good comment and a good example of how this is a losing game for Facebook if they continue down the closed path. The value of stupid users, who can easily be enticed elsewhere to play pirate games, is less then the users who want the best possible way to manage their own social graph.

Mike,
Damned well said. I couldn’t figure out how to express this and you did it well. The supposed hubub over what Scoble did has — until your post — been getting the issue backwards. It’s not about portability of his data but the protection of mine.

[...] find myself in the uncommon position of agreeing with Arrington who says that Plaxo flubs it. I have to agree, I mean they have a bad enough reputation as it stands. They must be banking on [...]

The way i view this is sort of the phone book vs anywho.com. They both have the same information, but people have come to expect that if your number is in the phone book, it will be on the internet (which has its advantages and disadvantages). People need to realize if you post your email on the internet, it will be accessible as well. I don’t really see an email address as being any sort of private information more than my physical address or phone number, all of which are readily available on the web because it makes things easier for my friends and family and the world at large if they need to contact me.

My hope is that in 10 years we’ll have the equivalent of a do-not-call list for e-mail, with federal penalties for unsolicited commercial emailing, and people will realize that putting your email on the internet is not the same as your social security number, bank account number or chromosomal makeup.

This would be less troublesome if it were a company other than Plaxo. Remember this?

Sure, they stopped doing that, but their reason was:

…we’ve always known that the update requests were a means to an end — our goal has always been to get as many members as possible so that these e-mails were unnecessary. And it looks like we’re finally getting to that end.

As of last week, we’ve past 10 million members. We are now growing at over 50,000 users a day. Due to this great growth, the depth of our network, plus our heartfelt desire to be good net citizens, we have started phasing out update requests.

This feature will probably always exist in some form, but we are no longer aggressively pushing new users to send out e-mails and are adding restrictions to prevent existing users from sending out large batches. Within the next six months (allowing for releases and upgrades to our base), you should see these messages drop to a trickle.

Obviously harvesting Facebook email addresses is a means to another end (probably a whole new round of spam).

Plaxo has consistently made decisions that are at odds with Internet ethics and has not shown an ability to act responsibly.

as an aside, couldn’t they get around this by doing a “slow scrape”, say do an initial scrape at ~1/minute over a day or 3 and then once it’s synced up scrape a random 60 an hour for updates? Would not be instant, but could be a reasonable solution.

Also, we should congratulate Facebook for trying to protect user privacy in the same way we criticized their earlier efforts. The fact that users may not care about privacy or the fact that users entered their own email addresses into the site is not the issue, the issue is that Facebook stopped a company from harvesting the email addresses and violating the privacy of thousands of its users.

“Yeah, they guessed right. Plaxo started running automated scripts against Facebook without any warning or discussion with them beforehand, in violation of their terms of service and, I’ll add, common sense. Of course users were shut down. Facebook must regulate this kind of behavior, without it the service would crumble.”

so now you’re not supporting scoble? dont get me wrong, I think he was a jackass for turning his breaking the TOS into some sort of a nerdy flag to unite anti-facebook people behind, but techcrunch as a whole should pick one side or the other on this issue (either he is an ass for trying, or he is a maverick for fighting back).

[...] I agree wholeheartedly with Michael Arrington and Loren Feldman (his video is quite good). Scoble wants to free YOUR information. Where there [...]

well said Mike.

I don’t know why there’s so much vitriol toward Facebook in this, what Plaxo encouraged their users to do was violate FB TOS, plain and simple.

Is this a limit of the free market where Scoble can’t just take his business elsewhere if he thinks FB’s TOS are unconscionable? Then maybe he should write about that.

I applaud FB for being decisive on this, but from the comments here it looks like nothing FB does will be accepted. They’re damned if they do (Plaxo) and damned if they don’t (Beacon).

Bill @39, get real, FB is not trying to protect user privacy. If you have been keeping up with what FB has been trying to do recently, you would know this. This is being done for their own self-interests. Linkedin allows you to export your contacts and they are doing a great job at increasing their user base. The fact is that FB can create a way to pull your friends contact information is a very simple easy way without creating a big fuss and continuing their great momentum. FB is maintaining their amateur hour in PA.

Not even getting into the spam/privacy argument overt Plaxo, but what the hell made them think it was a good idea to violate the ToS for Facebook? There’s an API, guys, and there are good reasons that some things are accessible through it, and other things aren’t. Why not talk to the company if you feel like you need, and can negotiate towards, special access to their data?

It’s kind of annoying that they tried to phrase the thing as a David v Goliath struggle, too: We don’t know whether Facebook will try to shut us down (despite their increasing verbal support for the concepts of open-ness). That’s it, Plaxo, way to go. Blatantly taunt the service you’re mis-using. Clearly FaceBook is the bad guy here.

Just a dumb move all around, by Plaxo.

I am sure a few people already mentioned it but…If I can see your email address on facebook that is because YOU shared it with me. Once YOU put it out there it is going to get scraped, copied, moved etc etc. If you share your email with someone you don’t know on facebook who has 5,000 friends and then get upset about it you need to go to a remedial information literacy class.

Get it together people!

yes, but the screen scraping that Mint does (via yodlee) is just fine!

can’t imagine this helps with their effort to get bought, if true.

but it does speak volumes about the level of their desperation.

(or else just really poor judgement… can’t imagine this effort not getting shut down in a heartbest)

Shanya: FB is protecting user privacy, even if their reason for doing it is selfish. “Beacon” was for self interests, and we rightly criticized it. I want my email address protected from spammers, and I’m going to thank Facebook when they protect that, regardless of their motives.

Scoble is a great guy, which is causing most of the outrage towards Facebook. Scoble and the other bloggers were used by an evil company who was aware of both Scoble’s friend count and geek cred. Unfortunately, this mistake will hurt both Scoble and Plaxo’s credibility, when it should only hurt Plaxo’s.

[...] Update: Michael Arrington thinks they had it comming [...]

[didn't closed an italic tag--can someone clean that up?]

these are the kinds of issues, that shake the pillars of heaven

Are you kidding me? This is SHEER GENIUS on the part of the Plaxo people. They develop a tool that lets you scrape content from Facebook. They then give this tool to a bunch of high-profile bloggers with the caveat that ‘it might not work, but if it doesn’t, it’s Facebook’s fault’. Scoble takes the bait, gets banned and then writes about it.

Oh, and COINCIDENTALLY, Plaxo just put themselves on the block. Scoble and others are now their free PR tool, thanks to this ploy.

If this was their game, they’re a crafty bunch of bastards and I have to tip my hat to them.

Yeah for facebook! I’m glad they are honoring their terms of service. It keeps people honest.

I think this issue should come down, and stop protecting Robert.S he ran script he knew the policy , he didn’t tell anything to FB and now he is paying for it.

What’s wrong with that?

I know if somebody would use all my rss email feeders I would be pissed off too.

[...] prompted this post is an interesting angle to the story by Michael Arrington writing in TechCrunch: […] [Plaxo] developed optical character recognition software to recognize email addresses [...]

I agree with a couple other posts about the fact that FB rips contacts from Gmail, so not sure why it’s such a big deal when another site, using credentials a user has provided, rips contacts out of FB.

The notion that Michael Arrington’s email contact belongs to him, even if he is on my friends list, is flawed. Following that logic, I should not be allowed to export my Outlook contacts into a CSV format without first getting permission from every single person in my contacts list, right? When you are accepting someone as your friend, and provide them full access to your profile, it would seem to reason that you are granting them rights to your information.

I use Outlook as a tool to manage my electronic communications, calendar and contacts. I would hate for MS to impose rules on me for how, when and whom I can share that information with. I think Facebook should be viewed in the same light. The data is mine, but I use FB as a tool to explore my social network.

Some of the comments here make me laugh. I can’t believe that people actually think Facebook did this to protect user privacy.

As demonstrated in their Beacon project and other incidents, Facebook do not really care about user privacy. They want to maximize user information to generate profits. They block Plaxo because what Plaxo does can potentially take traffic away from them. In other words, data-portability will cost them money.

It’s about money guys. Facebook has been, and will always be, greedy. They will do everything to keep the traffic within Facebook.

Justin Baum@45: So with that logic, if you’re a Plaxo user does sharing my information with you mean that I have to share it with Plaxo?

“Some of the comments here make me laugh. I can’t believe that people actually think Facebook did this to protect user privacy.”

not the point, facebook BOTS did this, there was no conscious effort by some person on the other end. and their bots did it to block scripts out because scripts can be used to take down sites. idiot. get your facts straight. this has nothing to do with money OR privacy.

@Comments #8 and #9,

It should be fine if Scoble was able to import _his_ contacts from facebook. The contacts have already approved by adding him as friend and displaying their mail Ids to him.

But the problem is, this isn’t the same as Scoble noting it down manually. Imagine every facebook application I install scraping my friend’s profiles for mail IDs. Now that would be a privacy concern, because it’s not just me getting the IDs into my outlook but also plaxo and numerous other apps that I’ve installed.

Exactly what commenters #13 and #30 are saying.

And I think this is what Mike also means by image v/s pure text. It’s OK for Scoble to take it from image but it’s not ok for the crawlers to do the same. Images were meant to ensure this.

But for 5000 contacts, there ought to be some tool to export, and it better be from Facebook.

Mike,

You don’t talk sense when you say that Robert cannot take your email with him. You trusted him and thatz why you shared your email address with him. Once you share your email address willingly, you cannot say what “software” he can use with it. It is like me telling you that you should only use my email address with thunderbird and not outlook. Just extrapolate this with webservices and you will know why you talk nonsense. I am sharing my email with this comment. I do it because I trust you and TC. Otherwise, I wouldn’t be sharing it. Now if I tell you that you can only store this in this blog’s database and you cannot either backup this database or take my email when you move to another blogging platform, does it make sense. No. FB’s attitude is also similar. Now I am wondering why you signed the Bill of Rights for social networks? Is it to get your name up there in a popular document or because you truly believe in what is said in that document?

[...] Im letzten Jahr hat mich immer wieder die Frage nach dem Recht an den eigenen Daten umgetrieben. Social Networks sollten nach meiner Ansicht offen sein und dem Nutzer Zugriff auf die von ihm zusammen getragenen Inhalte gewähren – auch ausserhalb der Plattform. Google hat mit OpenSocial eine API ins Rennen geschickt, die genau das, was ihr Name verspricht eigentlich nicht macht, aber immerhin reichte es für eine PR-Attacke gegen Facebook. Dem Erfolg von Facebook hat das natürlich keinen Abbruch getan. In diese Diskussion wurde heute ein neuer Aspekt eingebracht: Plaxo, das früher mal unter schlimmen Spamverdacht stehende Adressbuch Synchronisationstool (und neuderings auch Social Network) hat ein Script entwickelt, das die Kontakdaten einer Person in Facebook mit dem eigene Datenbestand abgleicht und noch nicht hergestellte Verbindungen im eigenen System so automatisiert nachträgt. Dazu werden Name, E-Mail und Geburtsdatum verglichen. Bis dato ist dieses Script aber in einer frühen Alphaversion und nur wenigen “Test-”Nutzern zugänglich, so beispielsweise US-Megablogger Robert Scoble mit 5.000 Facebook Freunden. Während das Script versuchte, seine Daten aus Facebook zu extrahieren, wurde sein Account unter dem Hinweis auf potentiell verbotene Nutzung gesperrt. Denn im Gegensatz zum gemeinhin üblichen Prozedere derlei Daten über die API abzufragen nutzt das Plaxo Script die normale Webseite und ein OCR Tool um die in Facebook als Grafik hinterlegte E-Mail Adresse zu entziffern. [...]

@56 “So with that logic, if you’re a Plaxo user does sharing my information with you mean that I have to share it with Plaxo?”

That is an interesting question. But we are talking about human to human communication. Right? Me and you making our emails available to one another via technology. It is not the same asking a store to remove you from their mailing list or to opt out of email notifications. The contracts we have between the companies we use are very different from the contracts between the people we know and choose to communicate with.

If you tell me you are cheating on your girlfriend, does that mean you have to share it with all my friends?

Once you give me your email address you are putting trust in me to use it ethically. If I use plaxo as an address book then yes, you should I assume I am going to share your email with Plaxo.

When you add someone to your friend list, don’t you implicitly give the person permission to view your information? What’s the difference if that person wants to copy that information to put somewhere else, regardless of if it’s manual or automated? If you’re worried about your privacy, set your profile to private, and delete your friends who you don’t want to share your info with.

I am still surprised at how many folks still misunderstand who owns what data. Robert Scoble is the owner of his friend list and related contact info. If he wants to go to the site and copy the information visually onto a piece of paper, that’s his decision and right. Similarly, if he wants to use a software tool to do the same thing, again his right.

People who think that they OWN the bits the describe them residing in other people’s address book or friend list or even brain, are just dead wrong. I own the words and numbers in my address book and the information in it, not you.

Of course, if I do something illegal, unethical, or stupid with that information, and it harms you, then I would be wrong. So, this issue probably comes down to how much risk is Robert Scoble putting Michael Arrington into when he imported his FB data into Plaxo. Answer: none. And, of course, there will be people who will say “But, I don’t want my friends to put me at risk!” If you feel that way, you should probably stop using the internet and get some super-duper anonymous email service to protect you from….er….nothing.

Lastly, let’s not kid anyone: Facebook is making it hard to copy your info so that you cannot move to another service. It is not to protect your privacy. Sheesh.

If even people that are allegedly tech savvy as I imagine Scoble is, are dumb enough to *hand out* their fricking Facebook (and Google, and Yahoo, etc) credentials to a third party company (regardless of having spamming background or not) they can’t complain later for consequences of the actions that the company took *on their behalf* *with their consent* using the password that was *intentionally hand out* to them, be this action an “innocent ocr email scraping”, the spamming of your whole contacts list or even worst, shopping in Google Checkout using your account for example(I don’t know of any case of this and I am not accusing anyone in anyways of this shady business practice, I am only saying it is possible to happen).

Scoble was naive enough to give his FB credentials to a company in exchange for convenience or whatever other stuff, and now doesn’t want to be punished for TOS breaking that the entity impersonating him made.

This is not about open-ness or anything, this is about contracts, everybody knows that Facebook is not an open website and that exporting of data is not something they are friendly with, even then people like Scoble continue using it, which basically means *accepting the contract*, *accepting the game rules*, *agreeing with the insane ridiculous facebook TOS*.

Instead of voting with their foot and wallets and migrating from facebook to better platforms they stay and try to force a mentality change from inside out, it is an approach, and people are free to try that, but you shouldn’t complain or whine about the fact you got banned when it fails, that’s all.

“Flub” is a poor substitute for “FAIL”

Meta-FAIL.

Update!
Facebook let Robert Scoble back in:
http://scobleizer.com/2008/01/03/facebook-lets-me-back-in/

Cancel your Plaxo account if you care about privacy…

I wrote a blog post earlier today about Facebook disabling Robert Scoble’s account for attempting to extract his contacts’ information using a script.
Since writing my post and conversing with what felt like the universe on Twitter about the ma…

Hey Mike,

How do you feel about Facebook allowing college administrators and business recruiters to view college students’ profiles?

Speaking as a fraternity brother, our director of greek life warned us that she could track all of our activity on Facebook and basically shut down our events before they even begin.

A lot of college fraternities use Facebook Events as a system for building the “guest lists” that our risk reduction policies require us to produce, just as an FYI.

Plaxo unrepentent, they’re going to roll this out anyway under the astroturfed “data trust”: http://www.web-strategist.com/blog/2008/01/03/a-discussion-with-plaxos-joseph-smarr-and-john-mccrea

Wow. I just read 68 comments, many of them good. I guess I’ll chip in.

There was the question (I can’t remember how far back now) of whether being my friend means you can “steal or borrow my data”. This is preposterous because you’re right, I can’t do either: you’ve already given it to me, and now I can do what I like with it. The question this post has raised seems to be is: “Do the TOS limit how you can do this?”

I understand your email address (though I’m unsure what other information, such as phone number or street address) is unavailable to me electronically via Facebook’s TOS and API, whether displayed as an image file or not. But if I can see your email address on your profile and I want to be sure I can use it to try to contact you, I would be remiss not to note this information somewhere other than on Facebook’s servers. I’m not so digital that I trust Facebook will never crash – just when I need it.

So! The fact that Plaxo used a poorly– written script to bring your information from my Facebook account to my Plaxo account as a free service makes them the bad guy. OK, fair enough: they did something wrong – maybe even illegal – and perhaps to protect me, or themselves – but the most important thing (as any PR serious person will tell you) is that Plaxo didn’t engage in a dialogue with Facebook, regardless of its outcome. If Plaxo had offered this script as a public beta, I bet there’s a decent chance user response would have been overwhelming (and, indeed, possibly crashed Facebook’s servers – essentially causing a DDOS attack if I understand those correctly, which is why the bots prevent accounts running the script to exist).

So what’s the issue here? Is Facebook the “bad guy” or is Plaxo trying to undermine Facebook’s “security” systems. (I used quotation marks there because it sounds like a lot of people have long since broken the email-as-image protection, and I think the people discussing this issue should know better.) So how about this? Put access to your friends’ email addresses behind a Turing test.

What really surprised me reading all this is how surprised and outraged people are that a legitimate company tried to get away with this. If hackers get away with it daily, and it’s something ordinary people, not just businesses want (think street criminals and cheap iPhones that fell off a truck for sale. Oh wait: you can only by an iPhone with a credit card…), don’t you think it’s something a business would try to offer its non-paying-anyhow customers?

Get real: privacy doesn’t exist regardless of anyone’s TOS. This is the same battle as DRM and that one’s already been lost. Accept it or don’t play or fight back. (Also, remember that most people don’t even consider privacy issues, let alone let themselves be bothered by them.)

Cheers

I am amazed all this crap from adults about user friends, contacts, on a social network. In the grand scheme of life, there are far more issues to deal with. Get a life and leave the social sites to insecure teens.

Really sounds like you’re missing one point.

Facebook users want the ability to do this, the API needs to support it, or other sites will find way around it.

If the API supports it, then it can build in security, allowing for the choice to be made by the “owner” of the data. There would be a privacy option to block the transfer of data via the API to 3rd parties.

Without building it into the API, people will find ways around it, eleminating any built in security (or just choice).

Basically, all the ppl saying scoble took *their* dat are partially retarded.

At my company, we have something called a Customer Relationship Management system. It is a database of every prospect and customer we do business with on a day to day basis. We use Salesforce to manage this data. Most of it was gathered from phone conversations had b/w our sales staff and ppl at the company. Many times the contact at the company we are dealing with gives us conatct info for the VP sales, Marketing Director, etc. WE OWN the DATA. If we choose to use Sugar CRM, Oracle, or anything else. We will simply export/export. Simple as that. Granted, we pay Salesforce, and if they used that info to contact our prospects/ customer the relationship would be over immediately.

Are you ppl sure you understand technology?

Right, data ownership is not the issue here. Nor is Facebook’s privacy policy. Plaxo’s trustworthyness is, however.

The issue is whether sharing your information with someone gives them the right to spread it around to whomever they want, even if they are a company like Plaxo. The question isn’t whether Scoble, Plaxo or Facebook are within their rights here, the question is whether people like Scoble are abusing the trust of their friendsters.

If you ask me, it just makes Scoble look like kind of a dick, facilitated/egged-on by Plaxo, for assuming his friendsters want Plaxo to be a part of their lives. And if Plaxo has any say (or data) in it, Plaxo will make sure that Plaxo becomes a part of Scoble’s friendster’s lives. Or at least give the friendsters an “opportunity” to experience the “benefits” of using Plaxo. You can count on it.

Ok, so in condensed form: Plaxo and Scoble knew this was against the TOS. They got caught, and shut down.

Seems to me that’s a fair result.

Your opponents are totally missing the point. As part of the action of inviting Scoble to be my friend (or accepting an invite to be his) I gave him the right to see my email address and contact me. Facebook’s “you can revoke that right at any time” is like asking to see the prices on the menu after you ordered and ate the food. (ok, the other image I had involved an adult theme)

Once someone gets to see it, it’s out there and you can’t take it back. Ask anyone in a relationship who says something and then wanted to take it back. Facebook is building a business on a principle that you surrender any rights you have to information because you choose to use their free service.

So it’s ok in your book for Facebook to scrape other sites for information, use it in ways that the web operator and the user un-intended but god forbid someone chooses to exercise their rights to information.

Here is an item to ponder. If I gave you a business card, but the card has a disclaimer that you cannot mechanically or electronically reproduce it, do you have the right to drop it into your cardscan scanner to add it to your Outlook?

If you say I don’t have that right, do you think I have the right to transcribe that information myself into an outlook contact card by entering it at the keyboard (either myself, or by contracting services to enter my data for me).

Where does the line get drawn, or do I go back to drawing on the walls of my cave instead of the wall at Facebook. BTW get all those dammed anthropologist out of my cave, those drawings are (c) 10,000BC by ME .. Didn’t you understand the squiggle, dash, dash, and circle as my copyright symbol?

Scoblegate: Plaxo incursion into Facebook-land…

I read one of Scoble’s tweet’s yesterday about how he was kicked off Facebook for running a script on Facebook.  My thought was how silly this was given Scoble’s influence and that if there was some sort of misunderstanding Facebook …

First off, I am not a FB member, or for that matter, with any other social site but I do wish to comment on the issues.

FB are not restricting the export of email addresses to protect your privacy, their Becon advertising systems abuses that data in far wider breath than the export could ever do. They are protecting themselves and their interests. Period.

It is the responsibility of the user to make sure they give out their email address to only those they trust. If you accepted or sent out a friend invite it is you that has decided to share your information. And it is you who is in control on how much information to share. The whole debate has raged on whether Plaxo or FB are in the wrong, but no one has questioned the user themselves. Where and when will the user accept the responsibility?

Let’s get this in perspective. I don’t belong to any social sites and yet many of my “real-world” friends have. And when they have, they have given out my email address to these companies and I regularly receive invitations to join the big sites. Should I be angry with the sites, or my friends for sharing my email address?

Of course I am a little smart and as such only trustworthy friends receive my real email address, and those I don’t wholly trust with the information are given an email address that can be replaced easily if it gets on a spam list. But the point is, I gave them the information and they are free to contact me using that address and phone number. If I wasn’t happy for them to do so then I wouldn’t give them the details or they wouldn’t be my friends. But on social sites it seems that people are willing to share all their data and then cry foul if it doesn’t suit them. Yet most people don’t even blink and think about the value of the data and how it is/will be used by the most powerful company – the social-site they become members of.

The author of this article makes a big deal about privacy, so why does he require an email address to leave comment? I don’t know him, wanted to discuss with others and now I have had to leave an email address! Why?

How will it be used, stored and protected? Am I to take the honesty and word of the author to trust him/her without proof or prior relationship? Why?

[...] comentó Michael Arrington en TechCrunch y Enrique Dans se hizo eco. Todo empezó cuando Robert Scoble, [...]

[...] of your Facebook data, for instance, is associated with the Facebook data of other users. Thus, as some have pointed out, your perceived right to data portability might be opposed to my perceived right to [...]

[...] like to ask Nick Carr, Jeff Jarvis, Dare Obasanjo, Michael Arrington and anyone else who is supporting Facebook in their treatment of Robert Scoble using Plaxo’s [...]

I think Plaxo needs to come up with scripts that are smarter (don’t read too many profiles a second etc). I am with Plaxo, I can always copy all my friends information and add that to Plaxo. This is just making the process efficient.

Scoble Plaxo vs. Facebook…

Ther recent imbroglio over internet celebrity Robert Scoble being banned from Facebook raises some long-overdue questions. It appears that Scoble used a beta version of a tool from Plaxo to extract his social graph from his Facebook account. Facebook’…

Another way to get the e-mail address for all your FB friends is to use my app Rolodexterous. One of the many things it can do is go through your web based e-mail account and match up the names from your e-mails with the friends on Facebook. More generally it provides you with a single spreadsheet view that shows whatever FB info you want for each of your friends with the option to add your data. Of course, you can export it to.

Well, it was quite a week!

We had not planned to roll out Facebook Import that early or in the manner that unfolded. Looks like we ignited an important debate about who owns what data, and about how to enable portability of the data that you have the right to move. It is clear, however, that there are deep differences of opinion on this topic, and the reception of Facebook Import has been nothing even reomotely like the reception of our LinkedIn Import. So…

Where it stands at the moment: We are putting the Facebook Import project on indefinite hold, pending the outcome of our discussions with the folks over at Facebook.

But eager to see the debate continue over address book and friends list portability.

I’ve already posted back to Robert Scoble on how I feel about what he did so I won’t bother reposting that here but I do want to address the fact those “journalists and bloggers” along with Plaxo should have known better. What they did was in clear violation of Facebook’s TOS and not far from trying to hack the Facebook website. How would those “journalists and bloggers” feel if some group out of Russia developed a spidering tool which when ran against Community Server or WordPress would hack into the hidden email addresses of the posters and at the same time obviously place a load on the server running those sites? If Scoble’s Blog was not available for hours a day because some tool was running against his site I think he might change his tune pretty fast.

The deal is Plaxo knew this was wrong, Scoble knew it was wrong and Facebook has every right to cancel accounts, block access or legally going after Plaxo for hacking into Facebook.

Plaxo… Ugh… …

Plaxo is one of my favorite online services (I know I’m pretty lonely at that…) [1]. If you peel away the spam issues they had, etc – the core idea is pretty powerful:If historically I had to maintain and keep…

[...] recently disapproved of Plaxo’s Pulse, an app that allows you to link your Plaxo and Facbook accounts and grab all [...]

[...] de l’OpenSocial mais l’arrivée de Facebook est plus surprenante et significative. Le 4 Janvier dernier nous avions défendu la position de Facebook face au ScobleGate Plaxo. En rejoignant de [...]

Here we see facebook’s respect to it’s users,without users there will be no facebook,
it seems facebook’s eyes don’t see anything rather then green dollars
now we see facebook is all about callect persons information and seel it
we saw this in project beacon before

I have to say that I am absolutely shocked and amazed at most of the comments on here, and this article in general.

My social graph is between me and my friends; it’s not Facebook data. If you’ve added me as a friend and made your contact info available, then I should be able to export that data and use it where I want to.

It’s like you giving me your phone number, but telling me not to ever call you because it would invade your privacy.

I’m your *friend*, Facebook isn’t.

To all you people who support Facebook in this matter (in *any* way whatsoever), you really should just get off the internet, because you obviously don’t get it.

[...] need to give my friends details to all these apps to make their business concept work. Plaxo just got bashed for developing an automated tool to import Facebook details into their network. Some test users got [...]

[...] TechCrunch mener at det var noget fjollet af Plaxo at lade deres robotter l�s p� Facebook, uden f�rst at advicere Facebook, og som Plaxo skrev til Michael Arrington for at lade ham v�re fors�gskanin p� Pulse: �We don�t know whether Facebook will try to shut us down (despite their increasing verbal support for the concepts of open-ness), so we want to let a few key folks have access to the functionality before we make it available to everyone.� [...]

[...] ils font déja partie de l’OpenSocial; l’arrivée de Facebook est plus significative. Le 4 Janvier dernier nous avions défendu la position de Facebook dans l’affaire du ScobleGate. En rejoignant [...]

[...] platforms such as OpenSocial it’s not that significant, but Facebook is another matter. On January 4 Michael sort of defended Facebook’s stance against Plaxo pulling data from Facebook on the [...]

[...] hace un tiempo sigo en Blogs como Techcrunch y Wired los detalles de la batalla que se ha desatado entre los servicios Plaxo Pulse y [...]

[...] in the briefing, they’ll facilitate the synchronization of the Yahoo address book with Plaxo (Facebook hated the idea of users doing this, by the [...]

[...] and otherwise manage messages. But that functionality doesn’t exist, and Facebook has shown little tolerance for third party applicaitons that solve user problems in innovative but unauthorized [...]

[...] in the briefing, they’ll facilitate the synchronization of the Yahoo address book with Plaxo (Facebook hated the idea of users doing this, by the [...]

[...] has been on the wrong side of this issue before, when he tried to scrape his friend’s contact information out of Facebook and export it to [...]

[...] And I’ve tried many different techniques to encourage Facebook down the open path, some more controversial than [...]

[...] And I’ve tried many different techniques to encourage Facebook down the open path, some more controversial than [...]

[...] And I’ve tried many different techniques to encourage Facebook down the open path, some more controversial than [...]

[...] you may recall, this was at the heart of the controversy now know as “Scoblegate,” in which Plaxo had created a Facebook importer that brought a user’s friends list, [...]

[...] De ahí que Plaxo implementara en su script técnicas para el reconocimiento de caracteres. Según Michael Arrington, el bloqueo de cuenta por utilizar esta herramienta está más que justificado: Plaxo started [...]

[...] and more, it turned by accident and miss-communication into a major incident. By then the world was ready to argue and debate the key questions, but not ready to come to any [...]

[...] Comca­s­t l­as­t y­ear f­or $150 m­il­l­ion­, h­ad­ tr­o­uble pullin­g Fac­ebo­o­k­ co­­nta­cts­ i­nto­­ the Puls­e s­tr­ea­m. [...]

[...] Plaxo initiated this script against Facebook’s wishes. According to the Technorati article Plaxo Flubs It, “Facebook doesn’t like this, of course. But it isn’t Plaxo that’s paying the price. It’s [...]

[...] it through other means — a big no-no for most social networks, as we saw with the Scoble/Plaxo fiasco. It didn’t take long for Facebook to file suit against Power.com for scraping user data and [...]

In my personal, everyday, feet-on-the-pavement interactions, I use the following:
If I suspect that giving someone, or some organisation my contact details (mobile/email) will see that information forwarded on to entities I don’t know, I won’t give it.
If someone provides me their contact details, I will never provide it to anyone else, even if directly asked, without the original person’s express consent.
For me, it’s common privacy courtesy, something most of these social sites are lacking.

[...] it through other means — a big no-no for most social networks, as we saw with the Scoble/Plaxo fiasco. It didn’t take long for Facebook to file suit against Power.com for scraping user data and [...]

In an email from the company asking me to try the service last week, they said “We don’t know whether Facebook will try to shut us down (despite their increasing verbal support for the concepts of open-ness

I do not believe that my data esten safe.

[...] a script against Facebook, thus violating the site’s ToS. It appears that an ill-conceived experimental Plaxo Pulse script that used screen-scraping to retrieve email addresses is the culprit. I empathize with [...]