After reading about Rapleaf on ZDNET I thought to give them a try and see if they find any information about me.
The answer is really really scary. Rapleaf knew of Social Networking sites I was not aware I had joined. Rapleaf also linked my true identity with my false one… What does this mean? Well I have a few e-mail addresses I use to try out new things but by using them too often I might once even use one of those addresses with my real name. Here is one example from one of my e-mail addresses:
Rapleaf knew that I was I member at Plaxo (had forgotten this one). LinkedIn, Flickr, Facebook, Hi5 (don’t use this one), Myspace (different name, different age as Myspace asks you to sign up to see certain profiles..), Ringo (also did not know I was a member there – just requested my password so I could close my account).
It frightens me to see that companies have all this access and bundle the information and also sell it on to other companies. The first thing I did was to start the annoyingly long and complicated opt out process
Opt-Out
An individual may request information taken down for a given email address by emailing support@rapleaf.com.
Additional, individuals can elect to have their information opted-out from Rapleaf’s database by following these steps:
1. Email opt-out@rapleaf.com from the email address requesting to opt-out. Rapleaf will then email back an opt-out form to confirm the email address.
2. Print out this customized opt-out form, fill it out, and mail it to the following postal address:
Rapleaf
Attn: Opt-Out Request
657 Mission Street, Suite 600
San Francisco, CA 94105Rapleaf will then quickly follow up with a confirmation email. All relevant information pertaining to this opted-out email address will also be removed.
What is your take on this? Is it legal for them to do this?
Update: Also see this blog entry: Some more Rapleaf concern
I suspect it would be legal because this is a new enough technology that laws probably haven’t been passed against it yet. Unless they violate an opt-out that they have said they would not violate, I imagine it would be legal. IANAL, but I don’t think there’s anything against companies collecting information about people– if there were, we probably wouldn’t be constantly seeing the disclaimer from sites that promise not to.
I think the key issue – despite their privacy policy stating they comply with safe harbour agreements with the EU – is that they operate in the United States. So in reality, as a UK based person, you have very little protection. In the US, unlike here, the individual does not own the information about himself; the business that collects it does. Therein lies the rub.
They are hardly the first, though, to do this. You must have heard of ZoomInfo.. I do not know if Zoominfo asks people to register etc like Rapleaf does. And pretending the business is about ‘internet reputation’ is a clever step but I would not be surprised if someone (e.g. Google) buys them pronto. Their T&Cs says if they merge with someone, all the members of that website may automatically be registered with Rapleaf.
I suppose if we wish to manage our reputation, it is up to us to do whatever we need to.
BTW I have not figured out how they might get to link you with your email ID if the email ID is not in the public domain?
Thanks.
[...] Andre H. (http://n0comment.wordpress.com/2007/09/03/the-internet-and-privacy-get-yourself-removed-from-rapleaf...) [...]
very interesting, but I don’t agree with you
Idetrorce