Which top networking sites do -- or don't -- protect user privacy? (first of two parts)
I must confess that I really like music from the 1980s. I've consistently been a fan for more than 20 years -- even during those times when it wasn't considered cool. (My daughter insists that it has in fact never been cool to like '80's music.) Back in college, I was even fortunate enough to have shared the stage with new wave luminaries such as a Flock of Seagulls, Echo and the Bunnymen and 10,000 Maniacs. And even though I'm older and wiser now, I haven't shed my love of all things '80s. Over the years, I've used a number of sites and other interactive tools to give me a virtual heads up every time my favorite '80's band comes to town.
Many of these networking tools -- both new and old -- have been receiving a good deal of attention over the past year. Each proudly offers a number of opportunities for me to connect with like-minded individuals on both a personal and business level. Many of these sites collect a considerable amount of data on their users, and allow others to search through and view some or all of that personal data. And whenever consumer data is collected and shared online, there are bound to be some privacy concerns.
With that in mind, I took a look at a number of the social and business networking tools from a privacy and marketing perspective. Specifically, I examined the interactive communities from five different points of view: authentication, control, policing, revenue models, and blogger and customer feedback. Those five criteria break down the Chapell view on networking sites. Today, we'll look at authentication and control.
Authentication -- How do I know you are who you say you are?
I remember reading the story about the person who bought a car listed on Craigslist only to have the car stolen back by the seller a few days later. That sad tale illustrates how the Internet is held to a much higher standard on these types of issues. For example, nobody's asking my local newspaper to run background checks on everyone who responds to my ad selling my Dodge Dart. But oftentimes, that is the first question asked when evaluating an interactive tool.
In part, this is because we're in a new medium -- at least relative to newspapers -- which have been selling classified ads since the late 19th Century. But it's also because even the savviest adults are prone to let their guard down when online. Regardless, having some level of authentication can be important because it breeds a feeling of safety, and safety breeds trust. Each of these sites has a different level of authentication.
School-affiliated sites tend to have fairly rigid authentication procedures. For example, Affinity Engines, a Palo Alto company that provides social networking for alumni associations, authenticates users before they can join. Members authenticate either by sending an email from a school or alumni email address, or by faxing a transcript to the site. The Square, which has setup online networks for alumni and students of premier institutions of higher learning, (currently 40 schools including Harvard, Columbia and Georgetown) takes a similar approach.
Classmates.com, which is one of the first and the largest of the networking sites, takes more of a laissez faire approach to authentication. For example, any of their premium subscription members can sign themselves up as a reunion organizer for just about any high school or college and subsequently email his class announcing the reunion. It's a useful technology, but also one that is rife for abuse. While the credit card they use to process the membership fee can validate who a user is, there is nothing in place to validate that the user actually attended any particular school.
As a result, I was able to set myself up as a reunion organizer for something like 16 different classes in eight separate schools. Maybe I was the first to "abuse" the system in this way. Nevertheless, given their lack of authenticating steps, I'd recommend that Classmates place limits on the number of reunions a member can organize, and/or limit the number of email messages a member can deploy through the system.
Some of the sites are working towards additional authentication of members. LinkedIn, a professional networking site, for example, allows members to request an endorsement from other members, and list them on the site next to their profile. Tribe.net, a site that links people who share similar interests, also offers users the option to request testimonials from fellow Tribe members. The premise is that the testimonials/endorsements serve to authenticate as well as recommend.
As Marc Pincus, CEO of Tribe.net says, "The best thing these networks can do is provide an open, transparent model, and work towards building trust metrics similar to those established on eBay." Although trust metrics are starting to develop, most are still in their adolescent stage.
Control -- What level of control do I have over who sees my data?
One concern I've heard about networking sites involves what happens to personally identifiable information (PII) once you post it onto a site. For example, there are many things that I'll confide to my family and close friends that I'd never tell a casual acquaintance. And when it comes to professional relationships, I'm even more careful about the information I reveal. So it's extremely important for most users to have control over their PII -- who sees it, how much they can see, and when they can see it.
Most of the tools offer some level of control. For example, Affinity Engines' inCircle tool affords users the power to block other users from their network, or even to delete them. Evite, the online social planning site, lets users decide if they want to show their personal profile to other event attendees. So I may decide to show my profile to others attending my friend's birthday party, but not show my personal profile when responding to my company's happy hour event. Users may also RSVP anonymously to any event.
Tribe.net combines event listings with personal, dating and professional information. Tribe even provides job listings though a partnership with Careerbuilder.com. And since most people would prefer to reveal different things to different people based upon the context of their relationship, Tribe provides their users with a good deal of flexibility regarding the information others can see. Tribe even lets users decide whether they want to be exposed to mature content from other users.
Plaxo, a company that is trying to create a ubiquitous rolodex of Internet users, has received a good deal of criticism from privacy advocates. Its critics' argument is that the company facilitates the creation of online databases which can contain PII on people who have no idea their information is on that database. For example, if I add my friend Bill to my Plaxo contact list, and Bill isn't a member of Plaxo, then his information becomes part of my Plaxo database without his consent.
Plaxo's response is that this is no different then when I store PII from friends in my Hotmail address book. The company makes a good point. However, when I store Bill's information in Hotmail, he isn't getting an email from Hotmail asking him to confirm that information. And once Bill's data leaves the Plaxo servers and appears in his inbox, there's a chance that Bill's going to get squeamish. I'm not ready to say this is the end of the world, but just that the company has its work cut out for it in terms of managing perceptions. More on that later.
Tomorrow: The Chapell view on policing, revenue models, and blogger and customer feedback.
Alan Chapell is a consultant focusing on privacy marketing -- helping companies understand privacy and incorporate consumer perception into product development. He has been in the interactive space for more than seven years with firms such as Jupiter Research, DoubleClick and Cheetahmail. Chapell is the New York chapter chairman of the International Association of Privacy Professionals, and he publishes a daily blog on issues of consumer privacy.