30boxes – the consummate end of privacy

January 25, 2008 at 7:04 pm | Posted in Internet | 13 Comments
Tags: , , ,

Ok, we’ve given up privacy a long time ago – Facebook/Studivz probably was the ultimate blow. And here now is the application that brings all the bits and pieces of you on the net together: 30boxes.com. They pretend to be a calendar service, but what disturbs me more is that you can enter anyone’s email, and it’ll tell you where this person has posted data of him or her on the net.

For instance, I typed in my boyfriend’s email address which does NOT give away his real name – and 30boxes gave me his first name and the first letter of his surname. I typed in Lenina’s email address and it produced her flickr account – even though she uses a completely arbitrary user name.

In theory, your email address shouldn’t be visible to anyone on flickr – so how can some shady web application find out whether you’ve got a profile there or not???

13 Comments »

RSS feed for comments on this post. TrackBack URI

  1. First, we are definitely not among the shady!

    Flickr and many websites have open apis that allow folks to do look ups by email. I believe that each social service out there has their own policies that allow (or do not allow) you to control how this information can be pieced together.

  2. Agreed, it’s easy to put the blame on users who don’t read the terms and services (who does, actually, and would a fact such as that ones email address can be grabbed from the API be in it?).

    In any case, the fact that it IS technically possible to extract and make public (public, because anyone can join 30boxes and enter email addresses at will – nobody knows or can control whether he or she is being searched or not nor by whom) the connection between an email address and a nickname, doesn’t automatically justify and/or legalize it.

    If you judge it by the user experience: If a user has the opportunity to sign up on flickr and choose a NICKNAME so as to KEEP HIS REAL NAME private, we can assume that he or she intended to keep these things apart.

    I am going to write an email to flickr and ask whether they know about their open API and whether they intend to keep it that way.

  3. this is terrible! I’ll have to seriously consider my membership with various certain sites; plus, I’ll NEVER use my main email address for anything again, other than personal and maybe some professional communication (but NOT to sign up to anything…)

  4. […] the my IP I suppose), addressing the privacy issue raised by the 30boxes mashup (I wrote about that here). I picked the ‘Infringement of Privacy’ label, hopefully I’ll get a response, […]

  5. Actually, 30boxes has been around for some time, and I too think they are not the shady ones. First and foremost, they are a really well done calendar service. The fact that they allow you to add the social stream of your friends is a feature that I’m sure is not intended to do any harm.

    It always boils down to the way people use services online. I for myself like the way 30boxes allows me to keep track of what my friends and family are up to.

  6. My concern here as very little to do with the intentions of 30boxes, and even less with the fact that some find it useful to keep track of their family of friends.

    The consequence of such a service is that your email suffices to find out what you our up to – you just left your email on this blog, it now gives me access to your virtual whereabouts.

    ANYBODY who knows your email address can have access – and as email addresses are there for communication, it doesn’t make sense to keep them quiet, does it?

    Your life becomes open source – hope you can dig it.

    I am sure the people of Langley, VA, use 30boxes, spock.com, 123people.com very happily – saves them costs.

  7. Sure, the whole premise seems daunting, but isn’t that what we all want (as publishers of blogs, photos, etc.)? This is exactly what we discussed at BarCamp, as publishing personal details on the Internet always entails exposure. Whether that exposure is aggregated easily by using a single point of access like an email address, or by using a search engine like Google, is simply a matter of taste.

    As soon as you’re registering with a service on the Internet, you should be prepared to being associated with that service sooner or later. And frankly, this is what most people who make ample use of Web2.0 services want. For those who don’, privacy features are part of almost every respectable web service.

  8. No, I don’t think that this is what we all want: complete exposure and to everyone.
    It may well be that we’ll be heading in that direction (but I assume that our assumptions regarding the distinction of public/private and of our social self will have to undergo considerable transformation until then). It would be poor argument to say ‘Friend Lenina, for instance, doesn’t appreciate to have her flickr nick mapped with her real name email address) – yet it is as strong an argument as to say ‘Isn’t that what we all want?’, so I’ll use it anyway.
    Regarding the general assumptions that as “soon as you’re registering with a service on the Internet, you should be prepared to being associated with that service sooner or later”: I do agree that this is, technically, a fact – sooner or later you will be associated with that services.
    Yet that doesn’t mean that it is ok that way – I know that this type of technological determinism is a dominant view, in particular among those technology-savvy early adopters: If it is technically possible, then you better get used to to it. Many many people, and probably the majority of users who are using these services are simply unaware of the consequences – and the privacy features you mention are worth nothing.
    If, for instance, Flickr gives me the opportunity to NOT broadcast my email address on my profile, then they should also have built in the necessary privacy features to PREVENT that my email address and nickname can be mapped and made public by a third party.
    If they fail to do this, then their privacy features are nothing but a hoax, a lame attempt anyway.

    And please note: I am not putting the blame on 30boxes or similar providers – if anyone is to blame, then it’s the platforms (flickr, myspace) who fail to protect their APIs.
    In your case, however, it seems like you’re more inclined to put the blame on users – “Your own fault if you use internet services”.

    Again: Many people don’t realize what the consequences are if they sign up – yet do you think one can really afford to not custom any of these services these days, or in the future?

  9. Well, I’m not actually blaming anyone, but I’m trying to point out what you have pointed out as well, which is the fact that people need to get better acquainted with what it means to use a social service on the Internet. This, in combination with better documentation by the various services like flickr or myspace, would prevent supposed privacy leaks like the aggregation of real names, addresses, etc. from all kinds of services.

    The purpose of an API is to give developers the ability to cross-reference and connect various services. It’s the API that has helped the so-called Web2.0 to evolve. And as always when it comes to any sort of progress, either in technology or science, some sort of rulebook needs to be created to prevent abuse. Until that rulebook exists, there simply isn’t any other way to prevent abuse but through the user’s discretion.

  10. This is indeed the crux and biggest problem: You need the API to connect various services, but there seems to be little agreement as to what may be linked and what may not.

    Call it “The Dark Side of the Force” if you wish.

    Do you know of any attempt to create a rule book? That would be an interesting project to launch. Moreover, such rules must also find a legal reflection.

    I feel I have to disagree though to the suggestion of leaving the prevention of abuse to the user’s discretion. This is a) impossible just as it is impossible for the individual (average) user to anticipate what’s happening at the tech front (how many do you think have even a vague idea of what an API is or implies?) b) an irresponsible approach, as it comes down to saying “well, then don’t give your email address to someone else if you don’t want anyone to tamper with it”. You may be able to prevent communication by not communicating at all, but as soon as you do, your data are prone to abuse (see the BarCamp discussion – all electronic communication is public).

    In my eyes, we need a legal frame work that protects the weak ones (read= the average user).

  11. No, I don’t know of any attempts to create a rulebook. Maybe with the advent of Google’s OpenSocial, a rulebook could be incorporated.

  12. […] light of recent discussions, especially the ones at the latest BarCamp, on Anaj’s blog or in Christian’s posting on 123people.com , I think these quotes from a Compiler entry on […]

  13. They pretend to be a calendar service, but what disturbs me more is that you can enter anyone’s email, and it’ll tell you where this person has posted data of him or her on the net.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: