Boing Boing: Share YouTube video = share friend's email with Plaxo? UPDATED

Tuesday, August 15, 2006

Share YouTube video = share friend's email with Plaxo? UPDATED

"Natch" was among BoingBoing readers who've written in about this:

While debugging why YouTube videos are not working on one of my PCs, I tried the 'Share' link to try to get to the URL. In the popup that appeared, the NoScript extension was blocking some JavaScript. Clicking on the button to enable the code revealed that the JavaScript was hosted at -- gasp -- Plaxo (no linkee for them), the company that enlists its users to send spamalicious address book related emails. So from the looks of it, when you share a YouTube video with your friends, you may be unwittingly adding your friends' email addresses to Plaxo's databases. Slick. Or, should I say, slimy. At least it appears so. There is no confirmation that this is what is happening, but it certainly does look suspicious.

I emailed YouTube's media spokesperson yesterday evening about this question, and await a reply. I imagine YouTube's privacy policy / terms of use statement would address this possibility in some form, but I cannot access it to check -- the site is currently unavailable: JPEG screenshot.

UPDATE: No reply from YT, but Joseph Smarr, an engineer with Plaxo, explains that the answer the question in this blog-post's subject line is "no." Smarr says:

Nothing nefarious is going on here—no e-mails are being “unwittingly added to our databases”. YouTube is using our Address Book Access Widget so their users can easily pick people from their hotmail/gmail/outlook/etc address books to send video links to. It’s completely optional and no personal info is sent to Plaxo when our JavaScript loads on YouTube’s page. Furthermore, all the data we pass through as a result of using the widget is dropped as soon as the user is done selecting contacts. Lots of other sites are also using our widget (zazzle, break.com, etc.) so they don’t have to write their own auto-importers for the myriad address book services out there.
I’m not sure how many of your readers have been following Plaxo, but we’ve taken serious steps to curtail the amount of update e-mails our users send out, and we’ve publicly apologized to the people who were annoyed by the e-mails in the past. We’ve gotten a lot of positive feedback about this effort, including from some of our toughest former critics, like Michael Arrington at TechCrunch. Our usefulness as a service has also increased a lot recently, with sync clients for Mac, Thunderbird, and AIM, an open API, and over 10M Plaxo members that provide up-to-date contact info automatically (no e-mails). So I hope people will take a fresh look at Plaxo!

UPDATE: YT never did reply, but their privacy policy is accessible again. IANAL, and this is sort of a moot point now since Plaxo already replied -- but the language would seem to prohibit the kind of data-sharing scenario "Natch" and other BB readers asked about.

posted by Xeni Jardin at 11:38:41 AM permalink | Other blogs' comments

suggest a link \| defeat censorware \| rss \| archives \| t-shirts \| digital emporium \| podcast feed \| mark \| cory \| david \| xeni \| john
Support Bloggers' Rights! HOWTO: Get a link posted to Boing Boing Boing Boing Mobile powered by Winksite Fark rules! This work is licensed under a Creative Commons License permitting non-commercial sharing with attribution. Boing Boing is a trademark of Happy Mutants LLC in the United States [and other countries]. Stats (About our stats) defeat censorware Policies Our first five years' worth of posts in one file	Tuesday, August 15, 2006 Share YouTube video = share friend's email with Plaxo? UPDATED "Natch" was among BoingBoing readers who've written in about this: While debugging why YouTube videos are not working on one of my PCs, I tried the 'Share' link to try to get to the URL. In the popup that appeared, the NoScript extension was blocking some JavaScript. Clicking on the button to enable the code revealed that the JavaScript was hosted at -- gasp -- Plaxo (no linkee for them), the company that enlists its users to send spamalicious address book related emails. So from the looks of it, when you share a YouTube video with your friends, you may be unwittingly adding your friends' email addresses to Plaxo's databases. Slick. Or, should I say, slimy. At least it appears so. There is no confirmation that this is what is happening, but it certainly does look suspicious. I emailed YouTube's media spokesperson yesterday evening about this question, and await a reply. I imagine YouTube's privacy policy / terms of use statement would address this possibility in some form, but I cannot access it to check -- the site is currently unavailable: JPEG screenshot. UPDATE: No reply from YT, but Joseph Smarr, an engineer with Plaxo, explains that the answer the question in this blog-post's subject line is "no." Smarr says: Nothing nefarious is going on here—no e-mails are being “unwittingly added to our databases”. YouTube is using our Address Book Access Widget so their users can easily pick people from their hotmail/gmail/outlook/etc address books to send video links to. It’s completely optional and no personal info is sent to Plaxo when our JavaScript loads on YouTube’s page. Furthermore, all the data we pass through as a result of using the widget is dropped as soon as the user is done selecting contacts. Lots of other sites are also using our widget (zazzle, break.com, etc.) so they don’t have to write their own auto-importers for the myriad address book services out there. I’m not sure how many of your readers have been following Plaxo, but we’ve taken serious steps to curtail the amount of update e-mails our users send out, and we’ve publicly apologized to the people who were annoyed by the e-mails in the past. We’ve gotten a lot of positive feedback about this effort, including from some of our toughest former critics, like Michael Arrington at TechCrunch. Our usefulness as a service has also increased a lot recently, with sync clients for Mac, Thunderbird, and AIM, an open API, and over 10M Plaxo members that provide up-to-date contact info automatically (no e-mails). So I hope people will take a fresh look at Plaxo! UPDATE: YT never did reply, but their privacy policy is accessible again. IANAL, and this is sort of a moot point now since Plaxo already replied -- but the language would seem to prohibit the kind of data-sharing scenario "Natch" and other BB readers asked about. posted by Xeni Jardin at 11:38:41 AM permalink \| Other blogs' comments Email this entry to: Your email address: Message (optional):	Boing Boing Sponsored by: Your Text Ad Here Get BB by email: