Wow, Friendster just violated their own Privacy Policy and gave my email address out to a third party for use in administering a survey. How do I know it was them? Here’s the story.
At 4PM today, I received an email asking me to participate in an online survey about online social networks. Since it was about a topic other than penis pills, breast enlargement, poker, and child porn, the email immediately seemed different than the normal spam that slips through my filters, so I opened it to see what it was all about. It was sent to the unique email address I used ages ago to sign up for Friendster, so by that measure, it was clear that this wasn’t just a blanket spam that happened to land in the inbox of someone who actually has used a social network site. Interested in how the third party (Q&A Research) had obtained the email address, I went to the survey website to see if I could find a way to call and ask; not finding any such contact information, I checked the company’s WHOIS record, and called the listed number.
That number put me in touch with Mike Tougeron, the IT Manager of Q&A Research, who said that Friendster had recently contracted with them to do the survey, and had provided them with the list of email addresses to use. I asked him to clarify whether Friendster solicited the survey request and emailed it out themselves, or if they had actually provided a list of email addresses to Q&A Research, and Mike verified that it had been the latter.
This, of course, sent me off to look at Friendster’s privacy policy, where I learned the following:
As a matter of policy, except where you are expressly informed otherwise, we do not sell, rent, share, trade or give away any of your personal information unless required by law or for the protection of your membership.
I thought that that statement was a bit odd, seeing as they had just given my email address to another company! I called Friendster, and got shunted to the voicemail of Ron Gross, the manager of customer service. I left him a message offering the opportunity to explain why they felt OK violating the terms of the agreement they have with their users. I then called back and asked for an email address for such complaints, was given one, and jotted off an email noting my complaint. We’ll see if Ron decides to respond!
Update: Ron just called back, and said that the survey was intended to be done by Friendster themselves, but as they wished to blind those surveyed to the company doing the research, they asked a third party to administer it. Alas, the blinding was done poorly — since there’s at least one user (me!) who knows who it was by virtue of the email address! — and still violated their privacy policy. He was mildly resistant to agreeing with this, but says he’ll look into it and get back to me.
Lame. United Airlines claims not to have violated mine, but the email address I used with them (united at my domain dot com) gets spam all the time. I called them and complained, and filed a BBB complaint, but heard nothing of it. I think Mena has had the same problem. Guess there’s nothing really to keep a company from violating their privacy policy if they wanted to.
• Posted by: Graham on May 20, 2005, 5:38 PMThat’s why I don’t use email addresses at my domain name for e-commerce transactions, social networking sites, contest registrations. Instead, I use one of about a dozen Yahoo email accounts I’ve set up over the years.
• Posted by: Cameron Barrett on May 20, 2005, 7:52 PMI had the same problem with the RealCities network of newspapers. I registered with one of their online newspaper websites and within hours I was getting SPAM at the unique address I gave them.
• Posted by: Paul on May 21, 2005, 8:39 PMPaul, do you mean to say they were sending the promotional announcements, or was it true spam? Because I’ve now receiving true spam to my own unique Realcities.com email address: pump-and-dump junk stock and bootleg software emails that no legitimate advertisers should want to have any part of. Scumbags.
• Posted by: Grant Barrett