P2P Contact Info Service From Napster Co-Founder

scrm writes "Plaxo is an interesting new service from Sean Parker, co-founder of Napster. It's a P2P-based add-on to Outlook that confronts the old problem of keeping contact lists up-to-date. Mozilla mail support is on the cards, and yes, the company does 'take privacy very seriously'. Check the press here(1), here(2) and here(3). You can also access your contact list over the web."

Trust factor

[Dan+Connor]

No way would I open up my MS Outlook to a P2P service, just would not happen...

errr.....right

[domodude]

Well, I guess I will have to get this now. What could be more seruce that a P2P service based in Outlook. Better yet, I could start using AOL and Windows 98 too! It will be good times.

Re:errr.....right

[ralphclark]

I think he was trying to spell "serious" but he was typing with his feet.

Pfft...

[xanadu-xtroot.com]

And how long do you think it'll take someone to make a contact list that is an all MP3's...

It's good the company takes privacy seriously

[Sheetrock]

Because being able to follow networks of business relations and friendships is something that would be very valuable to many organizations. Perhaps more valuable than a happy user of their software, if you catch my drift.

Re:It's good the company takes privacy seriously

[dbirchall]

It's good the company takes privacy seriously, because they're launching a networked application that thus far only runs on an OS that isn't known for keeping private information private. :)

Hey, what could possibly go wrong?

Privacy

[bigbango]

If they really take privacy seriously, why do they act as "man-in-the-middle" of all transactions between their users? Who knows how many valid e-mail addresses they have collected. Their system has nothing to do with p2p-systems, it is in fact no more p2p-like than e-mail.

Worst of all, Plaxo users upload their contact lists containing personal information about others. That is without their acknowledgement.

Re:Privacy

[shri]

More importantly, what is the exit strategy with the data that the collection. When they go bankrupt (they will... no valid business model yet), who owns the data?

Interesting, but frightening...

[Justen]

Seems like an interesting use of technology, but it isn't new. (Exchange has had this, of course, for intra-Exchange users, for ages. America Online recently started testing a similar service for their members.)

It is unique in that it has the possibility of accomodating users across mail services, platforms, and other traditional barriers.

However, being the paranoid schizo that I am, I can't imagine I would ever subscribe to or accomodate such a service. Not to be a conspiracy theorist, but such a centralized system has an incredible ability to be abused by sources internal and external.

Nice idea. But so is RFID for every human. :)

justen

Sweetness

[mikeophile]

It's always such a hassle to keep one's spam lists updated.

Thanks Plaxo!

Why?

Would you let your desktop PC request data from a web service or web site? Do you post requested information to web forms?

If the P2P element of this is written correctly, then all your doing is sending out a request for data and having validated data returned, just like a web service. You only receive data you request, and you only return data that you've approved the request for. Period.

While I can see that you're worried about Outlook itself, most holes in it are the result of scripting vulnerabilities and social engineering. This P2P service is more likely to be using its own built in engine for web service-like data exchange between the two machines. The only hooks into Outlook will enable this bolt-on program to update your contacts.

I'd worry if like other Outlook HTML-based plugins, it worked using IE code, now that would be scary...

Re:Why?

[wo1verin3]

>> Outlook runs my business..., and I have a
>> zero trust factor for Napster...

Do you not care about your business? Try Eudora, because friends don't let friends use Outlook.

As for zero trust for napster, thats great, this isn't Napster, nor is it Napster 2.0.

Yawn

[Jeffrey+Baker]

Sounds horrible. I can already drag contacts out of my address book and into iChat, and drag a contact out of iChat into my address book. Furthermore I can mail vCards to and from whomever I wish. Lastly, I can sync addressbooks via SyncML with whomever, and for large organizations, there are directory services. So it seems this Plaxo widget adds basically nothing to my existing abilities.

worms..

[grub]

Wait for the next MS worm that can use this software to spread faster than ever. Woo!

Distributing your address list

[rf0]

Well going by outlooks security record all you have to do is get a copy of the latest virus and it will email all your contacts anyway making it all nice and public

Rus

Cardscan Accucard

[SuperBanana]

Cardscan's Accucard already does this- and has for quite some time. When you scan a card, you get the option to add it to Accucard, and the owner of the card(provided they have an email address) gets an email asking if the info is correct and if they'd like to keep their info up to date in the future. Any future copies of their card that get scanned automatically get the new info, I believe.

This is important, because Corex(makers of Cardscan) already have one big thing the P2P companies don't- they have their foot in the door already with their Cardscan units, which are owned by people who need this service the most- sales people and the like. It's like trying to sell gas to car owners, the two just go together. While some sales people may have P2P software on their systems, it's unlikely given the crackdown on p2p apps by many companies....and they're not about to put client information into some two-bit p2p program.

This isn't P2P

[Saeger]

Just like how Napster wasn't P2P, neither is this - it's Person <-> Central-Server <-> Person.

P2P usually implies a bit more distributed networking. Either completely distributed (and unworkable) like the original Gnutella, or mostly distributed with SuperNodes like Kazaa, eDonkey, and the new Gnutella. Napster was always a client->server metainfo server.

--

Add it to your spam filters

[cyberformer]

From the many identical emails I've been getting, Plaxo seems to be a program that goes though your contact list and then spams everyone you know with what appear to be personal messages from you but are really just ads asking you to download and run the program (and enter your personal information for the company to harvest).

If some kid had written this in his spare time, it would be called a virus. Because Plaxo is a company, it's called an innovative application. There are several other startups all doing the same thing (search on Google), and when they go bankrupt their privacy polices will mean nothing.

Re:Applications for P2P

[Saeger]

There's a lot more to sex than just the mechanical in-and-out (even for guys). VRsex w/ toys will never be as good as the real thing until we've got true BCI (brain computer interface) tech.

Still, I have no idea how much bandwidth haptic data would consume. Like, how much data is sent to your brain each millisecond by your nerves when someone blows ... hot air across the thousands of tiny hairs on your neck? (I feel an offtopic mod is due).

--

Foaf already is similar

[SWroclawski]

Though it's not "P2P", the idea of FoaF at http://www.foaf-project.org takes care of a lot of address book issues and more.

Furthermore, using PGP, trust values could be assigned to the information.

- Serge Wroclawski

P2P in calendaring is not the P2P you think

[Kunta+Kinte]

P2P in calendaring very often means that the central server is not active, ie. does not do schedule conflict resolution, etc.

For instance Exchange, until a few versions ago was considered P2P, because all it did was store the outlook calendar info. I have never managed exchange but I believe people who have for a while may remember a time when you use to be able to use calendar on outlook without exchange. This has changed recently ( I've been investigating calendar apps and that was what I was told )

At any rate; If you create an application that uses IMAP to store the calendar info in a special calendar folder, and you have the clients themselves check and resolve conflicts, then your calendar app is P2P.

I'm guessing they're applying the same definition to addressing as well.

Fundamental flaw with plaxo

[bh001]

Has anyone gotten emails from people that use this service?

About a month ago, a note showed up in my inbox saying:

> Hi [my name], [plaxo user's name] wants to
> make sure that he has the correct address
> information for you. Please take a moment to
> fill out the following form.

It really pissed me off that a friend of mine would send me an automated message rather than a quick note.

To those who don't see the annoyance, imagine that someone you knew had their secretary call to ask you for the same information. Annoying, right?

I hope this service dies a quick death.

Re:Fundamental flaw with plaxo

[ChrisHanel]

Yeah, but you're forgetting if that person has 500 contacts, which would you rather he did: Write One automated message and have the program do everything for him, or have him write 500 "quick notes"? It's all about taking the hard work away from him and saving him time. Not to sound like a salesman or anything, i don't have plaxo and don't know much about it, just pointing out some obvious logic.

Thanks for the offer...

[windside]

But I'd rather hold on to my eternal soul for now, thanks.

I don't care how much time this saves how many people, it's a fundamentally bad idea that will only at to the overall dehumanization of the internet.

In the last few years, email has quite reasonably overtaken traditional mail as the dominant form of written communication. The consequences have been numerous, but tolerable up until this point. Programs of this nature are one thing in the business world, but when companies start to market this "service" to average users, it takes on entirely different connotations.

We have to draw a line in the sand: people shouldn't need to automate the process of staying in touch with their friends! By taking this extremely basic task out of their hands and putting it into those of some relatively anonymous information-harvesting corporation, we remove one of the mechanisms that nature uses to cull lesser humans from the face of the earth. In short, people who are unable to stay in touch with their friends without using this program should not be allowed to breed.

Let natural selection take its course! Keep the fluoride out of our water supply and keep Plaxo out of our internet!

READ THEIR PRIVACY POLICY

[User+956]

If you think about it, Plaxo is the perfect "built to be acquired" company. Read their "privacy policy" here:

"In the event Plaxo goes through a business transition, such as a merger, acquisition or the sale of a portion of its assets, Your Information and your membership in the Plaxo Contact Networks(TM) will, in most instances, be part of the assets transferred. You will be notified of an ownership change pursuant to Notification of Changes section of the privacy statement."

See that? They consider your information to be an asset. So, I wonder how long they're going to farm data before selling themselves to doubleclick? Imagine how valuable that data will be. Your surfing habits, matched with your personal information, matched with the personal information and surfing habits of all your 1st-degree friends, and all your friends' friends...

(Also notice that Plaxo (purposely) makes its full privacy policy difficult to link. It's a javascript popup)

Re:READ THEIR PRIVACY POLICY

[golgotha007]

privacy link or no, aren't what they are doing illegal?

here's a quote from the article:
"Plaxo contains a hack that mines your Outlook profile password so that it can retrieve your contacts unhindered."

isn't this circumventing a security device?

wouldn't this qualify as punishable under the DMCA?

especially since plaxo cracks your outlook passwrd

[User+956]

Yeah, finally a company built on Outlook's insecurity. Check out this article in PC Magazine:

"Plaxo contains a hack that mines your Outlook profile password so that it can retrieve your contacts unhindered. Although Plaxo claims that it does nothing with your password once it retrieves your contacts, I don't like this, because it makes child's play out of accessing passwords;"

So not only are they mining your personal data for later resale to the highest bidder, they're compromising your machine while they're at it!

But, really, they respect you and your privacy. Really.

NO NO NO!!! Bad!!

[MyHair]

I already hate this software. I'm a network admin, and 3 users have installed Plaxo, two of them after I advised them not to.

One person in another part of the company installed it, and it emailed everyone in his contact list without asking, apparently. Two people under me showed me the email and asked about it; I did some research and decided that it sounded not only like a virus, but definitely against company policy as departmental contact info is sent outside the company.

Here is a rather critical article about Plaxo, followed by an update after speaking with the Plaxo people:

PCMag Article by Bill Machrone
Follow-up article that backs off a bit

I don't trust it, and it sounds like it would violate every large company information policy in existence.

The irony is that my company has an LDAP directory that each of these people use everyday, so WTF are they doing with a contact manager?