On social Web, beware of address book mining

Herb Weisbaum • Profile • E-mail

William Smith, a marketing specialist in Seattle, recently received what appeared to be an e-mail from his old friend Peter. The message said Peter had posted new pictures online and wanted Smith to see them.

To do that, Smith would have to join Tagged.com. He’d never heard of Tagged, but wanted to reconnect with Peter, so he signed up and provided the site with his e-mail address and the password.

“As soon as I clicked, it just invaded my address book,” Smith says. “It was a huge invasion of privacy.”

The site used that information to send e-mails — which looked like they came from Smith — to everyone in his address book, inviting them to join Tagged.

Within an hour, he started getting e-mail from friends and business acquaintances, some he barely knew, asking him what was going on.

“It was very scary at first, and then it was embarrassing,” Smith recalls.

He tells me this went on for more than a month.

“Then I got angry, very angry.”

A cycle of spam
What’s going on here?

You join a social networking site to stay in touch with old friends and make new ones. Some sites, including Tagged.com, request your e-mail address and password when you sign up . That gives the site direct access to your address book, allowing you the option to notify friends and family that you joined the site or added photos or other information.

Many users consider this "invite your friends" feature to be useful. Privacy experts tell me there is nothing wrong with this, as long as the member knows this service is available and has control over when it is used and who will be contacted.

Unhappy users say that was not the case with Tagged.com. When people signed up for membership, the site automatically snagged their address book and sent spam e-mails to all their contacts.

This spam looked like it was sent by a Tagged member who wanted to add the recipient as a friend or share photos. Those who fell for the pitch and signed up had their address lists raided, starting the cycle of spam all over again.

“It’s as if I’m entering your house and taking a list of your friends and their contact information and sending them a letter which looks like it’s from you,” says Debra Berlyn, director of the Consumer Privacy Awareness Project. “This is not the experience we want people to have online.”

New York Attorney General Andrew Cuomo accuses Tagged.com of engaging in “deceptive e-mail promotions, identity theft and invasion of privacy.” The AG’s office says between April and June of this year, Tagged spammed tens of millions of Americans with its misleading e-mails.

This month Cuomo filed a "notice of proposed litigation" against the company, although no lawsuit has yet been filed.

Tagged.com officials declined an interview request, but company CEO Greg Tseng did post several messages on the Tagged Web site dealing with the controversy.  He called Cuomo’s accusations “inaccurate and inflammatory” and said the complaints were based on a new registration process that since has been discontinued.

This is not Tseng's first run-in with the law. Back in March of 2006, when he was CEO of Jumpstart Technologies, LLC, Tseng settled charges with the Federal Trade Commission that the Jumpstart Web site violated the Controlling the Assault of Non-Solicited Pornography And Marketing Act. The company agreed to pay a $900,000 civil penalty. According to the FTC's complaint, Jumpstart violated the law by disguising its commercial e-mails as personal messages, and by misleading consumers about the terms and conditions of the promotion.

“These defendants intentionally used personal messages as a cover-up for commercial messages," said Lydia Parnes, Director of the FTC's Bureau of Consumer Protection in a new release issued at that time. “Deceptive subject lines and headers not only violate the CAN-SPAM Act, but also consumer trust.”

Vincent Weafer, a vice president at Symantec Security Response, says the issue is “lack of notification and consent.”

“Many, many Tagged users had no idea that this was occurring, and that’s what generated many of the complaints," he says.

MORE FROM CONSUMERMAN

ConsumerMan Section Front

The great rebate debate Clean clothes, stinky problem Fed overdraft rule not enough Chinese drywall a big threat FTC nabs Moneygram ConsumerMan Section Front   Add ConsumerMan headlines to your news reader: