Online Advertisers Are Selling You Out

Using Rapleaf data, the Wall Street Journal managed to identify at least two individuals in the company's database, along with a trove of information about them:

"In the weeks before the New Hampshire primary last month, Linda Twombly of Nashua says she was peppered with online ads for Republican Senate hopeful Jim Bender.

It was no accident. An online tracking company called RapLeaf Inc. had correctly identified her as a conservative who is interested in Republican politics, has an interest in the Bible and contributes to political and environmental causes.

The Journal decoded RapLeaf's information on Gordon McCormack Jr., a 52-year-old who lives in Ashland, N.H. RapLeaf correctly identified Mr. McCormack's income range, number of cars (one), his interests in gardening and the Beatles, and his interest in playing the online game Mafia Wars, among other topics....

RapLeaf also identified Mr. McCormack as someone with an interest in online personals. He says he isn't currently active in online dating, but might have a couple of profiles 'lurking on the Internet.'"

It turns out that -- surprise! -- Rapleaf was violating its own privacy policies by collecting some of this information:

"RapLeaf's privacy policy states it won't 'collect or work with sensitive data on children, health or medical conditions, sexual preferences, financial account information or religious beliefs.'

After the Journal asked RapLeaf whether some of its profile segments contradicted its privacy policy, the company eliminated many of those segments."

I for one am tired of companies that keep getting caught with their hands in the browser cookie jar, then act astonished that their breath smells like Oreos. How many more "mistakes" are we expected to tolerate before we realize we're being conned?

After the latest Journal report, Hoffman posted another blog entry that is almost smug in its non-apologeticness:

"Rapleaf's customers are helping millions of people have better lives. We love that.

We realize that even with the best of intentions, we sometimes make mistakes; especially in an industry with technology advances moving so quickly. Earlier this month, it was found that dozens of companies including Rapleaf were inadvertently passing Facebook and MySpace IDs to ad networks in a small minority of cases. While dozens of companies made the same mistake Rapleaf did, we were the first company to fix it.

The aggregation of data has big potential upsides and downsides. The bar for data aggregation companies like Rapleaf is very high."

Those are not the words of somebody who knows he screwed up bad and wants to do better next time. That post is practically Zuckerbergian in its arrogance.

Subscribe to the Security Watch Newsletter

Comments