I noticed the Anti-Spyware Coalition (ASC) recently released their final working report of Spyware definitions. They offer the following definition for Spyware and Other Potentially Unwanted Technologies:
Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:
- Material changes that affect their user experience, privacy, or system security;
- Use of their system resources, including what programs are installed on their computers; and/or
- Collection, use, and distribution of their personal or other sensitive information.
I think the coalition has done a great job in trying to define what spyware and malware are and I hope their efforts prove beneficial in fighting these types of unwanted technologies. We fully support their efforts and you can/should too!.
I recall back in the early days of Plaxo (yes - all of two and half years ago), the occasional claim that Plaxo was spyware. Many of these claims were traced back to an erroneous article that stated Plaxo hacked Outlook profile passwords as we collected personal information. The reporter of the article later retracted his statement, saying he was misinformed and apologized for passing along erroneous information. Unfortunately, this was well after his misinformation was widely distributed and repeated by others.
But this incident underscored the need to better educate people about spyware, which is part of what the ASC is designed to do. The ASC is committed to improving anti-spyware tools, users' understanding of their options, and communication among all stakeholders about how the technology works. They are certainly not alone in the fight against spyware, so by helping to define what spyware is, anti-spyware vendors can focus their attention on improving their anti-spyware tools. What I really like about the work the ASC has done so far is how it focuses the definition on unwanted behavior, while leaving the door open to continually modify the definition over time.
From Plaxo's perspective, thankfully as we've has grown over the past few years, I feel we've overcome many of the early misperceptions. There's certainly more work to be done, but I do feel people recognize Plaxo as a trusted service and software.
Most people understand that Plaxo is an online contact management service with an optional software component. We provide proper notice and require explicit member consent prior to joining Plaxo and installing the software. Plaxo includes no additional software components, and does nothing to impair a member's control over their own system. We've made great effort to ensure our Terms of Service and Privacy Policy are written in plain and simple language, and should someone wish to remove Plaxo, the software can easily be uninstalled. These are the proper behaviors of legitimate software, which I'm sure the ASC would agree.
If you want to learn more about the Anti-Spyware Coalition, be sure to check out their web site: http://www.antispywarecoalition.org/.
TrackBack
TrackBack URL for this entry:
http://blogadmin.plaxo.com/mt-tb.cgi/21Comments
They should be concerned. If they consider that information sensitive, they shouldn't let you sync your data with Plaxo. They would be depending on Plaxo's security to be good enough. I don't know anyone who would allow sensitive data to be left under the protection of an online service outside their control.
Whether Plaxo says the information is safe or not, is not the point. Profesional IT managers don't want to open themslves up to liability if someone does something bad with that data. For that reason, they want to be the ones protecting it.
I'm sorry it took so long to get the feedback you requested.
I work for a large multi-billion dollar corporation. I find plaxo is invaluble in keeping track of business partners and clients alike. My IT dept does not allow plaxo to be used on the network and they don't like us to sync our outlook contacts to the plaxo server, especially out clients. The main reasons are that #1 contact info can contain a persons DOB, address, and name which is considered private information with my company's privacy policyand because it can lead to identity theft very easily. #2 if plaxo was to change ownership plaxo's privacy policy could be modified to where the new owners could access and sell the info to third parties or market directly to those contacts.
This is what my IT guys said. is there any validity to this?
Thanks