Last week, I pointed out that in the recent brouhaha over privacy and Facebook, the real culprit was San Francisco-based identity and information aggregator, Rapleaf. And then I explained how the company gathers information, especially by partnering with third-party applications and services such as eTacts, Rapportive and several more.
Today, Wall Street Journal’s Emily Steel has written an in-depth (and excellent) expose of this company, whose tentacles are spread deep into the Internet.
RapLeaf’s privacy policy states it won’t “collect or work with sensitive data on children, health or medical conditions, sexual preferences, financial account information or religious beliefs.” After the Journal asked RapLeaf whether some of its profile segments contradicted its privacy policy, the company eliminated many of those segments. Segments eliminated include: interest in the Bible, Hispanic and Asian ethnic products, gambling, tobacco, adult entertainment, “get rich quick” offers and age and gender of children in household. RapLeaf says many of its segments are also “used widely by the direct-marketing industry today.”
Here is what The Wall Street Journal found:
- Rapleaf knows your real names and email addresses.
- It can build rich profiles by tapping voter-registration files, shopping histories, social-networking activities and more. In effect, it can built the ultimate dossier on you.
- Rapleaf sells pretty elaborate data that includes household income, age, political leaning, and even more granular details such as your interest in get-rich-quick schemes.
- According to the WSJ, Rapleaf segments people into 400 categories.
- Rapleaf says it doesn’t transmit personally identifiable data for online advertising, but the WSJ found that is not the case. Rapleaf shared a unique Facebook ID to at least 12 companies and a unique MySpace ID number to six companies. Any sharing was accidental, the company said.
- Politicians, both Democrats and Republicans, are using Rapleaf. It has provided data to 10 political campaigns
Rapleaf’s web of cookies and data-collection end points is pretty vast. Last week, I shared some of the names with you, but it is a lot larger. Add several others to that list of companies:
When a person logs in to certain sites, the sites send identifying information to RapLeaf, which looks up that person in its database of email addresses.
Then, RapLeaf installs a “cookie,” a small text file, on the person’s computer containing details about the individual (minus name and other identifiable facts). Sites where this happened include e-card provider Pingg.com, advice portal About.com and picture service TwitPic.com.
In some cases, RapLeaf also transmits data about the person to advertising companies it partners with.
“Twenty-two companies, including Google’s Invite Media, confirmed receiving data from RapLeaf,” the Journal writes.
Related content from GigaOM Pro (sub req’d):
- Could Privacy Be Facebook’s Waterloo?
- Facebook Tries to Navigate the Privacy Storm
- Lessons in Smart Grid Privacy From Facebook and Google
