April 27, 2005
Evite Accusations
I recently sent out a message to some friends about how I’m trying out Upcoming.org to schedule events rather than using Evite.
In this message I leveled an accusation that Evite was harvesting email addresses when you try to invite friends to an event. I probably ought not to make comments like that without giving some background, and upon revisiting the subject I find that I cannot locate the article I originally read.
The upshot was this: While Evite has a decent privacy policy on their website, and allows you to opt out of unsolicited mail, when you send an invitation to a person who is not registered with Evite they have to create an account before they can opt out of the spam. Also, Evite does not have an option for people who would like to say “I don’t want to be a member and I never want to get invitations through your service. Put me on a block list.”
This is probably like a lot of online services (especially that second part, which is understandable, but unusual). I must have stumbled upon one or two people who were peeved at Evite and gave too much credence to their complaints.
But it does seem to be true that you can only opt out of Evite’s giving your address to their “associates” if you’re a member.
This is a really sticky realm of privacy. As more of these tools appear on the net to help you manage your personal life, and your connections with your friends, more personal network information is handed over to them. It becomes more and more important that a service have a really solid privacy policy, because people are naturally compelled to connect, and they have a need to keep track of their friends contact information. Naturally, since we are online more and more, we want this information organized and accessible.
On the worst end of friend email harvesting is the “free offer.” I know my university address is hopelessly compromised by my own time on USENET, but also because relatives (my friends know better) thought they were doing me a favor when they forwarded me some questionable free offer.
But there are plenty of other time that you hand over a friend’s email address. E-cards at birthdays. Forwarding stories from news organizations. Online address books. Heck - email itself is completely insecure, so every time you send your friend an email, someone could be sniffing the packets for valid email addresses (although I have never specifically heard of such a violation specifically — spammers are a generally more lazy lot).
Right now, for me, email spam is at a manageable level. That’s because only my close friends have my personal address, and my compromised professional address goes through a decent spam filter. I third and fourth addresses I use for either questionable offers or the possibility that the address will be displayed on the WWW where it will be harvested. I check these less often than my main email, but both of these addresses serve their purposes: 
, .
For your own reference, I don’t mind if my email address is used for useful purposes (I don’t mind referrals to news stories, for example). And, since I like to get invited to stuff, I have an Evite account so if you include me in an Evite, I don’t mind that either.
If anyone knows any details regarding services that are harvesting friends email addresses, let me know. I want to be a good net citizen and not inadvertently cause them future spam-related grief. But, on the other hand, I don’t want to make unwarranted charges against useful services. But sometimes, it’s tough to know where your information is going.
Posted by James at April 27, 2005 11:17 AM