PLEASE Don’t Give Websites Access to Your Address Books!
Heads up, this content is 16 years old. Please keep its age in mind while reading.

There’s a yucky yucky trend going on in social media right now: Asking for Address Books. This is evil. Do you hear me? EVIL!



Okay — step back. What am I talking about. I’m talking about when you go to LinkedIn or Facebook or MySpace (or pretty much ANY of them now), and the website smiles all cutesy at you and says, “Oh, hey, I’m really glad you like our website. You know, there are probably people on here that you’ve never thought to search for, and it’s a real shame that they’re not in your network yet. But if you just give us the username and password to your Gmail account, we can check all of your friends’ email addresses against our database and find all of them for you. It’s quick, it’s easy, and your friends will thank you!

Sounds harmless enough, right?

Don’t give it to them!

I don’t care how much you like them, or how safe they tell you they’ll keep it for you, or how much convenience they’re offering you. Your address book is your address book and it does NOT belong in the hands of a social networking website.

Why? Here’s why:

  • Spam. We know it, we hate it, we’re sick of it. When you give out your address book, you give out a list of email addresses that are connected to legitimate people who use the Internet regularly, and this is very valuable to email marketers. Your social networking site will promise you that your email addresses are “safe,” but sometimes “safe” means, “We promise we’ll ONLY share it with our partner companies — you know, our hundred closest friends. And by the way, when a larger company buys us out, those rules will probably change.
  • Impersonal Invites. I’ve received invitations to social networking websites from people I’ve barely ever spoken to — people I would need to reintroduce myself to if I ran into them at a party. Why did this happen? Because those people gave up their address book to a website, and that website went ahead and invited every email address that wasn’t already in the system. If you let this happen, it can make people feel uncomfortable, and it can make you look disrespectful. The worst part is that you might not even be aware that it’s happening.
  • Trust. You don’t give your friends’ phone numbers out to strangers. Please don’t give their email addresses out to a centralized database. That information is theirs to share; not yours.
  • Identity Fraud. They’re asking you to give out full access to your email account when they ask for your address book. Your email account is a critical link to your internet identity. Access to it is supposed to be a SECRET!

This plays into another yucky technique (which is as old as dirt, but far more powerful with the emergence of social media): Data Mining of Personal Information.

There’s a service called Rapleaf. It allows you to plug in your email address and find out what your reputation looks like on the web. The same people run a service called UpScoop, which lets you plug in all your address book data and social networking site information to scan the profiles of everyone you know — public and private — so you can “keep up with your friends.” The same people run a service called TrustFuse, which lets email marketing campaigns check boatloads of email addresses against the Rapleaf and Upscoop database to find out lots and lots of information about the people they’re trying to get money out of. (Edit: Here’s a good analysis of the RapLeaf/UpScoop/TrustFuse drama if you want more. )

Evil, I tell you. Evil.

Do you read the Privacy Policy and Terms of Service of every website you give a username and password to? I don’t either. We like to function on trust. And if someone I respect invites me to use a service, I will often take their word for it that it’s a good service. But now I can’t do that anymore, because I don’t know for sure if they’re actually inviting me, or if some robot monster manipulated them into giving them my email address before they even had a chance to create a profile.

Social networking is a good thing — it’s doing phenomenal things for communities at an international level, and it’s important that we represent and express ourselves on the web. But please pay attention to what people are asking you for out there.

And don’t underestimate the value of your friends’ information.

If you like this post and would like to receive updates from this blog, please subscribe to the feed. Subscribe via RSS

18 Responses to “PLEASE Don’t Give Websites Access to Your Address Books!”

  1. Daniel Widrew Says:

    i have no problem with data mining, as long as they are mining public info. if i put something where google can find it, i’ve let it free into the world.

  2. sarah Says:

    yeah– while I’d prefer it if aggregators left different areas of the internet alone, i know that’s a losing battle.

    but i do take issue with the centralize aggregation of info that you can be gleaned by people giving account access to third parties.

    how far away are we from locked livejournal content being archived in marketing databases because someone wanted to read their friend’s writing on a website that also let them see myspace profiles…?

    not very far at all.

  3. sarah Says:

    also: trustfuse is connecting “personally identifying info” provided by clients — like addresses and phone numbers — with web content profiles. my phone number and address are unlisted in the white pages, but if i give it to a nonprofit as i donate $20 to them, and they choose to use trustfuse… suddenly my physical coordinates are connected to all of my online actions.


  4. Kylie Says:

    I have two fears which petrify me even more than established sites such as LinkedIn and FaceBook (and possibly my own sites in the future) containing features which send invites to address books.

    1). The obvious fear that certain sites will continue to get even more sneaky about the way in which they incorporate this feature into their sites. As the 2.0’s continue to become more and more aggressive in their networking and marketing strategies, it doesn’t seem unreasonable to expect a site which FORCES you to invite a send a certain number of invites before you’re allowed to access any substantial content. In fact, anyone who rememebers AstaLaVista style torrents and hacks before the turn of the 20th century is probably already familiar with one version of this trick…”Enter four more email addresses and your file will be waiting!!!”

    2). The fact that this feature serves as an obscenely easy-to-implement bulwark against more serious transgressions, such as a) traditional spamming and b)auto-enrolling emails found on the wider internet. For example, a site like could easily aggregate massive lists of email addresses from other social media tools, and be protected from anti-spam lawsuits by uploading the email addresses to a few alias Gmail accounts. Yikes.

    Ironic that this blog required my email address for me to post. :__)


  5. sarah Says:

    Good points, Kylie (ha — especially on the email address requirement for this blog post. Yes, I am privately, secretly logging your email address so I can send Dopp Juice SPAM at you All! Day! Long! Okay, not really.)

    Thanks for kicking ass on WomenCo, by the way. :)

  6. sarah Says:

    (omg, kylie, i just figured out who you are. *headslap!*)

  7. j. brotherlove Says:

    Two massive thumbs up! This is a practice I’ve never endorsed or participated in. I also find it interesting how it took off with gmail; almost as if gamil is the skeleton key to web identity. *shudders*

  8. sarah Says:

    Thank you, J! For a brief minute I was feeling kind of alone in this righteous indignation. Spread the word.

  9. arse poetica Says:

    Sarah, late to the game, but I wanted to drop a line to say thanks for a thought-provoking post. For some of us who enjoy these social networking tools but don’t live and breathe the tech (etc.) worlds and their considerations, it really helps to have a well argued post like this one. Many thanks. And I’ll be following you on Twitter soon. =)

  10. sarah Says:

    Thanks, arse poetica! This is exactly why I wrote it. Really glad it helped.

  11. Emma McCreary Says:

    Hmm, I was really tickled when I first saw this feature. Of course I hit “select none” and carefully chose the few people I was actually on a friendship basis with and wanted to invite.

    And I’ve definitely gotten the random invites from people I don’t really know but am just in their address book (i.e. hosting customers). I felt bad about ignoring them, but now I get it – they probably didn’t even check who all it was sending it to.

    I don’t know. I get the issues you are saying, but I also see the future we’re going towards. I don’t think anything will really be all that private anymore. And I’m not sure that is a bad thing. Think about if everyone was telepathic. No one would be able to lie. It would be a completely different world.

    Now, this of course is different because people can definitely lie online. So, I think there will be a learning period where some horrific violations will happen and then people will learn from them. But we have to, as a culture, make those mistakes before we can learn.

    Then eventually privacy will become unnecessary because humans will evolve beyond judgment and violence (having learned to by making mistakes). And everyone will realize that everyone else is more complicated than they appear to be (just like them) and everyone will then be free to be more open.

    But then again, I’m a hopeless utopianist. =)

  12. Koan Says:

    Ah, sheesh, I would love to be able to say it can be as you say, Emma – oh, how I wish it were so, right now – but, idealist though I am, my head says “not now, it isn’t”.

    Openness is great – until it isn’t. And then it’s a burden that might break one. And recovering from that burden can take a long, long time.

    However, I’m enough a realist to also know that “nothing changes until we do” – and finding that middle-ground of openness and discretion, authenticity and security, pride and realism – it’s a daily struggle, and it’s a hard one.

    Just my humble opinion, of course!

  13. Dopp Juice » Blog Archive » Social Graph: You Might Need to Care About This Says:

    […] sharing your “friends list” between your social networking websites without having to give out your email address book. This also means that signing up for a new social networking website won’t be such a […]

  14. Dopp Juice » Blog Archive » A Conversation About the Social Graph Says:

    […] networks SHOULD NOT ASK PEOPLE FOR THEIR GMAIL AND YAHOO MAIL LOGIN INFO.  (i know, we’ve talked about this already, but it was nice to hear it on the panel from the Yahoo rep, too.)  His reasons: our email address […]

  15. Au Pair Says:

    very nice web site. My English is not so good, so I do not understandt it well, but it seems very good. Thanks

  16. Not a Smooth Landing (Page) « The Merchant's Companion Says:

    […] So what about giving the website direct access to your contact list to pull in email addresses? That’s gotta be pretty easy right? Well… people are getting more wary of this practice since it’s what a spammer would do and could give you a bad reputation. In general, giving a website full access to your address book is a no-no. […]

  17. NoNo Hair Removal System Says:

    It was a pleasure reading your blog entry. I bookmarked the site for future reference

  18. malware removal freeware Says:

    CCleaner. it’s free.