Now accepting bitcoins.

Thursday, May 27, 2010

Spokeo and Pandora Privacy Concerns

I hate websites like Spokeo that farm the internet and collect peoples' personal information. Spokeo is a particularly annoying site because you can search by a wide variety of fields (name, email address, etc) and it will display a summary of any pictures, blogs, and social network data it can relate to that person.

I was surprised to find that if I searched my own email address, Spokeo was able to display a list of my Pandora music lists. I tried a few friends email addresses and it also linked to their Pandora music lists. This is extremely disturbing because I've never provided that information to anyone but Pandora (email required to register). They claim they don't give it out, and it's not displayed on my "public" Pandora page. As a side note, I didn't even realize I had a "public" page on Pandora. It was enabled by default when I created the account. But that is another topic to rant about on another day.

Bottom Line, Spokeo has access to information that isn't public information and I didn't provide to them. I don't know if they hacked Pandora, or if Pandora is lying about saying they don't give the info out. Either way, you can't trust anybody to protect your online information, no matter what their privacy policy says.

Also, I think we need to create a new classification of privacy - the right to "privacy of public data by context". Just because you provide personal information in one context, say family pictures for sharing with your friends on Facebook, doesn't mean that you mean for that information to be aggregated with data from another context, say your LinkedIn profile.