

How to convert email addresses into name, age, ethnicity, sexual orientation - maxklein
http://maxklein.posterous.com/how-to-convert-email-addresses-into-name-age

======
petewarden
There's a little-known world of commercial services like Rapleaf that give
marketers information from a list of email addresses. I wrote a test service
to show you what information's available on your address:

[http://petewarden.typepad.com/searchbrowser/2009/12/what-
can...](http://petewarden.typepad.com/searchbrowser/2009/12/what-can-i-find-
out-about-you-if-i-know-your-email-address.html)

The scary thing is that if they can get your full name and rough location,
it's then often possible to get a full address (see whitepages.com for a
consumer-facing example). That then ties into other datasets that have
information on income, occupation, marital status, etc for every household in
the US.

~~~
njharman
> The scary thing is ...

Sorry, I remain not scared.

~~~
petewarden
What could possibly go wrong when there's an easily accessible database of
detailed information on every individual? Move along, nothing to see here.

~~~
loup-vaillant
I assume you were ironic. Anyway, what could (and did) go wrong is the
systematic extermination of a particular subset of people in this database.
(Sorry for the Godwin point reached so fast.)

------
yannis
Simple strategy .. but so borderline ethical.

~~~
maxklein
I've been thinking about this since I discovered it - is it not facebook being
unethical here? They give full access to the personal info of a person given
their email address. Their new 'privacy' terms is basically about nobody
having any privacy.

Small and agile business like mine will capitalise quickly on this info, but
sooner or later, big companies like coca-cola will also see nothing wrong with
storing public information that a user has 'chosen' to make public.

~~~
rsheridan6
Is it really unethical? Everybody knows that part of their facebook is
viewable to the world, and they can change it and make it private if they
want.

I don't this tactic makes spamming any more or less ethical.

~~~
tokenadult
_Everybody knows that part of their facebook is viewable to the world_

No, that was a CHANGE in Facebook's policies after at least 200 million people
had signed up. Some of those things can no longer be changed to be private.

~~~
foldr
>Some of those things can no longer be changed to be private.

Which things?

~~~
tokenadult
Someone else can check the ToS and privacy notice, but if I remember correctly
sex and religion went to world-viewable by default if they are specified on
the profile at all.

After edit: "The Ugly: Information That You Used to Control Is Now Treated as
'Publicly Available,' and You Can't Opt Out of The 'Sharing' of Your
Information with Facebook Apps"

[http://www.eff.org/deeplinks/2009/12/facebooks-new-
privacy-c...](http://www.eff.org/deeplinks/2009/12/facebooks-new-privacy-
changes-good-bad-and-ugly)

~~~
foldr
>Someone else can check the ToS and privacy notice, but if I remember
correctly sex and religion went to world-viewable by default if they are
specified on the profile at all.

I know some of the defaults changed, but that's not what I asked.

------
ErrantX
Pretty much every service pretty much indexes you by email address. If you can
get someones primary email you can track them down on all these sites; sure
Facebook does a particularly bad job of keeping certain personal data private
but it's not alone :)

------
tobtoh
With the recent FB changes, I always thought that marketers getting your
details through this method was the least of your worries - I figure identify
theft is the bigger worry!

~~~
maxklein
Think about it rationally. There are 300 million facebook users. How many
people are out there who want to steal your identity? What are the odds of
those people actually stumbling upon YOUR profile? What is the damage that
they will do, and how much of that damage are you going to be liable for?

Worrying about identity theft is as rational as worrying about getting your
eyes gouged out by crow - yes, it can happen - but fact of the matter is that
it's not very likely to happen.

~~~
tobtoh
I disagree ... that's the equivalent of say leaving your front door open and
not worrying about being robbed because there are 300 million doors in the
city.

Sure you are unlikely to be targeted specifically, but once someone has
decided to commit identity theft, you don't want to be the easy target.

And 10 FB users or 300 million is kinda irrelevant with all the automated
tools/scripts that are available these days - searching for the 1 vulnerable
person out of 300 million is a relatively trivial task. They will 'stumble'
upon your profile not because they randomly picked you from 300 million, but
because they ran a script that identified you as an easy target.

~~~
maxklein
There are companies who make money by scaring you about identity theft. But
personally, I just don't think it is a valid concern. Stealing your identity
is soemthing that has always been possible, but only nowadays is there some
type of hullaboo about it. I just cannot see it happening so often and being
such a big problem for me to bother about it.

But it's just my opinion, I don't actually know. Maybe one day when I'm being
carted away for ordering a million grandma porn videos without paying, I will
realise the error of my ways...

~~~
rapind
Since there's money to be made from stealing someone's identity, then the
easier it gets to do it, the more often it'll happen IMO. Services like this
are lowering the barrier of entry.

There's a reason companies are trying to scare you about identity theft.
They're in this market because they see it as a growth market. They believe
identity theft will increase and they're targeting it with their services and
products. I agree that some will use scare tactics to get us even more wound
up over it and make some extra $, maybe because they've already over saturated
the market, however I definitely think it's going to become a sizable problem.

------
mattwdelong
An awesome start up allowing you to do exactly this and more is
<http://flowtown.com>. Their main feature is allowing you to convert email
address into social profiles, you can really learn a lot about a person by
what they post online - a great way to learn your customer base online.

~~~
ebloch
Thank you for the love Matt ;-)

Businesses that care about their customers / users / clients are the ones that
will win in 2010 and beyond. I want to be apart of this future and it's the
basis for why @danmartell and I founded Flowtown.

~~~
Semiapies
Businesses like that "care" about their customers like ranchers "care" about
cattle.

I don't suppose you're going to publish a list of your clients? Maybe for a
fee?

~~~
mattwdelong
I can vouch for Ethan and say he has personally emailed me a few times to let
me know how things are going (with regards to some of my suggestions) and I
can tell you he generally cares.

I mean, I don't know him outside of a few email transactions but in any case,
he either truly cares or is really good at faking his authenticity, I will go
with the former. This would be the reason I recommended his service and the
reason I am trying to utilize it at my current place of employment. (head
office is not very quick on approvals)

------
ramanujan
The other service that does something like this is rapleaf.com:

[http://www.rapleaf.com/downloads/sample_free_screening_repor...](http://www.rapleaf.com/downloads/sample_free_screening_report.pdf)

I'm not very trusting of them after that scam email thing they did a while
back (basically linked all your social accounts together with your email, and
then emailed you and told you someone was checking up on you, and of course
you were alarmed that the account for Friendster was linked to Flickr and all
your other services).

I'd be loath to give rapleaf a bulk upload of data, as I wouldn't trust them
not to resell the email addresses. Still, I could see how the information
could be useful (e.g. for advertising buys) even if only presented in
aggregate.

------
maxklein
Update from a reddit comment: Use this url -
[http://www.facebook.com/search/?ref=ffs&q=name@domain.co...](http://www.facebook.com/search/?ref=ffs&q=name@domain.com&o=2048&init=ffs)
and screenscrape for even more spammy goodness.

------
Semiapies
"So you have somehow begged, borrowed or stolen an email list of 1000 users
who you believe are interested in your new service."

If you had to scrounge around to find my name and other details, or otherwise
do something besides _ask me_ , I'm _not_ interested, just so you know.

If I ever get an email with my name from a company I've never given
information to, I look to see any indication of how they got it - and then
delete that email.

I'm sure the people whose eyes are lighting up at this idea don't care that
some of their targets won't like this bit of cyber-stalking. I can only hope
those who use it get more resistance out of it than responses.

~~~
maxklein
The "evil" in this method is that you will never know the company has your
email, because they will get your info off your facebook profile without
having to contact you. Facebook will give the info to anyone who has your
email and they won't notify you.

~~~
Semiapies
The disrespect and lack of ethics is not limited to Facebook by this behavior.
The fact that Facebook is insecure does not make exploiting Facebook's
insecurity any more ethical or proper.

------
pierrefar
In the UK, I'm sure the Data Protection Act will kick in. It doesn't prohibit
you from storing personally identifying data, but it puts restrictions on what
you can do with it and how to interact with it.

IANAL, so take this comment as a simple "be careful with the law" that applies
to where you operate.

~~~
samuel
Probably, it's illegal at every EU country which implements the 95/46/EC
directive([http://eur-
lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:...](http://eur-
lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML))

~~~
maxklein
That text is pretty long, can you summarize the parts relevant to this for us?

~~~
samuel
Points 28, 38, 39 may apply here. I haven't studied this directive but its
spanish implementation(IANAL, but if you work with personal data you need to
know how to comply), and under that law, users should be asked for explicit
permission unless Facebook had stated to them beforehand that they could
transfer their data to a third party for a particular purpose at the time of
the collection of the data. In that case, there should be a signed contract
between both parties (Facebook and you), which states the purpose and duration
of the treatment of the data. After that treatment, the third party should
destroy that since it's not authorized to use it anymore.

Anyway, as everyone here knows, its pretty hard to enforce this kind of law.

~~~
mattwdelong
Well there is really nothing to enforce when you agree to Facebooks TOS and
Privacy Policy upon signing up. Facebook has never forced you to sign up.

Excerpt from privacy policy: _Certain categories of information such as your
name, profile photo, list of friends and pages you are a fan of, gender,
geographic region, and networks you belong to are considered publicly
available, and therefore do not have privacy settings. You can limit the
ability of others to find this information on third party search engines
through your search privacy settings._

------
jfarmer
As far as I can tell this is the "trick" that is the basis for Flowtown's
business.

<http://www.flowtown.com/>

~~~
ebloch
Being completely bootstrapped we've been focused on revenue since day 1 and
our "trick" of turning emails into social profiles is our minimum monetizable
product.

The current iteration of Flowtown is nowhere close to our final vision:
helping businesses scale caring.

We launched with an MVP that had even less features than today's iteration
(product is just 9 weeks old).

~~~
jfarmer
Well, ok. This trick is the basis for the current version of your product, or
perhaps "current business."

Is that fair? Or are you doing something other than, say, scraping
[http://www.facebook.com/search/?ref=ffs&q=farmerje@uchic...](http://www.facebook.com/search/?ref=ffs&q=farmerje@uchicago.edu&o=2048&init=ffs)
when I type in my email address? (At least WRT Facebook; other networks would
naturally have different tactics.)

You don't need to be defensive. Every network is bootstrapped off another
network. If you can get away with it, get away with it for as long as
possible, but make sure you have an escape plan.

I assume that's what you're doing. Am I wrong?

That's not meant as a challenge, BTW. If I misunderstand your current product
then the record should be corrected.

~~~
ebloch
I'm not sure "trick" is a fair assessment, why do you think it's a trick? We
don't scrape Facebook for data, but use a variety of data providers for most
of our social information.

~~~
jfarmer
Sorry. Your original response made it sound like that's what you did do.

I knew, e.g., Facebook lets you search by email address to find a friend if
you know their email. Since the data on Flowtown more-or-less matched that
data I had assumed that was the source of the data.

You'd do the same for the other social networks, plus perhaps get data from
Rapleaf and other social profile companies.

If you're saying that's not the case, I can't argue with that and apologize
for implying otherwise.

As to whether it's a trick or not, what difference does it make? You can call
it a tactic if you'd like.

~~~
ebloch
Ah, ok, totally my bad. I had the wrong context around "trick" I thought you
were referring to our business and not a potential method we used to uncover
social data.

On an totally unrelated note Cassie says "Hi" - I was at her place for one of
her roommates bday's and I was on his computer responding to this thread and
she's like OMG jfarmer is that who you're talking with... such a small world.

------
gcb
the part that acares me the most is that he is willing to go around giving the
list to anyone

