Contact Managers – Evil or Good?

By on July 9, 2004

A friend called me this morning saying that he got an e-mail message from someone he knew, but that message was apparently sent on his behalf by Plaxo. This friend was wondering what I knew about Plaxo, and whether he should respond to the message, which was asking him for all sorts of information he didn’t feel comfortable sending. Since I hadn’t heard of Plaxo before, I did a little research. Deane even has a post on it.

And the more I looked into it, the less I liked the whole concept.

What Links Here


  1. Dave,

    Thanks for looking into Plaxo. I am the Privacy Officer here at Plaxo responsible for addressing Privacy, Security, and Trust issues pertaining to the usage of Plaxo and I wanted to correct and clarify some of the things you wrote so you and others can decide for your selves how you feel about Plaxo.

    Plaxo is a free service (with a paid service in the works) that uses a web browser plugin or an e-mail client plugin (Outlook or Outlook Express for Windows only.) Once a user signs up for this service, the user basically transfers his address book over to Plaxo,

    Just to clarify, by “transfers” you do NOT mean transfers ownership of the address book or the information within the address book. Our Privacy Policy ( is quite clear by stating, YOU (the Plaxo member) maintain ownership of your information at all times, even if there is a business transition or policy change. YOU may add, delete, or modify your information at any time.

    But by “transfers” you mean copies or stores, then Yes! – Plaxo does allow members to optionally store their information on our servers which then allows them web-access to their information through Plaxo Online. Plaxo Online provides anywhere, anytime web-access your contact information, and in addition provides the benefits of automatic backup and restore capabilities (ever have a system crash???), as well as multisystem synchronization capabilities (single address book across a home and work PC, perhaps). Plaxo Online access is OPTIONAL and can be changed at any time after installing Plaxo.

    who then sends cute little “Hi. I’ve just joined Plaxo and could you update your contact details for me” messages to everyone in your address book. (Sounds like spam to me.)

    Incorrect – We do not send anything. These messages are referred to as Update Requests and the action of sending Update Requests are ALWAYS member initiated and member approved. Plaxo does not initiate these messages.

    When sending an Update Request, the Plaxo member decides who they wish to send the Update Request to by selecting from known contacts within their address book. The Plaxo member then customizes the content of the message, and then after being given a summary of the action to be taken, the Plaxo member must then approve the sending of the Update Request message.

    Once approved, our service then processes these instructions and messages on behalf of the Plaxo member; much like a web-mail service provider allows their members to send mail through their service. In the case of Plaxo, though, as part of our processing, we perform certain optimizations and filtering routines. For example, we filter out requests that may be unknowingly sent to known distribution lists or to people who have requested not to receive update requests from the Plaxo member.

    If the recipient of the “Hi…” message replies, the provided contact information — home address, work address, phone number(s), e-mail address, etc… — is loaded into the Plaxo user’s address book. (And elsewhere as well, I’m sure.)

    I’m not sure I know what you mean by “and elsewhere as well”. Certainly, the information flows through our systems and is synchronized with the member’s local address book (assuming a PC client installation). If the member has enabled Plaxo Online, the information is also maintained in the member’s online address book as well. Our Privacy Policy discusses in more detail about logs, systems backups, etc…

    Of course that “Hi…” message from Plaxo also includes an invitation to join Plaxo — if they join, Plaxo will then be able to dynamically keep everybody’s address book synchronized. Everybody is happy, right?

    True – we do take the opportunity to invite others to join the service and you are correct that this is where the true power of Plaxo begins to be realized.

    Imagine if you had an address book of 10 people. According to recent stats, at least 3 of those people will change a key piece of contact information within the next 12 months (phone, e-mail, address, etc…). If your address book remained static, that’s at least 3 friends you may lose contact with and have difficulty reconnecting with later on.

    Now imagine each of these people are also Plaxo members. Now your address book can be 100% self-updating. Anytime one of your contacts changes their information, you are automatically updated. They don’t have to remember to send you their updated information, and you don’t have to worry about adding it to your address book. Plaxo manages the updating and synchronization tasks for you automatically, all without generating any additional e-mail or added effort.

    But of course, you might feel manually managing 3 user changes a year is no big deal. But when you start to realize that many people manage contacts with hundreds or thousands of entries, the problem becomes self-evident. I’ll be the first to admit that Plaxo isn’t for everyone, but for many, Plaxo provides a simple, easy solution to a common problem that most of us deal with each day.

    Essentially, if Plaxo had its way, everybody would be signed up to their service and there would be One Big Central Address Book.

    Something about that just gives me the creeps.

    First off, Plaxo is pretty new. So we don’t know a whole lot about them.

    The service has been in production for nearly 18 months and we currently have over 2M members of the service.

    If some guy you’d never seen before came to your door and asked you a bunch of personal questions, would you answer him or not? As for me, the door is swinging, baby, so you’d better step back and get lost. Same goes for an unsolicited e-mail with a bunch of personal questions; even if it was initiated — in a way — by someone I know, if I answer those questions it’s going to someone else acting as an intermediary, and I don’t know that someone, nor do I know what they are going to do with that information.

    I understand what you are saying and I believe you are touching on the issue of trust. We understand that trust is not something that is given, but rather it must be earned. It is based on what someone says, and more importantly what someone does.

    Trust is essential to our business, and without it, we realize that we can not be successful. Our Plaxo Privacy Policy is our public statement of our privacy practices allowing for people to evaluate our actions against our words and judge for themselves.

    Our basic privacy principles are:

    • Your Information is your own and you decide who will have access to it.
    • You maintain ownership rights to Your Information, even if there is a business transition or policy change.
    • You may add, delete, or modify Your Information at any time.
    • Plaxo will not update or modify Your Information without your permission.
    • Plaxo will not sell, exchange, or otherwise share Your Information with third parties, unless required by law or in accordance with your instructions.
    • Plaxo does not send spam, maintain spam mailing lists, or support the activities of spammers.

    As for the information being managed by Plaxo (ie: the questions being asked), these are basic contact information fields that are representative of any contact management application (Name, email, phone, address, etc…). I agree this information is sensitive, but it is no different than the information maintained within an address book on services such as Yahoo! Mail, Google’s gMail, AOL Mail, MSN, or hundreds of other similar services.

    In each of these services, the member maintains the sensitive contact information of others on intermediary services and servers. For Plaxo, the issue is no different, but because our service is so focused around address book management, the issue of trust becomes very evident. But this issue is really the same for any service.

    Another thing that makes me think twice about outfits like Plaxo is what others are saying about them. A quick Google comes up with lots of links to lots of articles about Plaxo, and none of them very flattering — except, of course, those that originate on Plaxo’s website.

    There has certainly been a lot written about Plaxo, both positive and negative. People have certainly not been shy to express their feelings, whether it be in the media or in blogs such as this. For our detractors, I think if you really read through many of their articles, you’ll find that much of the argument against Plaxo is based upon subjective speculation, unsubstantiated claims, or simple misinformation. I think you’ll also find Plaxo members are happy to chime in with their own positive experiences with Plaxo and how it has helped them tremendously.

    One of my favorite misinformation articles was one written by PCMAG well over a year ago that continues to be offered as “proof” by some against Plaxo even today. At the time, the reporter claimed that Plaxo was a worm, stole passwords, and was simply just evil. Of course, all of this was completely false, and the reporter later wrote a retraction and apology. Unfortunately, it wasn’t until 6 months later and after much of the damage had been done. Sigh! Such is life in the Internet.

    Some say that services like Plaxo are as innocuous as the telephone book, but I think them are wrong. What happens when an unscrupulous employee gets access to the database and sells it to a spammer (or many spammers).

    I believe this is a tremendous concern for all Internet Service providers, and should be for any business that handles customer information. I would love to say that our systems our 100% protected against any type of attack, internally or externally. But I feel to say so would be improper and any business that makes such a claim is either ignorant or lying.

    For ourselves, I can say that the Privacy and Security of our members’ information is job #1. We have in place numerous security and IT business controls to help ensure the integrity of our systems, including limiting internal access to key systems and sensitive information. We will continue to stay diligent, adapt, and respond.

    What happens if the company goes under, and the database is sold as just another asset?

    As stated in our Privacy Policy, you maintain ownership in your information and retain the right to delete your information at any time.

    What if the company is just a front corporation for a real-life Boris Badenov. Ok, maybe that’s a little over the top.

    I’m sorry, but I’m not familiar with Boris Badenov, but I can say that we are backed by a dream-team of reputable business leaders and firms from the likes of Yahoo!, eBay, Amazon, Google, and Cisco. It is difficult to imagine these people and businesses would risk their reputations (and capital) in order to support a business operation that didn’t meet their high standards for success and business ethics.

    The thing that really gets me though is that even if you don’t sign up for it, they can still have your e-mail address and other information in their database courtesy of a friend of yours who decided it was a good idea to sign up.

    Yahoo!, AOL, MSN, Google gMail, AT&T, any ISP, etc…. all of these services allow their members to manage and maintain the information of others on their services. Yahoo!, AOL, and MSN combined account for 10x-20x more members than Plaxo.

    But I believe the real issue you are touching on is one of Ownership vs. Privacy. I’ve written about this on our own blog at:

    And being the beneficent organization that it is, you — as a non member — are provided with a way to opt out. Huh? Why should a non-member have to opt out? And even if I do opt out, am I to believe that my contact information is completely gone from their system? I may have been born at night, but it wasn’t last night.

    If you look at services such as Plaxo, Amazon, eBay, AOL, etc… all of us provide the ability for a member to send a communications via the service to someone who may not be a member. For Plaxo – a member might send you an Update Request; for Amazon – you might receive a “Tell a Friend” message; for eBay – a member may send you a “Email This Item to a Friend” message, etc.

    Any of these messages may be welcomed or unwelcomed by the recipient. But Plaxo is the only service that allows the recipient to block future messages sent to them by members through the service. We provide non-members the ability to “opt-out” of messages from a specific user, or from all Plaxo members entirely.

    I think I’ve made up my mind. They’re evil.

    And that’s fine. Everyone is entitled to their own opinion. We simply want to make sure we are operating is a clear and open fashion and allow people to decide for themselves.

    How about you? Any experiences with Plaxo, good or bad? Do you trust them?

    Thank you for the discussion. You’ve raised some very good concerns, and I hope I’ve been able to address those concerns to your satisfaction and this has helped.

    If there are any other questions, please let me know.

    Thank you,

    Stacy Martin Plaxo Privacy Officer privacy @t

  2. Just like Stacy Martin does I have been tracking for some months every weblog that mentions Plaxo. Plaxo’s privacy effort puts much public relations effort and moderation skills into the dialogs with the companies critics. Still my main concern is that once you download Plaxo’s software and let Plaxo address any contact in your email directories you loose grips of who you want to maintain in your contact list. So many people have criticized Plaxo for this and they don’t seem to be willing to deal with this serious matter. Yes the technology is innovative. Red Herring and others honoured this company for being likely to succeed. But as long the end user is not entirely in control of his data this service is not trustworthy.

  3. I’m just impressed she put that much work into a comment on a blog. Holy cats — they must have a legion of PR folks over there.

    It’s a well-written comment, however, which tells me they’ve encountered this stuff before. I wonder how much of the comment was cut-and-pasted?

  4. I bet they hired Stacy mainly to be an opion leader through weblogs and communities. That’s a clever marketing approach. Stacy is known for her competences in the world of virtual communities.

  5. Google for “‘Stacy Martin’ plaxo” and you’ll see that she’s Plaxo’s designated attack (defense?) dog.

    That’s nothing against her, but it’s obvious that her main job is to handle grassroots PR for them. Says a lot of about blog culture that they have someone assigned to this.

  6. Gerrit said, “Still my main concern is that once you download Plaxo’s software and let Plaxo address any contact in your email directories you loose grips of who you want to maintain in your contact list… as long the end user is not entirely in control of his data this service is not trustworthy.”

    If that is true, I would agree that Plaxo is not trustworthy. I wonder how Stacy would respond to that. Stacy? Are you listening?

    Gerrit? Has there been much of an official response from Plaxo to that?

  7. Deane – Sorry, no legion of PR here at Plaxo for this type of stuff – just a bunch of folks trying to do their best to make the best product possible and provide a service that both members and non-members feel they can trust. As the Privacy Officer here at Plaxo, I’m responsible for addressing Privacy, Security, and Trust issues pertaining to the usage of Plaxo.

    As you’ve noticed, I do try to keep an eye on blogs, newsgroups, etc… and respond when I feel there is value I can add. It’s not my main job, but I enjoy doing it because I feel it’s part of the culture here at Plaxo to be as straightforward and responsive as possible to the needs, questions and comments of the community. I think you’ll find that I’m not the only one here at Plaxo who holds these same beliefs. Starting with our VP of Engineering ( ) all the way down to members of our support and engineering teams ( ), I think you’ll find we all feel passionately about what we are building here and feel Plaxo can really help address a common problem that many people have.

    Not to get too far off topic, as a personal view on blogs, I feel blogging is great. They provide users a voice and channel they’ve perhaps never had before. But blogs are also challenging for businesses because issues are no longer being driven to the front door of the business. IMHO – businesses need to adapt to the new world, and blogs are certainly part of that new order. We’ve tried to embrace the blogging community and adapt our business to better support bloggers. For now, some people find this surprising (“wow – they responded to my blog!”), but I feel this is the way successful businesses will (should?) operate.

    Gerrit – as for your question: I’m sorry if I’ve missed it in the past, but I wasn’t aware of what you were saying. Perhaps you can contact me offline so I can better understand the issue, and we can jointly post a response back to this thread.

    If there are any other questions or comments, please let me know.

    Stacy Plaxo Privacy Officer privacy @t

  8. I just got hit with my first Plaxo info confirmation request.

    “P.S. I’ve attached my current information in a vcard. If you get Plaxo too, we can stay connected without the hassle of sending emails back and forth.”

    The e-mail was addressed from a sales rep for one of our vendors, but something tells me that Paul didn’t actually write that. I still don’t feel entirely comfortable with this Plaxo deal. Sounds like a spammer’s dream come true.

  9. The message you received was indeed initiated and approved by the sending Plaxo member. If you have received a Plaxo update request message, it is a clear indication the sending Plaxo member maintains your contact information within their own local address book, and they are attempting to stay in touch with you by providing you their latest contact information, and optionally asking for you to update them as well.

    Plaxo members have complete control over when, to whom and the message content of messages sent through Plaxo. We do provide default text that the sender can use for their message, but members are encouraged to personalize the messages they send through Plaxo as these types of messages are generally greater appreciated by the recipient.

    But if you feel there has been some potential abuse, please report the incident to our abuse department (abuse @t for investigation and follow up action.

  10. The Plaxo Stormtroopers blog comment responses are so boilerplate as to border on spam. I’m half tempted to blacklist them.

    I wouldn’t be at all surprised if Stacey’s comments are posted by a bot.

  11. “I wouldn’t be at all surprised if Stacey’s comments are posted by a bot.”

    If not, that oughta be good for another comment from her. Then again, even if it is a bot, any little comment on a post about Plaxo might generate a response.

  12. Does not compute. Response 49823KQP ;-)

    No – sorry, my responses are not posted by a bot. But your post leads me to believe you take some issue with these responses? Is there some issue you take with anything previously stated or do you have any suggestions on how you’d like to see things done differently?

  13. “… do you have any suggestions on how you’d like to see things done differently?”

    Not particularly. I’ve just decided that I have a general dislike for the whole Plaxo concept, so I’m not biting. And I’ll likely suggest the same for others who ask me about it. Nothing personal, Stacy. I’m sure a perfectly nice person/bot, but…

    Actually, I do have one suggestion; you need a catchier name for your product. “Plaxo” sounds like some sort of pharmaceutical, not a friendly, willing to help you out-type product. Not that that would change my opinion overnight, but it’d be a start.

  14. Dave – Well, we used to refer to the product as Plaxo Contacts, but then people started to think we were a pharmaceutical solution for eye-glass users . Alas, I think the Plaxo name is here to stay. Perhaps one day, as more people see managing and maintaining their contact information online so it is always updated, accurate and available, we’ll win you over. I’m sure you agree there is value to the concept.

  15. In evaluating the Plaxo service, you should ask yourself a basic question — how will Plaxo make a buck? What can their business model be? What do they have or create that is valuable in the market? I don’t believe they are operating as a charity, doing good and expecting nothing in return.

    Plaxo charges nothing to their users, so there’s no revenue there. But in lieu of charging a fee, they manage to harvest the entire contents of each user’s email address books. Then they begin an automated process of validating these addresses under the good name of the person who provided the list. The result — a continuously updated list of valid live email addresses — many times more than the 2 million users.

    Plaxo doesn’t have to sell these addresses to others in order convert them into a paying service. They can send out directed mailings on behalf of third parties. They can offer to validate lists that others bring them — match my list with their list, and tell me which of my addresses are good — for a fee. Or provide other demographic analyses that corellate the data they collect with other data sources. Who knows what else one could do with a large collection of validated contact information that would be worth $$ to some third party.

    The sad part of the story to me is that my address info gets handed over to Plaxo’s collection if even a small number of the people that I correspond with sign up for Plaxo’s free come-on. Even if I never respond to one of the ‘please update your contact info’ messages (and I don’t), they come to me from Plaxo containing my email, phone number, cell phone number, and anything else that my correspondent happened to enter into their address book about me. Plaxo has already harvested me, without me ever interacting with them in any way. That’s just wrong. All Plaxo has to do (and has done) is to offer a free service, and plenty of dim-bulbs will happily serve up their entire contact base.

    Bottom line — ‘free’ is never free. You always give up something in return. Think about it — then just say no.

  16. And now we all sit patiently and wait for Stacy Martin, the Official Plaxo Attack Dog, to bare her teeth and rip Bob’s throat out…

  17. Wow, you guys are a rough lot! I’ve been a Plaxo member for a few months now and the most frustrating thing to me is how deliberately obtuse so many of you appear to be of the simple (and I do mean VERY simple) facts.

    1. Plaxo is an individual’s address book. period.

    2. So-called plaxo update requests are your friends’ and co-workers’ address book update requests. Nothing more.

    3. Your information does not go into a collective ‘phone book’ that everyone or even other members can access.

    4. Plaxo address book subscribers CANNOT SHARE their contact information via Plaxo. They would have to download it into a more traditional address book such as Outlook and send it as a contact file which folks can do anyway and really has nothing to do with Plaxo.

    And the more you people gripe about something you don’t understand, the harder it makes for me to update my address book because of how ‘weirded out’ my friends get about these (mis)informational posts.

    Not that you all are the only problem. If the interface we use from our Plaxo address books was a little more subtle when it comes to sending out our updated information or requesting an update from our friends and family, then perhaps people wouldn’t get so freaked out.

    As someone who is constantly losing my paper address books every time I move and has a lot of friends in college, this makes it much easier to get ahold of friends and get their most current information without sending out 138 individual emails and then having to process all those responses and add the new information myself. Have you noticed in today’s society that we all have everyone’s current email address, but physical addresses and phone numbers have tended to get lost in the technology shuffle? Besides I like the birthday reminders.

  18. Thanks for your comments “Guinneth” (or is it Stacy?) Surprisingly, you are the only respondent who didn’t represent Plaxo that defended Plaxo in this forum or any other forum that I saw when I was digging into this subject.

    I guess I wouldn’t call this a “(mis)informational post”, but rather a collection of legitimate questions about a business model that just doesn’t add up. I think Bob summed up the situation with Plaxo very well in his response. I’m still far from convinced that Plaxo is what they say they are. And even if they are, there is no guarantee that, if they should close their doors for some unforeseen reason, the contact information under their watch would fall into spammers’ hands.

    It’d take more than birthday reminders to get me to join the Plaxo ranks.

  19. When I first got an update request from my sister, I shared your concerns and didn’t even respond. When I got another update request from a techie friend I respect greatly, I decided to do some research of my own. I found two articles by David Coursey, which luckily I read in reverse order. I’ll send you both links. Additionally several of the responses on his blog at ZDnet are from content Plaxo Users. I’ve included just a couple of them. I then tried the product out with just myself in the address book and decided it was perfect for my upcoming move.

    The only flaws I’ve found is that if you are using it for a personal address book and you want to send your new information to or get an update from your friends, plaxo defaults to the business email address if there is one listed. So you have to take out the business email and add it as a secondary personal email in your personal address book database. Additionally, although you cannot share the contacts with anyone, if your friend deletes all of their information, they have just permanently deleted it from your address book. There is a workaround for this but it’s not immediately apparent to a new user.

    David Coursey Articles: Slamming Plaxo:

    Plaxo Reconsidered:,1759,1644423,00.asp

    Plaxo Bloggers:

    And shame on all the other plaxo users out there who have been reading the canned Plaxo responses and letting that speak for themselves while nodding their head in (mostly) agreement. (even though I suppose I’ve been doing that myself as I’ve been visiting these blogs lately.)

  20. Hi, I have been with Plaxo almost since their original formation. Never had a problem, find them most helpful, have updated contacts many times, sent dozens of Xmas and birthday cards thro them and never suffered a spam because if them. Their main strength is keeping my information safe as loosing an address book is like losing your house keys, you’re knackered without them.I have had two major crashes with complte computor close down, first thing I do when back on line, download my very valuable address book from Plaxo. Keep up the good work lads you are doing a great job. p.s I do not work for Plaxo, just a very happy cliet

Comments are closed. If you have something you really want to say, tweet @gadgetopia.