Pingg, About.com, picture service TwitPic, Flixster, Plixi.com are some of the dozens of startups that are using San Francisco-based Rapleaf and inadvertently helping the company build accurate dossiers on many of us. The Wall Street Journal investigation shows Rapleaf knows a whole lot about you.

Sticky Feet

Last week, I pointed out that in the recent brouhaha over privacy and Facebook, the real culprit was San Francisco-based identity and information aggregator, Rapleaf. And then I explained how the company gathers information, especially by partnering with third-party applications and services such as eTacts, Rapportive and several more.

Today, Wall Street Journal’s Emily Steel has written an in-depth (and excellent) expose of this company, whose tentacles are spread deep into the Internet.

RapLeaf’s privacy policy states it won’t “collect or work with sensitive data on children, health or medical conditions, sexual preferences, financial account information or religious beliefs.” After the Journal asked RapLeaf whether some of its profile segments contradicted its privacy policy, the company eliminated many of those segments. Segments eliminated include: interest in the Bible, Hispanic and Asian ethnic products, gambling, tobacco, adult entertainment, “get rich quick” offers and age and gender of children in household. RapLeaf says many of its segments are also “used widely by the direct-marketing industry today.”

Here is what The Wall Street Journal found:

  • Rapleaf knows your real names and email addresses.
  • It can build rich profiles by tapping voter-registration files, shopping histories, social-networking activities and more. In effect, it can built the ultimate dossier on you.
  • Rapleaf sells pretty elaborate data that includes household income, age, political leaning, and even more granular details such as your interest in get-rich-quick schemes.
  • According to the WSJ, Rapleaf segments people into 400 categories.
  • Rapleaf says it doesn’t transmit personally identifiable data for online advertising, but the WSJ found that is not the case. Rapleaf shared a unique Facebook ID to at least 12 companies and a unique MySpace ID number to six companies. Any sharing was accidental, the company said.
  • Politicians, both Democrats and Republicans, are using Rapleaf. It has provided data to 10 political campaigns

Rapleaf’s web of cookies and data-collection end points is pretty vast. Last week, I shared some of the names with you, but it is a lot larger. Add several others to that list of companies:

When a person logs in to certain sites, the sites send identifying information to RapLeaf, which looks up that person in its database of email addresses.

Then, RapLeaf installs a “cookie,” a small text file, on the person’s computer containing details about the individual (minus name and other identifiable facts). Sites where this happened include e-card provider Pingg.com, advice portal About.com and picture service TwitPic.com.

In some cases, RapLeaf also transmits data about the person to advertising companies it partners with.

“Twenty-two companies, including Google’s Invite Media, confirmed receiving data from RapLeaf,” the Journal writes.

Before I go, hats off to Emily for doing such a great and in-depth piece. Clearly, it messes up plans for my next post, but I felt it was important enough for me to share what WSJ discovered with you all.

Related content from GigaOM Pro (sub req’d):

You're subscribed! If you like, you can update your settings

Related stories

  1. delbert norvin Sunday, October 24, 2010

    i don’t get it. this is entirely a reprint of what the WSJ reported. just big paragraphs of journal content that you reproduced in your blog? huh? was this just a lame attempt to get me to click on your article? congrats, it worked. but i won’t be coming back here. empty & misleading post, sorry to say

    1. Delbert

      I have been following this story and this is a summary of what WSJ reported. I wrote two posts last week about this and they just reported more information.

      I am working on a follow up for later this week, but this WSJ article is a great piece. It only extends the story I have reported so far. Sorry, if you feel disappointed.

  2. I’m less concerned about privacy than 99% of the people I know – and I find this company despicable.

    Opt in or opt out, I want to be notified about what info someone is storing about my life. Accessing other sources which aren’t asking my permission for distribution, voter registration, etc., begins to smell like the kind of sleaze that makes truly creepy people happy.

  3. This is a very silly storyline. Not sure why you guys continue to pick on Rapleaf. You should more clearly state that this is merely an aggregation of publicly available data–either things people have shared or actions they’ve taken. It’s hardly a nefarious use–they’re selling this stuff to advertisers so they can better target that person with more appropriate promotions/ads/bonuses/etc. Facebook lets you target this data too. In fact, I can target people right now on facebook who have “god” as an interest or “bible” as an interest. Or I can target more precisely: females between the ages of 24 and 26 who work at for Time Warner Cable, live within 10 miles of San Jose and are interested in dumplings. Why is that bad if it lets me advertise my dumpling truck outside the time warner office in San Jose?? It’s not.

  4. I’d welcome some stories with practical advice on how to disentangle from Rapleaf.

    Any pointers?

    1. https://www.rapleaf.com/opt_out is the best way to opt-out of Rapleaf.

      1. Ha! I am sure they would add me into a new category then.

      2. Thanks. Done.

  5. Om,
    I’m afraid I don’t really don’t understand why those of us who have been in the technology field for any number of years are so “shocked that there is gambling going on in the casino”.

    In fact I find the WSJ’s reporting rather shallow and “link-baitish” – especially in focusing on the “election” angle.

    For years, Aristotle has made extraordinarily high quality voter targeting services available. They sell records on more than 150 million American voters that contain each voter’s registration data as well as their ethnicity, occupation, education, homeowner status and income level – and whether they are catalog shoppers, and whether they have a history of making charitable or political donations.

    Catalina Marketing has, for years collected data on grocery shoppers (through the shopping cards) in more than 23,000 stores and 14,000 retail pharmacies in the US. According to their own marketing material they collect “more than 250 million transactions every week.”

    Political campaigns have been mashing up databases for hyper targeting for years.

    The only thing new here is that Rapleaf has figured out a way to start including the online social graph. That they use email address as one of the unique identifiers should be unsurprising. And at least they offer you a way to opt out… With Aristotle – if you vote, you’re tracked.

    So, NOW we’re outraged that someone has built a better mousetrap? Really?

    1. Rose: We seem to have read different posts because I don’t see the word “shocked.” Nor does the word “outraged” come to mind after reading this post. If you could simple point to the exact words you are having issues with, perhaps I could see what you are talking about exactly.

  6. Wasn’t totally personalised advertising touted as one of the wonders of the internet age, the ability to stop having to look at junk because you were seeing ads specifically for YOU?

  7. Michele Clarke Monday, October 25, 2010

    What happened to the video of the CEO?

    1. It’s right there? Are you unable to see the video of this?

  8. [...] Om Malik calls RapLeaf “the real culprit” behind the recent uproar over privacy and [...]

  9. Regarding Opt Out options for RapLeaf:

    If you read the fine print on their opt-out page, you see that those who opt-out simply get a cookie with an opt-out flag. You clear your cookies (always a good periodic practice) and your opt-out flag is gone.
    You get a different computer and, yes, you are now back in RapLeaf’s maw.
    You hit the web from home and, yes, your email address is still tracked from home–until or unless you also opt-out from the home system.

  10. I wonder if this post is getting me tracked!.

    One way to minimize this is to dump / clear ALL cookies from your computer on a regular basis – say at least weekly. I dump all cookies every couple of days. Sure you have to re-login to all your favourute sites, but it’s far safer than haing all these trackers on your machine.
    Another is to use a program such as ghostery to view who is putting what type of tracking cookies on your machine.


Comments have been disabled for this post