What Rapleaf Knows About You: WSJ Reports

21 Comments

Last week, I pointed out that in the recent brouhaha over privacy and Facebook, the real culprit was San Francisco-based identity and information aggregator, Rapleaf. And then I explained how the company gathers information, especially by partnering with third-party applications and services such as eTacts, Rapportive and several more.

Today, Wall Street Journal’s Emily Steel has written an in-depth (and excellent) expose of this company, whose tentacles are spread deep into the Internet.

RapLeaf’s privacy policy states it won’t “collect or work with sensitive data on children, health or medical conditions, sexual preferences, financial account information or religious beliefs.” After the Journal asked RapLeaf whether some of its profile segments contradicted its privacy policy, the company eliminated many of those segments. Segments eliminated include: interest in the Bible, Hispanic and Asian ethnic products, gambling, tobacco, adult entertainment, “get rich quick” offers and age and gender of children in household. RapLeaf says many of its segments are also “used widely by the direct-marketing industry today.”

Here is what The Wall Street Journal found:

  • Rapleaf knows your real names and email addresses.
  • It can build rich profiles by tapping voter-registration files, shopping histories, social-networking activities and more. In effect, it can built the ultimate dossier on you.
  • Rapleaf sells pretty elaborate data that includes household income, age, political leaning, and even more granular details such as your interest in get-rich-quick schemes.
  • According to the WSJ, Rapleaf segments people into 400 categories.
  • Rapleaf says it doesn’t transmit personally identifiable data for online advertising, but the WSJ found that is not the case. Rapleaf shared a unique Facebook ID to at least 12 companies and a unique MySpace ID number to six companies. Any sharing was accidental, the company said.
  • Politicians, both Democrats and Republicans, are using Rapleaf. It has provided data to 10 political campaigns

Rapleaf’s web of cookies and data-collection end points is pretty vast. Last week, I shared some of the names with you, but it is a lot larger. Add several others to that list of companies:

When a person logs in to certain sites, the sites send identifying information to RapLeaf, which looks up that person in its database of email addresses.

Then, RapLeaf installs a “cookie,” a small text file, on the person’s computer containing details about the individual (minus name and other identifiable facts). Sites where this happened include e-card provider Pingg.com, advice portal About.com and picture service TwitPic.com.

In some cases, RapLeaf also transmits data about the person to advertising companies it partners with.

“Twenty-two companies, including Google’s Invite Media, confirmed receiving data from RapLeaf,” the Journal writes.

Before I go, hats off to Emily for doing such a great and in-depth piece. Clearly, it messes up plans for my next post, but I felt it was important enough for me to share what WSJ discovered with you all.

Related content from GigaOM Pro (sub req’d):

21 Comments

Jonathan Hirshon

How to PERMANENTLY opt-out of Rapleaf:

Option 2: Opting out of Rapleaf (Permanent Do-Not-Track Option)

This second option goes well above and beyond industry standards and is only offered by Rapleaf. The “Opt out from Rapleaf” function provides a permanent do-not-track option based on your email address. It deletes information associated with your email address from the Rapleaf database so businesses will no longer be able to learn more about you. Anonymized information about you will not be placed within browser cookies, so advertisers won’t be able to show you more relevant ads. Any existing Rapleaf browser cookies will be removed. This option requires users to submit their email address for our system to permanently key the email as opting out and confirm that the email address belongs to them. Importantly, we are the only company in the industry to provide this permanent opt out feature.

Requests to “Opt out from Rapleaf” is a two-step process that starts immediately upon email submission. The first step removes your information from being served to companies for use in personalizing the online ads and content you see, and usually takes about 48 hours. The second step of the opt out process involves deleting your information completely from all of our systems.

Jonathan Hirshon

Well – at least I give them credit for a fast turnaround when someone sends a hardball email. Within one hour – removed!

Hi,

This is a confirmation that your email has been opted out of our systems. Please let us know if you have any continuing questions, comments or concerns. Thanks!

-The Rapleaf Team

On Mon, Oct 25, 2010 at 5:12 PM, Jonathan Hirshon wrote:
Your opt-out link is down – please consider this email to be my opt-out request – I expect a reply back acknowledging this is indeed the case or you will be receiving a call from my attorney.

Mike S

I wonder if this post is getting me tracked!.

One way to minimize this is to dump / clear ALL cookies from your computer on a regular basis – say at least weekly. I dump all cookies every couple of days. Sure you have to re-login to all your favourute sites, but it’s far safer than haing all these trackers on your machine.
Another is to use a program such as ghostery to view who is putting what type of tracking cookies on your machine.

Maribago

Regarding Opt Out options for RapLeaf:

If you read the fine print on their opt-out page, you see that those who opt-out simply get a cookie with an opt-out flag. You clear your cookies (always a good periodic practice) and your opt-out flag is gone.
You get a different computer and, yes, you are now back in RapLeaf’s maw.
You hit the web from home and, yes, your email address is still tracked from home–until or unless you also opt-out from the home system.

Carl

Wasn’t totally personalised advertising touted as one of the wonders of the internet age, the ability to stop having to look at junk because you were seeing ads specifically for YOU?

Robert Rose

Om,
I’m afraid I don’t really don’t understand why those of us who have been in the technology field for any number of years are so “shocked that there is gambling going on in the casino”.

In fact I find the WSJ’s reporting rather shallow and “link-baitish” – especially in focusing on the “election” angle.

For years, Aristotle has made extraordinarily high quality voter targeting services available. They sell records on more than 150 million American voters that contain each voter’s registration data as well as their ethnicity, occupation, education, homeowner status and income level – and whether they are catalog shoppers, and whether they have a history of making charitable or political donations.

Catalina Marketing has, for years collected data on grocery shoppers (through the shopping cards) in more than 23,000 stores and 14,000 retail pharmacies in the US. According to their own marketing material they collect “more than 250 million transactions every week.”

Political campaigns have been mashing up databases for hyper targeting for years.

The only thing new here is that Rapleaf has figured out a way to start including the online social graph. That they use email address as one of the unique identifiers should be unsurprising. And at least they offer you a way to opt out… With Aristotle – if you vote, you’re tracked.

So, NOW we’re outraged that someone has built a better mousetrap? Really?

coldbrew

Rose: We seem to have read different posts because I don’t see the word “shocked.” Nor does the word “outraged” come to mind after reading this post. If you could simple point to the exact words you are having issues with, perhaps I could see what you are talking about exactly.

james

This is a very silly storyline. Not sure why you guys continue to pick on Rapleaf. You should more clearly state that this is merely an aggregation of publicly available data–either things people have shared or actions they’ve taken. It’s hardly a nefarious use–they’re selling this stuff to advertisers so they can better target that person with more appropriate promotions/ads/bonuses/etc. Facebook lets you target this data too. In fact, I can target people right now on facebook who have “god” as an interest or “bible” as an interest. Or I can target more precisely: females between the ages of 24 and 26 who work at for Time Warner Cable, live within 10 miles of San Jose and are interested in dumplings. Why is that bad if it lets me advertise my dumpling truck outside the time warner office in San Jose?? It’s not.

eideard

I’m less concerned about privacy than 99% of the people I know – and I find this company despicable.

Opt in or opt out, I want to be notified about what info someone is storing about my life. Accessing other sources which aren’t asking my permission for distribution, voter registration, etc., begins to smell like the kind of sleaze that makes truly creepy people happy.

delbert norvin

i don’t get it. this is entirely a reprint of what the WSJ reported. just big paragraphs of journal content that you reproduced in your blog? huh? was this just a lame attempt to get me to click on your article? congrats, it worked. but i won’t be coming back here. empty & misleading post, sorry to say

Om Malik

Delbert

I have been following this story and this is a summary of what WSJ reported. I wrote two posts last week about this and they just reported more information.

I am working on a follow up for later this week, but this WSJ article is a great piece. It only extends the story I have reported so far. Sorry, if you feel disappointed.

Comments are closed.