In experimenting with Plaxo’s Pulse in the past few days, I noticed one disturbing little thing. In signing up, I let it import my Gmail address book and when it informed me of who among my contacts also were Pulse users, I agreed to send them requests to connect. Two of those people were Chris Brogan and Alec Saunders, both of whom I know from various contexts. So I wasn’t terribly surprised when I started seeing their updates in my “Pulse Stream”:
However, there’s a wee little problem with this. You see, when I click on their names, I get this:
and this:
Do you see the problem here? I see all their stream items (presumably for their “Business Network” feed) – but THEY HAVEN’T APPROVED MY CONNECTION REQUEST YET!
Oops.
There’s a security/privacy issue here in that basically I can go and, it would seem, make a connection request to any other Pulse user. I won’t see the user’s contact information yet, but I will see their stream items in my Pulse Stream. It would seem to me that you would not want the user’s stream items to appear in my stream until the user has actually approved the connection between us. Right?
I realize that the Plaxo Pulse service is still in beta and so presumably this will be fixed. If not, I’d love to hear someone explain why this is desired behavior.
In Pulse, for any feed you add, your sharing choices include the option “public.” Setting a feed to “public,” lets anyone who has you in their address book get that feed, without having to first establish a one-to-one connection with you. That’s quite likely what is going on here, especially since the examples shown were blogs and Twitter, the sorts of feeds one would likely set to public.
John, Thanks for the reply. Yes, that’s probably exactly what is going on here. Hmmmm…. I hadn’t really realized that it’s perhaps only public information, which does obviously reduce any privacy implications. Interesting…. I need to think about that a bit more. Thanks, Dan
it’s too bad that Plaxo didn’t learn the lesson from Facebook and give users the ability to turn this feature off if you want privacy. The way Pulse is configured, every one of your Plaxo contacts sees all your other activity. Nice! The party photos I uploaded for my friends also get sent to my co-workers and there is no way to prevent it. Great idea Plaxo!
it’s too bad that Plaxo didn’t learn the lesson from Facebook and give users the ability to turn this feature off if you want privacy. The way Pulse is configured, every one of your Plaxo contacts sees all your other activity. Nice! The party photos I uploaded for my friends also get sent to my co-workers and there is no way to prevent it. Great idea Plaxo!
it’s too bad that Plaxo didn’t learn the lesson from Facebook and give users the ability to turn this feature off if you want privacy. The way Pulse is configured, every one of your Plaxo contacts sees all your other activity. Nice! The party photos I uploaded for my friends also get sent to my co-workers and there is no way to prevent it. Great idea Plaxo!