April 09, 2013, 6:21 PM — Remember RapLeaf? They’re baaack. And so is the data profile they created about me, which I opted out of more than two years ago. (See the end for RapLeaf's response and/or this post.)
Actually, RapLeaf never went away, but it has “pivoted,” in the language of Silicon Valley. Back in fall of 2010, the data aggregation firm got in some hot water when the Wall Street Journal revealed that it had been gathering a lot of sensitive information about Web surfers – like their religious and political beliefs -- and then sharing that data with advertisers so they could target their ads more precisely.
Along the way, the Journal discovered, RapLeaf was also sharing information that could be matched up with people’s names – in direct violation of its own privacy policies. The story also noted that RapLeaf was siphoning information from Facebook and MySpace apps, thus violating their privacy policies as well. The firm said that was inadvertent and that it would stop the practice. Now, it seems, RapLeaf has moved out of the ad targeting biz and into the email targeting arena (ie, the “pivot”). But it hasn’t stopped Hoovering up data.
In October 2010 I wrote a couple of pieces about RapLeaf and the data it had collected about me. At that time I also opted out of any further data collection. Here’s a screenshot showing how RapLeaf had profiled me back then, based on information it gathered from online and offline sources tied to my email address:
Today, I was trying out a privacy service called Safe Shepherd, which scours the Internet and shows you where your information is leaking out. One company that had collected information about me jumped out: RapLeaf.
Gee, didn’t I opt out of data collection from these guys? Yes, I did, as I noted in that post from October 2010. But when I went to RapLeaf and logged in to my account, I found this:
Not only am I not opted out of RapLeaf’s database, they’ve also gathered far more information about me than they had before. No longer was I just a series of “targeted interests”; now they had information about my education, income, marital status, home ownership, smartphone ownership, and political views.
Granted, RapLeaf was way off on a few things. (I am the least likely person to contribute money to the Republican Party, to name just one.) But by and large, they had me pegged. And that’s only part of the information that RapLeaf wanted to gather. Other categories that were blank included my occupation, the type of home I owned, how many cars and what type, if I owned a premium credit card, the value of my invested assets, how in debt I was, and whether I was likely to be a strong supporter of the Second Amendment.
Clearly, RapLeaf has a lot of political clients who use them to clean and refine their email lists. But how it managed to gather all this information (and misinformation) about me remains a mystery. I can make a few guesses, though. I did download and install a couple of Facebook apps for the Mitt Romney campaign and the Karl Rove PAC last fall for a piece I was writing. It’s possible that RapLeaf got the idea I was a card carrying member of the GOP from that. But that would also mean it’s still siphoning data from Facebook apps, which it claimed it no longer does.
And of course, there remains the key question: Why are my opt out choices being ignored? This is the second time in a month I’ve run across data miners from whom I thought I’d opted out, only to find I hadn’t. At first I ascribed it to faulty memory, but with RapLeaf I am dead certain.
I sent an email to RapLeaf support, which responded immediately with a note apologizing for the “confusion” and telling me I’d been opted out. I am still waiting for an official explanation, and will update this post if and when I receive one.
UPDATE: After some back and forth with RapLeaf, we uncovered what went wrong: I had opted out using a different email address. See this followup post for more details.
Have you opted out of tracking only to find you were mysteriously opted back in? Post your thoughts in the comments or ping me on Twitter.
Got a question about social media or privacy? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blogeSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld onTwitter and Facebook.
Now read this: