What Is It?

Social networking Web sites, such as Quechup, http://quechup.com/, FaceBook, http://www.facebook.com/, MySpace, http://www.myspace.com/, Socialight, http://socialight.com/ (Ed. Note, 2007/09/13: The originally published link was incorrect. Thanks to subscriber Pascal DeVries for calling this to my attention.), and others, have devised a new way to convince you to freely give them a copy of your entire address book, and have made it very easy for you to do so.

What Should You Do?

As I wrote in "Beware of Plaxo," on 13 November 2003, which is posted in the VirusWarn archive, at http://www.viruswarn.com/Forums/tabid/53/forumid/5/postid/153/view/topic/Default.aspx, granting strangers access to your address book is full of risks. Four years later, the risk remains, and may be greater. It appears that the new social networking sites have taken things up a notch, by endeavoring to hide the fact that they are harvesting your entire address book, then sending invitations, on your behalf, and in your name, to everyone in your address book.

For your own safety and security, don't give these Web sites access to your address book! All of these sites have alternative methods of selectively inviting your associates to join, that give you complete control over who gets invited and, more important, who doesn't.

Your address book probably contains dozens, if not hundreds, of names and addresses of people that you barely know, or that you wouldn't want to invite to join one of these networks.

For example, my book contains the following, among others.

• Posting addresses of mailing lists to which I subscribe, including this list. While a message sent to the VirusWarn list would be stopped at the list server, such a message might succeed on some others. This could be very embarrassing, and could lead to my expulsion from the list, cutting me off from important links with professional colleagues.
• Addresses of family and close friends who might be offended if I invited them to join such a site.
• Addresses of clients, vendors, and other business associates, who would be justifiably upset if such an invitation, appearing to be from me, arrived in their In box.
• Private email addresses that were given to me with the understanding that the address would be kept private.

If you work at a company, your address book probably contains email addresses of your superiors and coworkers, and, perhaps, of internal distribution lists.

• What would happen to you if there are five people in the chain of command between you and your CEO, and all of them, including the CEO, got an invitation to join your social networking site, and the invitation appeared to come from your company email address?
• Worse yet, what would happen if an invitation was sent to the internal distribution list that contains every person in your company that has an email address?

References

• Following are examples of social networking Web sites of various types.
  • http://quechup.com/ 
  • http://www.facebook.com/ 
  • http://www.myspace.com/ 
  • http://socialight.com/ 
• "Quechup Highlights Importance of End User Education," at  http://www.windowsitpro.com/Articles/articleid/97039/97039.html, on the Web site of Windows ITPro, a leading magazine for system administrators, brought this matter to my attention.
• http://www.viruswarn.com/Forums/tabid/53/forumid/5/postid/153/view/topic/Default.aspx is an archived copy of my VirusWarn notice, "Beware of Plaxo."

David Gray, MBA, Chief Wizard WizardWrx, formerly P6 Consulting
	V: +1 (817) 812-3041 TZ: USA Central, GMT -5 E: dagray@wizardwrx.com W: www.wizardwrx.com	5006 Cloyce Court North Richland Hills, TX 76180-6944 USA
Tell me what you need, and I’ll conjure it.