Feeds

Privacy fears prompt Fry to quit Plaxo

A bit of Fry and worry

SANS - Survey on application security programs

Stephen Fry has quit Plaxo after he became annoyed that the social networking site was revealing what he sees as too many personal details with anyone visiting the site - as opposed to designated contacts.

Plaxo, which was co-founded by Napster co-creator Sean Parker, maintains an online address book and social networking service. The service has fully configurable privacy settings, but Fry believes the default settings are sharing rather more information than he's comfortable with.

In a message on Twitter last Friday, Fry complained that Plaxo was "distributing my details to every casual passerby" and not just his online contacts.

Separately, a Reg reader told us on Thursday that anyone with an account can freely browse all the personal information held on Plaxo, including their mobile number and addresses as well as who users have logged as contacts.

We asked Rik Ferguson, a security researcher at Trend Micro, to help us investigate this on Friday morning, prior to Fry's fall-out with the social networking site.

Ferguson responded that Plaxo appeared to be operating normally - i.e. it's sharing only information that users have chosen to share.

Our tipster, who asked to remain anonymous, accepted this diagnosis while noting that the design of Plaxo could give rise to privacy problems. "If this really is by design, then fair enough. I was just staggered at the amount of data available by trawling through Plaxo and the contact details and contacts for lots of seemingly significant people. Someone could easily build a very interesting correlated database using the info that seems publicly visible."

Fry was put out that anyone who logged into Plaxo was able to see his mobile phone number and postal address. With other social networking sites such as LinkedIn and Facebook, only a member's contacts can see this kind of information.

Plaxo spokesman John McCrea responded that Fry himself had permitted logged-in users to see this information. He denied there was any breach in the security of the service.

"As best I can tell, what's happened is that one user (albeit a rather prominent one!) was surprised to find that the sharing settings he'd previously applied to some of his personal info were more public than he'd intended," McCrea told The Guardian.

"We certainly have not made any changes to settings, features or policies that would make anyone's personal information more widely available than it had previously been."

It's not the first time the actor and celebrated brain-box has become upset with a social networking service. Last month, Fry briefly threatened to quit Twitter, where he is followed by over a million people, after a fan criticised his updates to the social networking site as "boring."

Fry's detractor quickly apologised, while the comedian's many supporters urged him to keep on tweeting, prompting Fry to change his mind and stick with the micro-blogging site. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.