18 comments

[ 2.4 ms ] story [ 55.5 ms ] thread
I don’t think it should scare you if you are careful about your online activity
Very curious to hear what the HN community thinks.

Not sure if the analogy holds but it seems Rapleaf is turning one's email address into the new social security # (for those in the US)?

Also, does anyone know if banks can use this in making consumer credit decisions? I believe this wouldn't be legal, but Om alludes to banks using it in his post.

> “If a customer’s email address is attached to three or four social networking sites with 300 friends, the email likely isn’t fake and the retailer can put that person in the ‘good’ pile.”

The guy who sold sex.com had an interesting idea in his Mixergy interview about making loans to young adults by having them pledge their email or Facebook as collateral. For example, if the loan wasn't being repaid, the service would post on your wall using your credentials something like "isn't paying his loan back" Now, in some circles that might be taken as a positive status-enhancing comment but, privacy issues aside, the idea of putting up one's identity as collateral is interesting to me. Some of the more successful real world charities (Team in Training, for example) push you to raise thousands because you have pledged to do an endurance event (usually a marathon) and if you back out - you lose credibility and the more you raise for Team in Training - the more negative incentive to back out. You actually sign a legal contract when you sign up saying that you will either raise the full amount or pay the outstanding balance out of your own pocket - with a loophole that you can back out of the contract in thirty days and just lose your initial several hundred commitment fee. The power of social contracts. Rapleaf understands this well. So does Team in Training. At the extreme, there are cults. At the other end, stuff like being asked to donate money or volunteer at church. I wonder how well a public scorecard of how much money you were donating to charity, CO2 that you were generating would work to increase charitable donations and decrease personal CO2. But I digress

Identity as collateral is an interesting concept. In a way, it's happening now, albeit low-tech.

I get debt-collection calls for people loosely associated with me (in-laws). I assume the point is to have it come up in conversation and shame the debtors into paying, but I choose not to play a part.

Social pressure is pretty much what micro-finance depends on to ensure repayment.
This is actually a pretty good idea. Remember the discussion of a payday loan startup a while back?

Mobile phone companies give people very expensive stuff (high-end phones) in exchange for regular payment. This is effectively a loan, given even to people no bank would deal with.

Mobile phone companies can do a lot of damage to your social life (by cutting off the phone); apparently, this is sufficient to keep people paying their monthly fee. Again, this includes people no bank would deal with.

The parallel to Facebook, say, would be obvious. But it's hard to make this work if the borrower can just change his/her password...

Changing the email to a loan company owned email would prevent this.
Perhaps this is a good argument to split activities between email addresses. I guess many of us already have several perhaps personal, public, work, online account and so on. When you think of an email address as a reputation then its time to have a dozen or so on the go so that those reputations do not overlap.
I think the provision of powerful APIs (but with terms of use that say they can use any data that you gather with them) is a smart way of collecting a large amount of this type of information.

However, it's also not hugely clear (well, it wasn't when I was investigating using them a couple of years ago) when signing up to get access that that is what's happening. I was checking the TOU and noticed some alarming wording - basically, any users who used the Rapleaf API to upload their address book to my site, would also be giving their entire address book to Rapleaf (to do as they see fit).

In the end, I used Octazen (later acquired by Facebook) instead.

Email is very powerful and valuable data. I prefer to use the services of Flowtown, but just as Rapleaf indicated they are a data company and their tools are opt-in.

I have also found that investors tend to like startups that utilize Rapleafs data where applicable. We haven't decided to use it yet.

Rapleaf doesn't scare me -- their data is only what's publicly available on the web. If you don't want RapLeaf to have it, don't post it on the web.

I actually know their Chicago account manager and have meet one of the co-founders. They are a stand-up group and take privacy and data integrity quite seriously. My company uses their data to pull additional information on "influencers" we identify doing online research.

Yeah, sometimes your information gets published to the web in unexpected ways. Like the first time I responded via google groups, google snuck my gmail address on the post (without indicating that it would), or how Amazon Web Services published my real name as a Developer Profile because I had to give a real name and credit card to try out S3.
It sort of scares me because I keep reading their name as "Rape leaf" - but aside from that I'm not on Facebook so I'm not all that worried :)
Ugh... I can't seem to find it but someone built a quick and dirty web page that would use Rapleaf's API to lookup email addressess.

EDIT1: I think it's somewhere on Pete Warden's blog (same guy that crawled Facebook).

EDIT2: Here it is.

http://web.mailana.com/labs/findbyemail/

Interesting. In my case they seem to latch on to dead accounts or accounts with fake info.

If you're worried about services like Rapleaf, mix fake info into your public profiles. Most sites have no business knowing your birthdate, city of residence let alone your mailing address. Regularly forget your passwords and whimsically start over with new accounts.

Make it hard for automated scripts to harvest your real identity. Be "damaged goods" that can't be easily sold.

Yes, I opted out as soon as I knew I could.