Why you shouldn’t use furl

We must be stupid. I am being serious, we must be REALLY stupid.

It is possible that after many years of people blowing the whistle against people collecting personal information we still fall for it. Who am I refering to? But to Furl, of course. Because, you see, we are often in good faith, and when someone says:

Privacy
Privacy is probably a top priority for you. It certainly is for us at Furl. When you mark an item “private,” we respect your expectation that no one else will be able to see its contents. Other members cannot see your private items when they view your archive, and Furl Search (search all archives) is restricted to public items only. We have designed the Furl system to ensure that your private items and topics are secure. We will not sell your email address or privately-stored information, nor share it except in very specific cases described in our Privacy Policy.

Access to the servers that house your archive is restricted to a very small number of employees. Procedures strictly prohibit accessing a member’s information, except when necessary to diagnose a problem or as specified in our Privacy Policy (such as when ordered by a court of law).

We’re members of Furl, too, and demand the utmost respect for privacy.

We kind of believe we are safe, right? Wrong! Let’s re read it:

We will not sell your email address or privately-stored information, nor share it except in very specific cases described in our Privacy Policy.

Again:

except in very specific cases described in our Privacy Policy.

We can put it in music:
except, except, except…
except, except, except in very specific cases described in our Privacy Policy.
And you should thank that this is no podcast.

But more, at the end of the same page:

Important Note
The contents of this page do not replace, modify or supercede Furl’s Terms of Service and Privacy Policy. Please read them carefully before using Furl.

Let’s go and look at the privacy policy. After all those people at furl have our privacy as a top priority. Guess why?
And we don’t need to look very far to understand the true nature of the service:

Who is collecting my information?

Furl usually collects the requested information. However, Furl has chosen select partners in order to provide certain services. In order to use certain services on the Site, it may be necessary to enter information that then goes to our partner and is not kept by Furl.

We contract with Coremetrics, a service partner, to provide us with a data collection and reporting service for our Site. If you access the Site, Coremetrics may collect information about you on our behalf. For further information, including how to opt out of such data gathering, please see: http://www.coremetrics.com/info_eluminate2.html.

In other words: We don’t gather data, we let Coremetrics do it for us. And guess who is Coremetrics:

The company’s flagship product, Coremetrics Online Analytics 2004, is the industry’s only online marketing analytics platform that captures and stores all customer and visitor clickstream activity to build LIVE (Lifetime Individual Visitor Experience) profiles that serve as the foundation for all successful e-business initiatives. Through a patent-pending browser-based data collection technology, the Coremetrics Online Analytics 2004 Data Warehouse gathers and stores behavioral information directly from the visitor’s browser and records interactions in real-time to build LIVE Profiles.

It can hardly get worse than that.

But let’s keep on reading Furl Privacy Policy. After all our privacy is their first thought in the morning. Or so.

How does Furl use my information?

Furl’s primary goal in collecting personal information is to provide you, the user, with a customized experience on our service. This includes, or may include in the future, personalization services, interactive communications, online shopping, and many other types of services. In order to provide services free of charge, we will serve ads using content-targeting technologies, based on the content of your archived items.

But this is not all:

The following describes some of the ways that your information may be disclosed. Please note that this is not a complete list. The ways your information may be disclosed will change from time to time.

So even the privacy policy is not complete.

Or read this:

Coremetrics: Coremetrics may store certain data that we received from visitors to Furl (which may include email addresses), so that we may access this information via their reporting service. Furl will only use information shared with Coremetrics for proprietary Furl purposes. Coremetrics does not have the right to transfer your information to any party other than LookSmart.

Business Partners: LookSmart may disclose your personal information to our business partners in order to provide you with the services on the Site. If you have questions regarding the privacy policy or data-collection practices of one of our business partners, please contact that partner directly.

We are told the information is disclosed to business partners, but we are not told to whom. Yet we are asked to look at their privacy policy to understand what use do they do of this information.

They also spy when are you reading their e-mails:

We may also collect information through the use of “pixel tags” included in email messages we may send to you. Pixel tags are tiny graphic files, not visible to the human eye, that are included in HTML-encoded email messages. When such a message is opened in an HTML-capable email program, the recipient’s computer will access our server to retrieve the pixel tag file, allowing us to record and store, along with the recipient’s email address, the date and time the recipient viewed the email message, that the recipient’s email program is capable of receiving HTML-encoded email, and other standard logging information. The pixel tag also may see or read cookies.

The policy goes on, and forgive me for not analysing it all. I just didn’t have the guts. I understoo what I wanted, and here are my conclusions:

Conclusions
Furl collects personal information, gives this personal information to online partners for commercial purpose, including your e-mail address. Thus I don’t want to use furl and probably neither do you.

In short: Furl Sucks.
Amen.

29 thoughts on “Why you shouldn’t use furl

  1. Pingback: /dev/blog » Furl sucks

  2. Pingback: Random Bytes...by Ross Rader

  3. Gen Kanai

    Pietro, thanks for your post on furl’s privacy policy. I’m both a user of furl and delicious and I had no idea that furl’s privacy policy was so intrusive.

    I’m re-evaluating my furl usage…

  4. Pingback: Gen Kanai weblog

  5. Pingback: Operating Manual for Social Tools

  6. Mike Giles

    This is all pretty standard privacy policy material. Coremetrics is just a tool for tracking site usage, and it knows nothing about you as an individual user (it’s the same clickstream stuff folks get out of web server logs on every other site). Showing ads based on what you save (which the site doesn’t currently do) is no different than Gmail showing an ad based on your email content, or NY Times showing an ad based on what you are reading. Furl has never sent an email with a pixel tag, but it is true that the policy reserves that right. And yes, all privacy policies need to reserve the right to be updated.

  7. Frank

    At least it is stated. I wouldn’t stop using it over this. Nothing says you have to give Furl real information. Not even your email. Mailinator.com will provide you with a free recieve only email address. Now personally, I wouldn’t save anything to Furl or any other service that would bother me if someone else saw – but I understand that privacy is an illusion in the world – particularly the online world.

  8. Pietro

    Frank: If you were to check the Furl Terms of use, uder the point 3 you would discover that:

    3. USER REGISTRATION OBLIGATIONS

    You agree that any and all information provided during the registration process (“Registration Data”) is true, accurate, up to date and complete. You also agree to update and maintain Registration Data so that it is true, accurate, up-to-date and complete. Furl reserves the right to suspend or terminate your account, in whole or in part, or prohibit your further use of the Service, at any time.

    But you made a point, you might give very little information. After all your real name is optional

  9. Lisa

    Just FYI: I use a unique email address for furl (as for everthing to which I sign up). I’ve never received any spam or commercial email that came to the unique furl address.

    I won’t change my usage because I like the service better than del.icio.us – there are more features, even though del.icio.us has a larger userbase. Also this is a typical TOS. If you don’t want to use the service, don’t. It’s ok to make everyone aware, though, but I think some people can become over suspicious when it comes to TOS’s and try to read between the lines to find something that says they’ll be relinquishing their privacy if they use the service. I think moderation in this area makes for a happy internet user, as well as using unique addresses to protect your personal email addy…

  10. Pietro

    Hello Lisa: the idea to use a unique e-mail address is generally great, and I have been thinking about doing it myself too. Also your testimony that you never received any spam from that mail, si important. Unfortunately the point here is not just about spam. Also about privacy, and added value that a company gets by using the information you are giving them. But I would agree that at the end it is a personal position if a person decides to use a tool or not. And furl does seem to be a good tool. If it was also a bit more transparent…

  11. Pietro

    Moe: it is true, del.icio.us does not have a privacy policy. This does not mean that they can do anything they want with the data, it just mean that they have to follow the law about it. For example here in Italy you are not allowed to share informations that might be given to you… unless those info has written on it “permission granted to share this info” (or something similar). So the fact that delicious does not have a privacy policy does not mean they can do with the data anything they want. Joshua still have to follow the law, which in general is stricter than many privacy policies.

    Said that, FURL is a “for profit company”. As such it is natural that we pay more attention to it. Del.icio.us is the personal site of a geek (Joshua) who wanted to test an idea an give the world a useful tool. The spirit behind the web site is totally different.

  12. Pietro

    Hello Mike, I received your email, and answered it, yet I repeat some of that here:

    This is all pretty standard privacy policy material.

    The fact that something is used around does not make it ok. Just common.

    Coremetrics is just a tool for tracking site usage, and it knows nothing about you as an individual user (it’s the same clickstream stuff folks get out of web server logs on every other site).

    Reading their site they seem everything except a ‘just’. In any case the problem is what data gets stored, used, and sent to other partners. Right now your policy permit you to do it. And we don’t have the legal (or possible) right to find out what this is. This is not ok.

    Showing ads based on what you save (which the site doesn’t currently do) is no different than Gmail showing an ad based on your email content, or NY Times showing an ad based on what you are reading.

    I feel there is a huge gap between showing ads based on what there is on a page, and collecting data about a human being, and using that to show ads. Beside Google is a “for profit company”. And so is the NYT. Why should what they do be automatically considered ok?

    Furl has never sent an email with a pixel tag, but it is true that the policy reserves that right.

    Yep! We do agree.

    And yes, all privacy policies need to reserve the right to be updated.

    Sure, but the serious ones they give the possibility to the user to be updated via email for those changes (and not just with the new policy but also with a page with all the changes). If not you could take off the possibility to send spy pixel tags, then change the policy (giving yourself that possibility again), send the spy tags, and change the policy again (dening de fact, that you actually sent them). With a good program you can do it all in a few seconds.

  13. Pingback: irox.de

  14. Kossatsch

    I suggest Spurl (here), as it clearly says: Spurl.net takes great care to NOT collect or store ANY personal information about its individual users. Spurl.net does not store users real names or street addresses. Providing us with an email address is optional but not obligatory. here)

  15. jason toal

    yea right, and… so what?! What I see happening in the online social networking world as an ongoing trend, is the decay of privacy. The willing surrender in fact, of personal information on most peoples part. Particularly the younger generation seems decreasingly concerned about this ‘problem’. I mean honestly, here we are, posting personal pictures on flickr, upping profiles of our musical tastes on last.fm and broadcasting them, signing up for gmail accounts that specialize in pushing ads based on the contents of your email for crying out loud, and even gossiping in public w/ friends a la Livejournal and others. So why all the fuss about about a little data mining based on linking habits? Do you think those same companies aren’t trolling the del.icio.us users as well to garner whatever information they can? The fact is, if you are into online social networks of any kind, you have to expect to give up your privacy to some extent in the bargain. Its par for the course. If privacy is that much of a concern, then why be online in any form at all? This comment is probably going to be indexed by google within a week, which i find far more intrusive than whatever furl might be doing with my link collection. Why should the whole world get to know how I feel about privacy issues just because I choose to rant here on your ‘personal’ weblog? Sorry, but I just fail to see the problem.

  16. Pingback: /dev/blog

  17. Pingback: things to write home about » Blog Archive » Furl - Googling Your Bookmarks Is Not Enough

  18. Nick

    I found del.icio.us first, luckily, and found Furl later. I took one look at the front page, and left. No service as basic as del.icio.us has or needs such a shiny front page. Conclusion: they’re trying to put a moneymaking edge on the same service del.icio.us provides for free, with no catches. Sticking with del.icio.us

  19. Pingback: Hanging Garden » FURLè壿

  20. Pingback: Jason Toal » Blog Archive » FURL doesn’t suck

  21. Mike M

    I like Furl.net. Everyone grabs your data including the servise you blog through. It’s the internet and it is only free because companies have found a way to make a buck or two. Relax.

  22. Pingback: HYPERGURU » The privacy policy of Furl

  23. Pingback: TechCrunch

  24. Geo

    Well, by using FURL.NET you are after all, publishing your bookmarks, links, and
    comments for all to see on the web… anybody who uses furl a lot would probably
    disguise their user name, email, and any private information… any others,
    paranoids, or criminals, you have been warned!

    FURL.net is a HUGE convenience for anyone who wants to keep a repository on the web of their bookmarks and notes… the value obtained must be weighed against any privacy issues… Who cares if they keep tabs, anyway? It’s like TiVo keeping track of your TV watching… You have to weigh the benefits against any “loss of privacy”.

    I will continue my semi-anonymized use of FURL, and enjoy the benefits. I would gladly pay an annual fee, but that is impossible, so they have to fund themselves somehow.

  25. Pingback: amazing development » Furl sucks

Leave a Reply