Icanhazurpersonaldata – The Q TrustVirus and How Bad a Trust Virus could be

Warning: this content is older than 365 days. It may be out of date and no longer relevant.

The buzz this weekend was clearly about Q – the first TRUE viral marketing product I’ve seen in new media. It’s viral just like a real virus – it spreads to everyone you’ve come in contact with, and the power of its infection is multiplied by the level of contact you have with others. We’ll probably talk about this at length during this coming week’s best marketing podcast, Marketing Over Coffee.

My first read on Q is this – good. Good that it happened, good that the payload was relatively innocuous (so far), good that it demonstrated a flaw in social networking without obliterating the network in the process. I’d still change your password if you’re a current or former Q user on any email account you’ve used it with.

Just how bad could the Q Trust Virus (trustvirus? is that even a word?) have been? Consider this: how many times have you synced your online web mail’s account information with an address book or other utility? I’d bet dollars to doughnuts that if you’re in the social space, you’ve used a tool like Plaxo or LinkedIn or another sync tool that promises to bring together all your data, and you’ve done so.

I’d bet you dollars to doughnuts right now that in your address book on XYZ service as well as on your personal computer, you not only have friends’ email addresses, but their real names, physical world addresses, phone numbers, birthdays, and more.

Imagine a Q-style TrustVirus (it’s officially a word now) that aggregates all of that, but doesn’t tell you, nor does it mass email all of your friends. Instead, it stores it in one large data warehouse, and cross-references people in your network with the same people in other networks, until it develops a comprehensive profile of an individual based on fragments gathered from that individual’s many friends. CC Chapman may not have my birthdate in his address book, but Chris Brogan might. Steve Garfield may know my cell phone number, and someone might know my work address. Put the sum of my friends’ knowledge about me together, and you’d have enough for a profile of reasonable accuracy.

What to do with such a profile? Well, selling it to an identity theft ring would probably be lucrative and almost impossible to trace. Selling it to marketing data firms, selling it to just about anyone who wants top-notch, qualified personal profiles (three letter government agencies?) would be profitable.

Think about it – not only would a trustvirus gather a lot of information quickly, but it would be highly accurate most of the time, because you’re hijacking trust relationships across networks. Bryan Person trusts me enough to tell me his birthday, and I have no incentive to put inaccurate data in my address book. I trust Anji Bee with my mailing address, and chances are very good she’ll record it accurately. A trustvirus knows this and therefore the data it collects will be highly trustworthy.

What’s the lesson in all this? Think carefully about the information you put online. Think carefully about what you share with whom, even close friends, because they are human and therefore susceptible to trustvirus hijacking. Encourage your friends, if you’re of a sufficiently paranoid mindset, to not record sensitive data that could be used for identity theft (name, SSN, and date of birth is the magic trifecta that unlocks most doors) and be very careful about how you store data about them.

The easiest benchmark of all is to ask yourself this: what don’t you want the world to know about you – and who else knows about it?

Beware the trustvirus.

Comments

21 responses to “Icanhazurpersonaldata – The Q TrustVirus and How Bad a Trust Virus could be”

  1. Len Edgerly Avatar

    Should I go into Q and remove my settings information? Am I risking problems if I even go into the settings? I did that tonight, and afterward my entire Mac Address Book was wiped out. Maybe a coincidence, some other problem, but it spooked me big time. I had backed it up daily, so it’s back. What to do!?

  2. Len Edgerly Avatar

    Should I go into Q and remove my settings information? Am I risking problems if I even go into the settings? I did that tonight, and afterward my entire Mac Address Book was wiped out. Maybe a coincidence, some other problem, but it spooked me big time. I had backed it up daily, so it’s back. What to do!?

  3. […] Twitter pal Chris Penn of the Financial Aid Podcast had some good words about “Q’s” violation, calling it a “Trust virus”: My first read on Q is this – good. Good that it happened, […]

  4. Chef Mark Avatar

    Very thought provoking and chilling post, Chris. You have thought through some scary stuff that I think many of us have not considered when joining networks. It makes me glad that I didn’t join Quechup, but what’s to say it can’t happen on facebook? It means that we as users have ti pressure the owners of these sites to block any scripting that does any automatic sending of data without a dialogue box.

    Since it’s so easy to create applications for facebook, for example, will it even be possible for the owners to monitor the scripts for this kind of malware?

  5. Chef Mark Avatar

    Very thought provoking and chilling post, Chris. You have thought through some scary stuff that I think many of us have not considered when joining networks. It makes me glad that I didn’t join Quechup, but what’s to say it can’t happen on facebook? It means that we as users have ti pressure the owners of these sites to block any scripting that does any automatic sending of data without a dialogue box.

    Since it’s so easy to create applications for facebook, for example, will it even be possible for the owners to monitor the scripts for this kind of malware?

  6. […] Christopher Penn has labeled this a “TrustVirus”, and the term fits perfectly. There’s a huge opportunity for ne’er-do-wells too get canoe-fuls of valuable information just by abusing online trust. Chris points out that this was rather innocuous, at least it seems so right now. If iDate is a front for spam though, a lot of people are gong to get new email addresses soon. […]

  7. julien Avatar

    super interesting dude. i agree as to its brilliance, and thank god for its innocuousness.

  8. julien Avatar

    super interesting dude. i agree as to its brilliance, and thank god for its innocuousness.

  9. […] The worst part about this it takes advantage of trust (in this case, the trust built by CC) to spread. Had I not read his post, it might have spread through me next. And so on. (Chris Penn has labeled this a trustvirus.) […]

  10. Chris Brogan... Avatar

    The only reason I’m not mailing out 1594 apologies is that I’m officially offline this weekend. In fact, I’m stepping away from the computer so I can breathe (chocolate rainnnnnnnn). So, yeah. This one really woke me up.

  11. Chris Brogan... Avatar

    The only reason I’m not mailing out 1594 apologies is that I’m officially offline this weekend. In fact, I’m stepping away from the computer so I can breathe (chocolate rainnnnnnnn). So, yeah. This one really woke me up.

  12. Ricky Mondello Avatar

    This scares me, a whole heck of a lot. You don’t have to do anything wrong in this instance, your friends do. We all love our friends, but don’t exactly _trust_ all of them, especially the less tech savvy ones.

    Ekk.

    But yeah, it is a brilliant tactic.

  13. Ricky Mondello Avatar

    This scares me, a whole heck of a lot. You don’t have to do anything wrong in this instance, your friends do. We all love our friends, but don’t exactly _trust_ all of them, especially the less tech savvy ones.

    Ekk.

    But yeah, it is a brilliant tactic.

  14. Matthew Ebel Avatar

    Oooh, ninja owes me doughnuts! (I’ve never, ever, ever given some networking site my email info. Ever. I’m not insane.) =)

    Pax,
    Matthew

  15. Matthew Ebel Avatar

    Oooh, ninja owes me doughnuts! (I’ve never, ever, ever given some networking site my email info. Ever. I’m not insane.) =)

    Pax,
    Matthew

  16. […] Christopher S. Penn » Blog Archive » Icanhazurpersonaldata – The Q TrustVirus and How Bad a Trust … Christopher Penn on Quechep: “the first TRUE viral marketing product … in new media.” What do we need to be worried about? (tags: SMT10) […]

  17. […] called a ‘Q-style trust virus‘ and the previous blog entry talks about how social networking + trust viruses of this type […]

  18. […]  This has been commented on in a number of recent blogs – just checking quickly finds similar warnings – and some related discussion – at Dwight Silverman’s TechBlog, TwistImage and Insights into Christopher S Penn. […]

  19. […] Pass the Quechup. This new social network didn’t endear itself to new users by unleashing what Christopher […]

  20. […] September 12, 2007 A Quechup followup Posted by acavender under Tech  Thanks to BarbaraKB, who commented on the post below. To read more about Quechup, now being labeled a “trust virus,” click here. […]

  21. […] has been called everything from a spam network, to a menace to a trust virus. If you haven’t heard of it, let me give you the rundown. Essentially, you sign up just like […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest

Shares
Share This