Is Deceptively Getting People To Spam Their Friends Identity Theft?

from the seems-a-bit-strong dept

Fri, Jul 10th 2009 1:28am — Mike Masnick

Last month, the social networking site Tagged got in some PR trouble after its attempt at "viral marketing" went a little haywire, causing lots of people to inadvertently spam their friends with invites to the service (and then those who signed up may have done the same). Such things are pretty common. They're deceptive and annoying, and companies that engage in them don't tend to last very long because no one really wants to use their service. But is it identity theft?

That seems to be the claim from NY Attorney General Andrew Cuomo who is suing the company, claiming that it "stole the address books and identities of millions of people." While we in no way endorse what Tagged did -- it is deceptive and scammy -- it's definitely seems like going over the line to call it identity theft, or even address book theft. Tagged apparently quickly pulled the plug on the campaign, and while there could be an action against the company for deceptive marketing practices, one would think that the company's reputation has been so damaged already that it's not going to be able to sign up many legitimate users. Tacking on attacks about privacy invasion and identity theft seems like bit much.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: andrew cuomo, deceptive emails, identity theft
Companies: tagged

16 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 10 Jul 2009 @ 2:11am

Still though, compared to Cuomo's rants against Usenet and the like, this is almost sane.
[ link to this | view in chronology ]
Anonymous Coward, 10 Jul 2009 @ 2:27am

Shouldn't we be abusing someone for not calling it "identity infringement?"
[ link to this | view in chronology ]
Blatant Coward (profile), 10 Jul 2009 @ 3:42am

Facebook him Dano!
Hm either he wants to start the charges big and reduce them to charges more reasonable later, or he's a politician looking for headlines.

No, neither one of them make sense, he must think they are pirates and is trying to lull them into a false sense of security.
[ link to this | view in chronology ]
imfaral (profile), 10 Jul 2009 @ 4:29am

It's not identify theft
just social engineering. While I am sure it was really annoying and obnoxious it wasn't identify theft.
[ link to this | view in chronology ]
Anonymous Coward, 10 Jul 2009 @ 5:34am

Is it trademark violation ? /s
[ link to this | view in chronology ]
Anonymous Coward, 10 Jul 2009 @ 5:44am

People like that are the worst kind of idiot. People who sign up for stuff like that are the third worst kind of idiot (behind adults who still jam things up their noses).
[ link to this | view in chronology ]
Robb Topolski (profile), 10 Jul 2009 @ 6:52am

How do we charge Andrew Cuomo with "issue theft?" He's created so many feel-good non-issues, usually resulting in needless restrictions our net freedoms rather than fighting any crime.
[ link to this | view in chronology ]
itchyfish, 10 Jul 2009 @ 7:27am

Maybe it is
I could actually see how one could consider it "identity theft". If Tagged takes my address, which it sounds like they did from the article, and spams my friends using *my* email as the original sender, then yeah, I can see it. They've hijacked my address book and sent emails that are "from" me, recommending they join. You've hijacked my email service and represented yourself as me, that's identity theft. You didn't really cost me anything monetarily, but you *did* steal my identity, however briefly.
[ link to this | view in chronology ]
dieselm, 10 Jul 2009 @ 7:38am

I was on the receiving end of a wave of these. This was closer to phishing than to merely "deceptive practice".

*Many* companies are loosey goosey about the way that they use your address book data (when given permission) and "encourage" you to "spam" your friends. Facebook at times, Zynga at times, etc. That would be deceptive and annoying. This is far beyond. The way Tagged did it, privacy invasion and identity theft actually characterizes the act well.

Without permission, they misrepresent to get credentials, use those credentials to access your address book, spam friends pretending to be you, claiming to be sharing photos which are non-existent in order to induce your friends to click to repeat the process which results in (by their metric) a material gain for the company.

If Techdirt asked me for a username and password for one reason and then gave it a whirl to see if they could access my gmail account and download my address book with it, I would call that privacy invasion. Foolish me for using the same credentials, but that doesn't give the company a reason to rifle through accounts on multiple other services. Using that information sending out unsolicited emails pretending to be me inducing others to do the same and furthermore, doing it en masse, charging them with identity fraud sounds right too.

I'm more amazed the Attorney General was on the ball enough to notice this was different enough to file suit. Normally, I'd expect even this sort of egregiousness to fly completely under the radar.
[ link to this | view in chronology ]
Anonymous Coward, 10 Jul 2009 @ 8:28am

Linkedin
They're deceptive and annoying, and companies that engage in them don't tend to last very long because no one really wants to use their service.

Like Linkedin? I know someone who recently joined is this is precisely what Linkedin did. So you say they won't last very long and no one wants to use their service? We'll see.
[ link to this | view in chronology ]
Anonymous Coward, 12 Jul 2009 @ 6:30am

Tacking on attacks about privacy invasion and identity theft seems like bit much.

Identity theft, no, but how can you deny invasion of privacy? It seems pretty clear cut in that respect.
[ link to this | view in chronology ]
tim@elementary-finance, 17 Jul 2009 @ 7:41pm

Fraud
In my recent article, I talk about the fact that online credit card theft often results in 600 hours of work on the victim’s part to fix the damage. Amazing isn’t it? What could you have done in those 600 hours?
[ link to this | view in chronology ]
kevin (profile), 18 Apr 2011 @ 1:48am

Making treatment with Avodart recommends both a decline in prostate size and lasting symptom development for up to 4 years. The smaller prostate gives less pressure on the urethra, which tends to treat inconvenient urinary symptoms. Wood Pelleting Plants
[ link to this | view in chronology ]
Johnny, 16 Jan 2012 @ 1:27am

I have seen different people contact me with
different names, different countries ,ages but
Using the same person in pictures. Careful out there.
[ link to this | view in chronology ]
Jo Atua, 22 Feb 2012 @ 1:29pm

ID Theft
I am not sure of this - it is not really ID theft because they haven't actually used someone else's info, but have not been truthful of their intentions for the need for these people to contact their friends. Identity theft is when someone actually uses your identity obtained illegally - shred your documents, Office shredders are good for this
[ link to this | view in chronology ]
Aden, 27 Aug 2013 @ 10:51pm

I vote "identity theft"
Email addresses are almost always associated with a specific individual. Countless online services identify us by our email address. I therefore pose that an email address is as much a verifier of identity as a drivers licence.

Now if I was to walk into a bank with someone else's id and ask to open an account, I would be committing identity theft. I therefore propose that by sending emails from someone else's account, that you are in fact posing as that individual. What other reason could they have for their actions other than to attempt to pose as the owner of the account?
[ link to this | view in chronology ]