Peeple, Security and why hiding reviews doesn't matter

There’s been a lot of discussion about the Peeple app, which lets random individuals provide reviews of other people. The founders of the company seem to believe that no one is ever mean on the Internet and that all reviews are accurate. They’ve tried to assure us that no negative reviews will be published for unregistered users. They’re almost charming in their naivety, and it might be funny if this wasn’t so serious.
The app is an invitation to online abuse and harassment. And based on the public comments I’ve seen from the founders they have no idea what kind of pain their app is going to cause. They just don’t seem to have any idea of the amount of abuse that happens on the Internet. We work with and provide tools to abuse and security desks. The amount of stuff that happens as just background online is pretty bad. Even worse are the attacks that end up driving people, usually women, into hiding.
The Peeple solution to negative reviews is two fold.

  1. Prompting individuals to discuss negative reviews before they go live.
  2. Hiding any negative reviews when the user is unregistered.

Both of these solutions have major problems and will minimize the chances of this product being widely adopted.
First off, if someone is creating a negative review maliciously, then talking to them isn’t going to result in anything more than frustration for the person being reviewed. There will be malicious users on the site, nothing has been invented that’s bully proof. Even curated online spaces deal with malicious folks. There’s nothing in any of the press releases that make me think this is going to be even remotely curated.
Even if the negative review isn’t done maliciously, people can occasionally have bad days, or bad weeks. Sometimes that accumulated stress is enough to cause individuals to lash out. It’s bad behavior, it’s wrong, but it happens. That person lashing out could be the person writing the review, or the person the review is about. I’m sure all of  us have had experiences where we acted badly or wanted to point out someone acting badly.
The reality, though, is that bullying culture is alive and well on the Internet. We have countless examples of very public campaigns to harass people. Even among my friend group, most of us have some story where we’ve been targeted by people. My own experience was almost 20 years ago now, but did involve the police and spilled over into harassment of my boss at her home and both of us at work.
Hiding reviews for unregistered users will encourage people NOT to sign up. I expect this policy to last until they start running out of VC and are struggling to raise a second round. If you can’t show widespread adoption, and make no mind this policy will discourage signups, then you can’t get the next round of cash.
The big issue is that I’m not seeing anyone else mentioning is just hiding negative reviews doesn’t make them secret. Why? Because no company is secure. Ashley Madison. Experian. The US Government. Epsilon. Anthem Healthcare. Target. CareFirst. The University of Delaware. LastPass. Staples. And those are just the ones I remember well enough to plug  CompanyName hack into Google. Peeple is going to be compromised and that negative data will leak.
DlRfSZbn_400x400Of course, we now know that there is another product called Peeple, a very slick looking camera that lets you see who is at your door without having to go to the door. A much better use of the name and a better product all around.
 
 

Related Posts

Privacy and being online

I have an email address that’s old enough to drink. It came to me today when I was discussing data hygiene. I mean, I have an email address that is old enough to drink! And it wasn’t even my first email address, it’s just the one I still have access to.
This realization led me down a path of what things have changed since I got that address.
I remember …DataSecurity_Illustration
… when things posted on the Internet weren’t around forever.
… when Google bought DejaNews and made USENET archives more available.

Read More

It's not about the spamtraps

I’ve talked about spamtraps in the past but they keep coming up in so many different discussions I have with people about delivery that I feel the need to write another blog post about them.
Spamtraps are …
… addresses that did not or could not sign up to receive mail from a sender.
… often mistakenly entered into signup forms (typos or people who don’t know their email addresses).
… often found on older lists.
… sometimes scraped off websites and sold by list brokers.
… sometimes caused by terrible bounce management.
… only a symptom …

Read More

Protecting customer data

There have been a number of reports recently about customer lists leaking out through ESPs. In one case, the ESP attributed the leak to an outside hack. In other cases, the ESPs and companies involved have kept the information very quiet and not told anyone that data was leaked. People do notice, though, when they use single use addresses or tagged addresses and know to whom each address was submitted. Data security is not something that can be glossed over and ignored.
Most of the cases I am aware of have actually been inside jobs. Data has been stolen either by employees or by subcontractors that had access to it and then sold to spammers. There are steps that companies can take to prevent leaks and identify the source when or if they do happen.

Read More