While the software is undeniably useful, a lot of people may wonder "Is Plaxo safe?" No one wants to have their data compromised, or their contact lists used for spam, or worse. Looking at the steps Plaxo has taken to safeguard the information people provide them is the best to way to answer that question.
What Are The Risks?
Any risk assessment requires that you look at what kind of information you are sharing.
Is Plaxo Safe for Identities?
Plaxo holds a lot of information in your "profile" that is used to establish your identity. Aside from your name, it also asks for emails, instant messenger identities (such as AIM, Yahoo and Google). While it doesn't necessarily ask for your address, your hometown is also listed.
Beyond that, Plaxo has some other demographic tags that get attached:
- Political views
- Education (how much and where)
At first glance, some of this may not seem that important, until you realize how easy it is to track someone if you know their name and place of employment. Plaxo anticipates this by providing each user with complete control over their "public profile" (available at a customizable URL as yourname.myplaxo.com). You can determine what the public actually knows about you, from something as basic as a photo, to more dynamic content like status updates and websites that you use.
Is Plaxo Safe for Your Contacts?
Plaxo is also used as an address book. One of the most useful factors of the service is the ability for your contact information to update automatically in other people's address books. The address books can only accept information one way - that is, the Plaxo service can write to them but it cannot erase data. In fact, the service prides itself on the ability to serve as a backup of your contacts and calendar should your computer or mobile device become lost or destroyed.
In its Security page on the Plaxo website, the company states unequivocally:
Plaxo cannot delete information from our users' address books, regardless of whether that information is stored on a user's home computer or contained in the online address book that is stored on our servers.
If you want your information deleted from the address books of other users, Plaxo suggests that you ask them directly. You can always opt out of the service, which will avoid further automatic updates from occurring.
Passwords and Plaxo
The greatest vulnerability for Plaxo would be the passwords. Plaxo strongly discourages people from ever sharing their site passwords with anyone else, and also recommends making sure they are very difficult to guess (so nothing like "ILOVEYOU", but more like "k4jhfksw*"). This may seem like second nature to many people familiar with online sites and security, but there are still many people who use passwords that are not only easy to remember, but also easy to figure out.
Is Plaxo Safe From Hackers?
While these are all precautions that the user can take to protect themselves, Plaxo also takes the security of its own hardware and software very seriously. Some of the steps Plaxo has taken to reduce vulnerabilities include:
- Firewalls and Intrusion Detection Systems monitored by Symantec
- SSL Encryption for all client/server communications
- "Hardened Linux Kernel" - a stripped down operating system which removes many exploitable operations
- Single-point access to a limited number of employees via a private network
- Validation of all users through email
- Encryption of passwords that exceeds cryptographic standards used by financial institutions
- No passwords sent through e-mail, and all web sessions are expired automatically.
All of this means that Plaxo is safer than many other services, and perhaps even the safest service of its kind. However, there is no such thing as a computer system that cannot be hacked, given enough time and motivation. Users of Plaxo need to evaluate the benefits of the service against the potential risks and judge for themselves whether or not to join the millions of others sharing their information via the web.