Warning, iDrive Lite Spams All Your Gmail Contacts Without Your Permission

Don’t install the iPhone app iDrive Lite if you value the privacy of your contact list. Avi Muchnick, one of the developers behind the free, consumer-friendly online graphics suite Aviary, used iDrive to backup his Gmail contact list when switching to a new phone. The next day, he awoke to discover that iDrive’s parent company, Pro Softnet Corp, had spammed every single entry in his contact list without his permission.

On his blog post about the event, he describes how Pro Softnet Corp brushed him off when he called to complain:

called iDrive’s parent company Pro Softnet Corp and their operator kept pushing me to voicemail when I asked to be transferred to a supervisor. I have a feeling I’m not the first to call in and complain.

After SkokieGuy’s comment below, we headed to the iDrive Lite website (the company provides a link on the iTunes App Store info page) to look for any information about contact scraping. We found none. We checked out their privacy policy and it doesn’t address this practice at all. Here’s their Terms of Usage for all iDrive products, but again we couldn’t find any assertion of their right to access your contacts and spam them.

“iDrive spammed my Gmail contacts” [Aviary.com]

Comments

Edit Your Comment

  1. SkokieGuy says:

    Is Avi certain that permission wasn’t granted somewhere deep in a EULA?

    If this is as described, there are Federal anti-spam laws, Pro Softnet could be prosecuted for a felony.

    Unless of course Avi would rather be the lead plaintiff in a class-action lawsuit?

    • katstermonster says:

      @SkokieGuy: I wish there were some “obvious crap” law that required things like that to be FRONT AND CENTER in HUGE TEXT so people don’t get screwed for not reading 20 pages of EULA.

      • CompyPaq says:

        @katstermonster: Actually there is. Software vendors are not allowed to put “unexpected” things in the EULA such as “By installing this software, you give us the right to steal your credit card info.”

      • shepd says:

        @katstermonster:

        Considering the standard “click-through” EULAs is only barely even legally binding, no, I doubt doing something like this is legal even if the EULA mentions it.

        The power in most EULAs is limited to things mentioned on the box/sales agreement, what exists in copyright law, and things that are obvious (like reverse engineering to crack the software).

        They are often seen as contracts of adhesion when they get out of hand. Which basically renders them invalid apart from the above.

        [en.wikipedia.org]

    • IphtashuFitz says:

      @SkokieGuy: Avi can not give permission for third parties not involved in a transaction. As soon as the vendor starts sending out e-mail advertisements to the contacts they harvested from Avi they’re potentially breaking the law. They need a direct relationship with the recipients of the e-mail. Harvesting e-mails from a third party doesn’t constitute any sort of relationship.

      Now if the vendor filtered Avi’s contacts and discovered that some of those contacts were already customers of the vendor then they could send an e-mail to them saying “Hey, we just noticed that Avi is now a customer!” that would be one thing. But blindly spamming contacts is another thing altogether.

    • Kimaroo - 100% Pure Natural Kitteh says:

      @SkokieGuy: Out of all the apps I’ve installed on my ipod touch, not one of them had an elua that I know of. You just touch the install button on the app store and it installs. That’s it. There isn’t one when you run the apps either.

      Unless I’m seriously missing something.

  2. dohtem says:

    Cousin Avi* should report this to Apple. I am sure they would yank it from the AppStore once its confirmed.

    * cyber cookies for anyone that gets the movie reference WITHOUT Googling.

  3. SigmundTheSeaMonster says:

    Shouldn’t Apple’s iPhone App watchdogs be contacted about this? I bet iDrive Lite is violating Apple’s policies…

  4. legwork says:

    Boo. I use these guys for quite a few customer backups. Let’s hope this was the mistake of an overly-eager intern or similar. (crossing my fingers)

  5. pegr says:

    You missed the point. Avi may or may not have volunteered for spam, but his contacts certainly didn’t. They are violating federal law here people. No doubt about it.

    • Ilo says:

      @pegr:
      What are you talking about? Federal law (the “CAN-SPAM” law) was specifically written to override any state legislation and ensure that it remained legal for anyone to send unsolicited commercial email. It’s called “CAN SPAM” not “CAN’T SPAM” All you have to do is comply with the law is do some window dressing stuff like an opt-out link, physical address, etc. Don’t worry, it doesn’t matter whether the victim actually opts out or not. Just change the name of your firm each time right before you send out another spam message to that address.

  6. CaptainConsumer says:

    Make a video and say they broke your guitar

  7. Dennis says:

    Use Google sync to backup your contacts, it’s cross-platform (I use it on my BB), it works great, it’s free, and I’m pretty sure they aren’t going to spam anyone. You do have to have a Google Account, but if you’re backing up your Google contacts, you’re already there.

    [www.google.com]

    • dohtem says:

      @Dennis: Google sync + blackberry + BB Desktop sync = headaches and lost contacts.

      • Dennis says:

        @dohtem: Sucks. I don’t use Desktop sync very often (Read: never), and I’ve been very fortunate with GSync. I also had a local backup of most of my contacts anyway, but it can be a real PITA to recover contacts…

        • dohtem says:

          @Dennis: Yeah Google Sync works well, I just wished it synced Tasks too. I think Outlook might be my problem. I have gotten too many duplicate contacts and/or deleted contacts.

  8. The Queen of Everything says:

    So since I’ve gotten email from him, does that explain why I just got two of those emails? I wouldn’t be surprised if every Aviary member got them.

  9. njovin says:

    We use iBackup for a lot of our computers at work. We’ve had great luck with Pro Softnet’s sales and support. Hopefully this gets resolved ASAP.

  10. Anonymous says:

    There were some limited number of referrals sent out by the lite application and this process has been stopped. However, it was indicated during the lite signup process that referral emails may be sent out. We apologize for this case.

    IDrive Support

  11. Ferris152 says:

    So supposedly offensive content like NIN’s Downward Spiral (that actually isn’t offensive at all) gets rejected, but potentially felonious spammers get the thumbs up?

    I knew there was a reason I didn’t trust Apple’s judgment…

    Then again they did spend 10 years making a prettier, shinier exterior for their hardware while ignoring the utilitarian concept of having more than one mouse button. Guess I shouldn’t be surprised.

    • Jim Topoleski says:

      @Ferris152: “NIN’s Downward Spiral (that actually isn’t offensive at all) “

      Ok while I get your point, and Downward Spiral was my very first NIN album and I LOVED it to death in 8th grade, saying its NOT offensive is a bit much.

      That album is offensive as hell, though completely in the right way. Me and My Gun? Closer? yeah… those songs arn’t offensive at all.

      • pattiesmart says:

        @Jim Topoleski: Offensive to whom? You? Just because YOU find it offensive doesn’t mean someone else will. Offensive is subjective.

        It’s not like Trent was telling people to shoot themselves in the face. And Closure was not/is not offensive.

    • oloranya says:

      @Ferris152: The Mighty Mouse IS a two-button mouse. You just have to set the OS to recognize it as such, as one-button is the default.

    • trujunglist says:

      @Ferris152:

      The real problem is that PC users cannot understand that the Mac OS was and is designed for use with EXTENSIVE keyboard shortcuts. These are significantly faster than doing the same operations via right clicking. Windows users are not used to keyboard shortcuts because Windows does everything in a long and convoluted way. It’s cool with me if you like taking extra steps to do whatever you need to do, but I prefer keeping my work flowing.

      • Ferris152 says:

        @trujunglist: Um… I’m a multimedia designer who uses a Mac and I need a 2nd (and 3rd) mouse button for my work. How do you edit in 3d with keyboard shortcuts?

  12. Skin Art Squared says:

    This is why you should never keep your contacts in your phone or your computer. Memorize them.

    • GiantMonster says:

      @ShiningSquirrel: This sounds a lot like the whole Quechup fiasco. They blindsided a lot of tech-savvy people with their allegedly user-approved email spam.

  13. ShiningSquirrel says:

    There is now a post on his blog claiming to be from iDrive.
    They claim he agreed to the referral emails when he sighned up. If he did, then it’s on his shoulders.

    • Nytmare says:

      @ShiningSquirrel: No it isn’t, that kind of behavior is unacceptable and should never happen — no one would ever agree to such terms, and it obviously happened without his knowledge so if any “notice” exists of such egregious behavior, it was not noticeable enough.

    • Tamar Weinberg says:

      @ShiningSquirrel: I have a hard time thinking it’s on his shoulders. He may be in possession of a bunch of emails, but at the end of the day, the people who got spammed never opted into such communication. Whether or not this behavior constitutes a felony, it’s a morally wrong thing for a company to do.

      If I decided one day to send an email to some company and CC my colleagues, there’s no way in heck I would appreciate it if that company decided to spam my colleagues with third-party junk.

    • ovalseven says:

      @ShiningSquirrel: If that were true, that loophole that would’ve already been exploited to bypass anti-spam laws.

      iDrive, or any company for example, would need only a “customer” with a large contact list to sign up and agree to let that list be used for spamming.

    • czetie says:

      @ShiningSquirrel: As others pointed out further up the thread: Even if Avi was duped into giving permission for them to read his contact list, he doesn’t have the right to opt in his contacts for spam.

      So if the post *is* from iDrive, that makes them either liars or fools.

  14. Ron Mexico says:

    Avi should have done two things:

    1) Read at least the first page of reviews for any apps before installing. A couple of them mentioned the spamming.

    2. Use his phone to sync up with Google Contacts automatically. I keep all my contacts in Google, and whenever I plug the phone in it syncs up anything I changed either from the computer or the phone. It’s super nice.

  15. Nytmare says:

    The only terms I could find on their site are for iDrive, no terms are available for iDrive Lite (unless you can see them after signing up from your iPhone?)

  16. Optimus says:

    Give me liberty (from SPAM) or give me death!

  17. hi says:

    you sir are a spam patriot!

  18. admiral_stabbin says:

    The Apple Store application approval team earns another fail. Nice to know they’re protecting people from boobies, but they can’t seem to keep malware-style apps off the phone & touch.

    • Munchie says:

      @admiral_stabbin: Just a guess here. But the mal ware is most likley not in the app. The app sends the data to their server for backup. Its then harvested on the server side.

  19. Avi Muchnick says:

    I seriously doubt that letter was from iDrive. I just emailed their CEO and asked them to post a notice on their company blog confirming they are suspending the practice, to see if it’s real.

    Hi Raghu,

    Yesterday I woke up to find that iDrive had spammed all of my personal and company contacts that I’d synchronized using iDrive Lite.

    I used iDrive on a word-of-mouth recommendation from a friend who had heard great things about it in Lifehacker. Not because I had been spammed by it. Actually, I would NEVER use a service that had spammed me and can’t imagine anyone who would, save for people with erect1le dysfunction.

    I want to point out 4 important things to you:

    1) You will lose far more users than you will gain through this practice. I will personally make it a point to publicize my experience to prevent other people from suffering the same type of embarrassment and loss of reputation as I had to go through when my contacts all asked me why they were being bombarded with iDrive spam. I have posted it online, will contact Apple and will make sure that this behavior gets seen by potential customers. I just saw it picked up in the Consumerist as well.

    2) No consumer in their right mind would ever agree to let you spam their friends. Anyone who agrees to a term like this in your EULA has simply overlooked it and it is evil to take advantage of that fact. Simply put, it’s not a practice you should ever do, even with permission.

    3) If enough people report iDrive as spam (and they will), even your legitimate emails will be blocked by all major ISPs.

    4) This activity is actually illegal. You can’t spam someone else without their permission. Getting my permission to spam my friend (accidental or not) is inconsequential. Without my friend’s permission you cannot send him promotional emails.

    I am especially upset because iDrive is otherwise an awesome product and as an entrepreneur myself, I respect good products. I would have paid for it happily had I not been so betrayed.

    I hope you put a stop to this immediately and I would like you to address it on your company blog, if you really have stopped the practice, as “idrive support” posted in the comments in my blog. I think it’s the only way to really make things right.

    Thanks,
    Avi Muchnick
    CEO / Aviary.com

  20. Avi Muchnick says:

    Raghu wrote back 15 minutes later:

    Avi,

    First, I apologize for the event. I really do. We also posted a
    comment on your blog earlier today. Obviously the referral system is
    not working as intended, and we have put a stop to this.

    We have only a few lines of agreement ( when one installs the IDrive
    Lite app ) which includes the line related to sending referral emails
    to contacts. While if we were to implement this now, we would do this
    differently and entirely get rid of the referral part, we did our best
    to inform. Also, this referral was run only for a few users, and has
    been stopped.

    If you would like us to send an apology to your contacts, we can do so.

    Regards,

    Raghu Kulkarni

    Yes, we will also have an update on our company blog shortly indicating this.

    • JaneBadall says:

      @Avi Muchnick: Dear Mr. Kulkarni,

      Please see item #4 on Avi’s previous email. This time read it slowly.

      Also, “send an apology to your contacts” WTF? Thanks but no thanks. His contact probably don’t want anything else from you at all, ever. Especially a “We’re so sorry, here’s 5% off! and a sales pitch!”

  21. LatherRinseRepeat says:

    Wanna spam your friends?

    There’s an app for that!

    LOL.

  22. Foneguy says:

    So is his name pronounced Ragu? Seems a little iffy already. At least he took it seriously, and now he has all your contacts emails! I see his database getting hacked in the future, and this whole mess repeating over and over…….Good luck.

  23. Anonymous says:

    They may or may not have changed their policy as it concerns iDrive Lite, but they are still stealing address books somehow and spamming them. On July 24th I received two emails per account for four accounts from iDrive, including an account that I have only mentioned to one friend once, and never used or mentioned again. Each email claimed that this friend referred iDrive. When I contacted my friend, she had no idea what iDrive was. We’re still looking into it, but for now she’s pretty sure she never used iDrive Lite.

    Conclusion, at best iDrive is still a bunch of thieving spammers, and at worst they’re buying lists from people who shouldn’t be selling them; potentially they’re buying from hackers.

  24. Slowpoke69 says:

    First of all he is talking about a different product which is called IDrive not IDriveLite.
    All apps are approved by Apple before they are allowed to be downloaded. I figure a small company like APPLE would have a legal department to review all the legalities before they give the go ahead.

    Second, when you agree to allow Pro-Softnet to download your contacts in order for you to get a total of 12GB for free forever in the first line with CAPS it states ALL contacts.

    Conclusion:

    Dont be a hater and slam companies that you have not research nor read any of the TOU or TOS.
    It just shows that you are a sheep and sheep can not read.

    Slowpoke69 telling it like it is

    *The referral system sends promotional email to ALL of your contacts , one time for IDrive Online Backup and RemotePC each and the contacts are not stored anywhere on IDrive system except for a temporary place holder until the referral emails are sent out. Since it is for ALL the contacts, there is no filter provided to select the contacts. The referral emails clearly indicate that you are referring the IDrive service. It is possible that these contacts are a part of another person’s contact list and if this other person chooses to refer IDrive, they may receive more than one promo email. In order to absolutely make sure that the contacts receive just one email, we provide an opt-out link at the bottom of the promo email that requires a simple click. You must have a minimum of five valid email addresses in your address book to avail this offer.

  25. crs says:

    Pro Softnet still seem to be doing this stuff…

    I recently signed up for a new Mac iDrive a/c and installed iDrive and iDrive Lite app on my iPhone. At no point did I accepted terms offered by Pro Softnet or its product businesses that allow my email contacts FOR THIS EMAIL ACCOUNT (which ProSoftnet have contact scraped and used as a ‘referrer’) to be taken and used by their software as contacts for emails regarding their products.

    I received an email from a friend which advertised remotePC and states I chose to refer Prosoftnet’s ‘remotePC’ service to them. How many people in my address book could have been contacted? I think this is illegal and upsetting behavior. This could well confuse people – if they accept this referral as an endorsement by me of Pro Softnet products. Do Pro Softnet know my relationship to my contacts???

    Note, I knowingly took part in the referral promotion for free iDrive storage space – but that was using a different email address – and that was for iDrive and not remotePC! In any event, re. the friend who alerted me, I don’t have their contact details stored in any of my address books – so how their email address were gathered, I can only guess, is through a scan of all my email data. How dodgy is that?

    I emailed them to complain and asked for my email address and resulting gathered emails to be removed from their ‘refer’ database. I keep on getting these ‘refer’ emails promoting various Pro Softnet products to my own various email a/cs…

    I don’t know if this happened when i signed up for a new Mac iDrive a/c, when I changed the profiled email address held for an old PC iDrive a/c – or when I put the iDrive and iDriveLite app on my iphone. (Re. the iDriveLite app – I never even ran it when I realised what it was and just removed it straight off. It was the iDrive app i was looking for.)

    Again, I only gave one of my email address books out in return for the free storage space. 2 other email addresses (that I actually use for my iDrive a/cs) have had their address books scraped – and, no, these contacts aren’t in the given emails address book. A bad business this spamming / contact scrapping lark. Not nice – and illegal?

  26. crs says:

    Now I understand. Gmail doesn’t just have ‘My Contacts’. it also has ‘Most Contacted’ and ‘Other Contacts’. These can be seen in separate folders when you login to Gmail and can have different contacts stored in them to those in the ‘My Contacts’ folder. iDrive take emails to use from all of these folders – I think you can end up with more folders such as ‘Family’, etc. too. So, if you’re going to give iDrive a gmail email to use for their promotion, make sure you’ve checked and are OK with contacts in ALL folders being used for referrals. My mistake – I presumed ‘My Contacts’ included the total stored… Maybe iDrive could highlight this Gmail folder thing for those of us who aren’t so webmail aware.