Pogoplug and Privacy

may 22, 2012

When I heard about the Pogoplug, I wanted one right away. Last October, I got one and was so impressed by it, I wrote up a long review on it -- with a recommendation. I am unfortunately writing this posting to retract my recommendation because of what I just received in email from PogoPlug -- multiple times to multiple email addresses.

The one great thing about Pogoplug is that I can have all my files stored locally and then I can easily share them by sending links out to my friends -- via Twitter, Facebook or Email.

The way that a Pogoplug works is that the data is on a harddrive connected to my Pogoplug device which is connected to the internet. The Pogoplug device then streams data in and out of my Pogoplug device to Pogoplug servers and then to the end user.

It works great, but one has to keep in mind the level of trust that has to be given to Pogoplug -- your data might reside on your harddrive at home, but most all of it will stream through their servers. Because of this, Pogoplug needs to make consumers comfortable about their privacy while using Pogoplug.

So, what happened? Well, I had changed the email address associated with my Pogoplug account a few times -- once to my gmail.com address and a few times to my own personal server address under different domains. I only have one address associated with my Pogoplug account right now -- it got a promotional email. But, all the other addresses that had been associated with my Pogoplug account? They got that same promotional email too. Annoying. That is not all though, this is where it gets bad.

The email addresses of my friends and colleagues that I shared links with? They all got the promotional email also! It is clear that Pogoplug had harvested the email addresses that I had used to send links, then used those email addresses for this promotion.

Worse yet, they used a third party to send out the promotional email (createsend1.com). This means that not only did Pogoplug harvest the email addresses of my friends for their own internal promotion, they also released the list to a third party. Not good.

When I complained about it on Twitter and included @pogoplug, they direct messaged me an insult:

Hi there. May we try to make this up to you? Pls write m*****@pogoplug.com. We'd like to give you 5 free licenses.

So in order to apologize for breaking the trust I gave Pogoplug, they offer me five free licenses so that they can have software on each of my PCs that would also stream files through their servers, whom I don't trust anymore? No thanks

I also wrote support and they told me that the addresses that received the emails were all "account" addresses. That makes no sense because one was for a mailing list that I sent a link to and another was for a friend that I sent one link to -- they were never an "account" on my Pogoplug because I would never let them have full access to my data.

I wrote both support and marketing back, but haven't heard back from them yet. I will update this posting if or when I hear back from them.

Pogoplug needs to know that with their business model, privacy should be of their utmost concern and the privacy of their users should not be taken lightly. Once they lose the trust of one of their users then it will be pretty hard for them to gain it back -- and an offer for five free licenses? That is a slap in the face and a horrible response from them.

My Pogoplug is now backed up to my local harddrive and unplugged from the router. Unless they make it very clear what their privacy policy is on email addresses, I won't be recommending or using a Pogoplug again.

Update 5/23/2012: The Pogoplug privacy policy can be found here. It does mention the collection of email addresses "to provide and improve our Service, to better understand your needs, to personalize and improve your experience, and to provide software updates and product announcements." Does this open the door for Pogoplug to send out promotional emails to everyone? It looks like it, but only through themselves.

There's mention of third parties getting personal information also, "We may use certain trusted third party companies and individuals to help us provide, analyze and improve the Service." But, it does not specify that third parties can use information for promotional or "product announcements". The emails Pogoplug sent out were through a third party and promotional.

So, while their privacy policy does somewhat cover what they did -- and I should have been more diligent about reading their privacy policy -- it still doesn't make it right. Nor does it make me feel comfortable using their service to send links to my friends anymore.

Here's what it boils down to: I don't want to be the one signing my friends up for spam if I use the Pogoplug service. If this were Gmail it would be more apparent: What if Google used the email addresses you sent emails to as a list to send promotional emails to?