I’m pretty profligate online. Life as a gadfly means you live a public life, writing about stuff and having people talk about you and what you write. I’ve just had my first scary experience online; it was being invited into Spock. The reason it’s scary: You must give up your online credentials to other social networks before you know anything about Spock other than their privacy policy (which really should be called a “publicity policy”) and their about page, in which they refer to the people who started the company as “our wicked team” (a truly re-assuring description).

The truth? This is a company that is designed to find and assemble information about me for its own purposes, without regard to my desires or beliefs about my information. Spock is proud that I can claim any of the 13 profiles it has listed when I search on “Stewart Alsop”. But I can only claim those profiles if I give up my user name and password for the site where the data came from. One of those profiles is for my father, who died 33 years ago; it has a photo of me attached to it. One of those profiles is for my son, who is 22 and has robust information on MySpace and Facebook (apparently MySpace is easy to capture; Facebook is not). One of those profiles is for the other Stewart Alsop, a young fellow in the UK who I met through Facebook and seems to hail from the same family roots. All 10 of the other profiles are about me (as far as I can tell).

I don’t trust Spock. The first story I read about the company was about how some people were discovering that Spock was harvesting material that had been intended as humorous or as pranks and presenting it seriously, so that people were being tagged publicly, for instance, as pedophiles. (I assume that Spock’s option called “Adult tags settings” is a result of that story.)

When I was invited into Spock, I read the privacy policy pretty carefully: It says that “Spock does not crawl, mine, search, or index password protected websites.” If that’s true, then why does Spock need you to give up your credentials for sites that require a password. MySpace, for instance, definitely requires a password for me to log in, but it appears to be the source for much of the data Spock has. (And when I used my MySpace URL to try to claim that data, Spock reacted by saying that was not a legitimate web site.) That the privacy policy is so unclear about the use of password-protected material does not increase my trust in Spock.

The bottom line on the privacy policy is that it is very carefully written to make you have ALL the liability for any “publicly identifiable” information. In other words, if Spock can find data about you, they treat it as public and they do what they want with it. You can’t correct the data at Spock; you need to go back to the source, correct it and then ask Spock to update it. This is a privacy policy written by a company whose every intent is to harvest personal information about you and then use it as the basis for their business. Indeed, because it is a venture backed business, it is not inaccurate to say that everyone who works for Spock is hoping to get rich from using your personal information. This is much, much worse than the credit rating services or even other, similar businesses like Rapleaf.

This service scares me. I am not going to make it any easier for the “wicked team” to verify my information or sort out those profiles. I have no interest in providing my credentials to the company. (I wonder how they propose to get my father to come back from the dead to claim his profile.)

The worst thing (from the point of view of a died in the wool venture capitalist)?: It feels like the company hasn’t matched up the technology with their business and marketing objective. If they had started with a good attitude toward tending to and protecting and managing my personal data, it would have been relatively easy to get started on a positive, rather than hostile relationship with me as a user. I’m profligate; how much harder will it be for the company to establish any kind of trust with people who really care about their privacy? How bad can a company’s marketing be that they treat harvesting personal information as a purely technical challenge?