“Path does not retain or store any of your information in any way,” CEO and co-founder Dave Morin told Gawker then.
Fast-forward to this week: The company was recently caught uploading the entire contents of iPhone users’ address books to Path’s servers without the user’s explicit knowledge or consent. The news quickly enraged users and critics prompting Path to issue a public apology.
“We are deeply sorry if you were uncomfortable with how our application used your phone contacts,” Morin said in a company blog post Wednesday.
Morin also added that Path deleted its entire collection of user uploaded contact information as a “clear signal”of Path’s commitment to user privacy. An updated version of Path for iOS now prompts you to opt-in to sharing your address book. Path for Android does something similar.
There’s a Zuckerbergian tone in Morin’s apology where the company says it’s sorry that you were offended, but falls short of admitting it violated anyone’s privacy.
Gawker’s Ryan Tate argues that you shouldn’t trust Path since it has misled its users once already. Path defenders have rushed to the company’s side, arguing that Morin didn’t mislead anyone.
“It was Path version 1.0 that respected your privacy, but this is Path version 2.0 that’s screwing you,” Path’s defenders argue. “It’s entirely different.”
So, if Morin realized it was a problem in 2010, why should users believe he forgot it was a problem in late 2011 when Path 2.0 launched? At the very least, Path misled its users by not telling them about a significant privacy change.
The incentives for Path’s actions were pretty high.
Grabbing your contacts made it easier for Path to connect you to more people and thus entice you to keep using Path. There’s nothing wrong with that idea in general — you use a social network to connect with other people after all. But that doesn’t excuse Path’s decision to cast aside respect for its users by violating their privacy and nabbing their address book without their consent.
Path’s actions also speak to a larger problem with smartphone apps in general.
How many other apps are grabbing your address book without your knowledge? Shortly after Path was outed, a similar photo-sharing app, Hipster, was also accused of uploading your contacts. Hipster has also spent the past few days issuing apologies over the matter.
Apple and iOS
Another question is why is Apple allowing this kind of behavior from iOS apps?
The whole point of Apple’s app approval process is to protect its users from malware and privacy violations. So why aren’t privacy protections being extended to your address book when apps are being reviewed? So much for the safety of Apple’s walled garden.
Technology companies need to realize that it’s not okay to just grab someone’s data without their consent. If you need a list of users’ contacts, you need to ask them for it and you need to promise them that it won’t be kept on your servers in a human readable format.
Sure, in the age of Facebook the definition of privacy has changed. People are more willing to publicly share everyday moments and other information than ever before. That’s great, but that does not mean a user’s personal contact database is literally an open book.
Here’s a basic tenet all technology companies should subscribe to: “It is better to ask permission now, than to beg forgiveness later.”