Shared publicly  - 
Yes, +Path and +Dave Morin really screwed up here. They should have realized that uploading data without transparency would bite them in the ass sooner or later (I wish I had known).

Yes, Dave says they only use that data to try to find friends of yours who are already on the system, but that's beside the point.

Developers have to be very careful to do the following:

1. Offer an opt-out.
2. Be transparent about what's being sent.
3. Be transparent about what will be done with the data.
4. Offer a way to delete that data after it's been sent.

What do you think?
Curtis Klope's profile photoJennifer Green's profile photoKenneth McCormack's profile photoChristos Loufopoulos's profile photo
Here comes a lot of bad press. Let's hope it actually results in changes.
+Path is going opt-in on the upload, which is a better course of action than opt-out.
Kind of like Facebook did then? That's when I removed the FB app off my phone.
I have a feeling that lots of apps do that...
+Robert Scoble i'm just in the impression that any company who asks for your personal info and data will eventually screw up and do something like this. Will I stop using path, facebook and others? perhaps not. But seriously, companies should be really carefull about this. last thing we need is somebody from Congress suggesting to have a watchdog type agency to do this for us.
also, i always assume anything i use online is public
I personally don't see the big deal, it's a very common practice. If this is a concern then we should focus on Apple to introduce a permissions-based app system similar to that of Android, not on Path for using the resources available to them.
I absolutely agree that you should be able to delete any data you put online. Going even further, if you delete your account on a particular service this deletion should be automatic.
It's got to be about the transparency. If it provides value to the user, tell them about it. Not going to be pretty.
Oops. They really should make this opt in.

But it also shows the dangers of the app-centric world. Websites, including mobile websites, have very limited access by default. There's no way of knowing what an app will access.

Not that I have a brilliant solution for this.
Gah. Yet another application/company being too cavalier with user data... This theme got annoying quite a while ago. Your 4 points say it true. Thanks.
Will be interesting to see if and how Path responds.
Transparency is key. Hiding stuff isn't wise anymore. If something gets out via an outlet outside of the company's control, it will almost always reflect the company badly.
It seemed to be an aberration in the upgrade process of the app a while back. All of a sudden I noticed I was getting suggestions for work associates FB profiles! If you do a clean install now it vaguely tells you that the information may be moved across but without any proper recourse as to the actual ramifications of that. Once it's up there it's in their store.
Dave responded in the comments, but it still is pretty worrying. Edit: Sorry. There showed no comments when I posted on here :-)
Couldn't agree less +Wes Cook. Just because data exists on my phone doesn't mean I give a app permission to steal it. This is entirely different from data I intentionally post of upload, which I do assume (as you do) is not all that private
Function creep with FB as ever, privacy losing.
Doesn't apple check these things through there control of the apple store? Do people assume that they are safer on that platform because they think every aspect is monitored by apple?
Trouble is, Dave has said people can email them and get their data deleted, but why should we believe them? Dave's an ex-Facebook engineer (Platform and Connect) which is a company who still host photos years after being asked to delete them (via Ars Technica).

They appear to have also broken European data protection laws by doing this.

Also, the big issue in my mind here is that the address book data contains telephone numbers. That data was entrusted to me by other people. This sort of 'user matching' is nothing like getting someone's Twitter account connection and using that sort of data to match with your friends/follows who have done the same.

I think this will thankfully open up a(nother) can of worms which needs to be done. Especially with the app's ability to tap in to Address book data and send that 'anywhere' without permission.

The Path has now been walked and the trust is now gone forever.
The question becomes. Can I erase my data from their servers? If so. How?
Heh. I continue to be glad I don't have an iPhone.
Why not just delete all the user data in those address book files and then with their next version, allow the user to opt-in or not. That seems like it would go quite a ways here. Note: I am not a path user.
+Robert Scoble
Not a good move in Path's part especially for a new Social network. Especially if there was no option for the user sync only contacts using Path.
One area that I wrote about on my blog regarding this situation are the implications as Path moves into supporting health tracking devices in a future version. I believe people are more concerned with protecting their health data over social data and that trust is in peril as they plan for a future version with Jawbone Up and Nike Fuelband integration.
They say forgiveness is easier to ask for than permission. Not in this case.
The easy path clearly is -- delete all address-book user data on their servers - now, then on the next update, make it opt-in? if opted in, re-upload
Totally unnecessary blunder.
As mentioned by several devs they could use a hash to store the data which would go a long way towards alleviating privacy concerns.
From their privacy policy:

What Personal Information Do We Collect?

We actively collect certain information you voluntarily provide to us, such as when you create an account and profile, send us an email or post information or other content to our site.We automatically collect certain information when you use our site and our services, such as your Internet Protocol (IP) address, your operating system, the browser type, the address of a referring site and your activity on our site. We treat this information as personal information if we combine it with or link it to any of the identifying information mentioned above. Otherwise, it is used in the aggregate only.We may also automatically collect certain information through the use of "cookies" or web beacons.
+Robert Scoble I wouldn't. I also wouldn't want to upload my contacts again. I prefer explicit discovery. Although you make a valid point if the majority of my social graph already uploaded their contacts it wouldn't be hard to figure out who i'm connected to.
Offer an opt-out.
Wrong. Opt in. Only opt in. Seduce me to give you the data, entice me, but never ever sneak something you want out of my hands because when I find out, we will always be pissed. Btw I did not see any notice on which data they are collecting in when I connected with my facebok account for me and my friends ....
I'm sometimes amazed that things like 'taking large chunks of your data isn't opt-in' aren't obvious, especially to ex-Facebook people. Does anyone pay attention to anything?
+1000 +Nicole Simon Back in my corporate days, we spent days and days talking about opt-in vs opt-out. I fought every time for opt-in and a double one at that. And that was just for a newsletter signup after someone entered a contest.
Gotta agree with +Nicole Simon on this. Why is opting out the ruling paradigm? Most of us simply accept it as a default mindset regarding web-related services and apps, but why?
Robert that comparison would only be valid if every time I start the app I would have to give the optin - which of course it is not. You are asked once "btw we would like to show you who else of your friends is already using this so you have more fun - we wouldl ike to upload your address book to our servers including all data in it, because we cannot really upload just part of it and we promise really to not to do anything with it" - and of course nobody would really say yes to that (+Eric Rice sigh you know how it is ....)

so we have to rely on the usual "somebody finds out and then trust is broken because nobody really knows why they did hide it in the first place so obviously they have to hide something ...?"

This is just a sales and good copywriting. Look at all the crap we buy each day - and you are telling me startups are incapable of finding a way to tell the truth and still get the user onboard to say yes? come on.
+Allen Stern i do believe that people with a more corporate background got partially exposed to rights management, user roles and IT guys and girls looking very hard at them if they tried something stupid.

I also do believe that acts like this are the reason, why the privacy protectors get so much more to do - and really, do you have to get those guys started instead of just making sure that your product is so compelling and desirable that the user afterwards has nobody to blame but themselves to say yes to uploading? (which still is very bad, but then at least it is the users fault and then of course +Eric Rice argument comes in about people being stupid but that is a different story ...)
It's Steve Jobs who screwed up. This should not be technically possible. An iOS screen should pop up and ask for permissions (as with Facebook apps)
not sure why apple doesn't lock down that information or put it behind a permission prompt
I find more value from being notified about new friends joining the service by having Path and other apps access my contacts on the social services I connect to them. Many of those contacts aren't even in my address book.
So I might missed it, did +Dave Morin answer definitively, do i need to send an email to have my data deleted or will opting out delete it? I'm not sure I'll opt out, but and email exchange with "support" sounds super lame
+Mark Krynsky of course - i find it f.e. extremly interesting to see th uptake of pinterest through my facebook contacts. but that is the point when you already should have opted in.

+Robert Scoble again: you cannot tell me that companies are incapable of making 'bad things' look sexy. if that is really the case, you should make an interview with somebody from the tobaco or alcohol industry, they have training in that. ;)
+Robert Scoble I am very impressed with +Path and there responsivness to concerns raised by users. Not a bad model to go by.
They where forced to put that onto the packages ...

Robert, I know you are married, but tell me you are better than that at enticing and seducing people to do something ... ;)
Chrysler commercial on the tv just now ends with "it's the things that you do when no one is looking that define you"
why you would allow anyone to access your address book data, except company who created your cell phone?
I left Facebook and I am happy to say that I did not choose Path.
While it can be argued that Apple shares some fault, that does not relieve Path from choosing to engage in an action that many individuals will find troubling. Bluntly, Path folks were just plain stupid to not pause just for a second and ask themselves if this action was wise. While it does sound like they are moving to address concerns, they have now lost credibility, and put another card on the table for ammunition in creating some new governmental oversight agency, which is going to happen if companies continue to engage in actions like this.
+robert it says only for the iphone (not ipad?) and only in the US store (god, when will those companies LEARN?!)? :) could come in handy at sxsw.

again- (and you are not getting me of that point - the moment I say I want it connected, I am to blame. do it behind my back? different story.
+Jabby Lowe and this has been done and reported before and will happen in the future ... sigh.
+Robert Scoble : Is it an issue? Certainly. Has it been blown way out proportion? Definitely. +Dave Morin and the +Path team have done a tremendous job at responding to the concerns of users and it will in no way affect my view of the app and the team behind it. Too many fear-mongering writers and pundits have caused unnecessary concern.
All of these social semantic apps are creepy. 5yrs ago who knew that millions of grandmothers would be swapping dog pucs and stalking their grandchildren on Facebook? Our standards for data privacy and sharing have changed a lot. Path & highlight are pushing these boundaries even more.

I turned off highlight after realizing that it knows where I am ALL the time.

Looking back at the allthingsdigital interview, STEVE JOBS|D8 All Things Digital 2010 Part 3of5, (11minutes), with Steve Jobs, he pointed out that you need to be upfront with users about such things - you need ask to them outright, ask them again, and even if they opt in, check back with them and "make them tell you to stop asking them".. to ensure that they are still happy.. (possibly explains why Apple have struggled with 'social'!)
how come this never bit linkedin in the butt...
I can't see this having too much of an impact on the younger demographics using path, but then again don't they use facebook rather than path? I'm also not sure about using facebook connect as the answer to this either. I mean don't you use path because it's more private and a smaller social reach than your facebook friends. I couldn't be bothered with the "why did you reject me on path"......
I can see many of you including +Robert Scoble don´t mind about privacy, but if startups want to become big boys they will need to cross the pond. No way this is acceptable to European customers and no way this would be legal under the current privacy regulations. Facebook already faced the music under the current lax regulations in Europe see but the new one will be implemented Europe wide, goes further and will block all companies selling anything to a European customer. See: Europe proposes new privacy rules: will affect global companies!
+Kosso K and +Nicole Simon!
Don't know about the iPhone version but the Android version as specific permission to access your contacts. People should read permissions.
I think this is more of an Apple issue then a Path issue. As said many times before this is pretty common practice to send over address book data so you can link up friends on the back end. Apple should be more proactive in protecting the users sensitive data like this by automatically providing an opt-out mechanism when the Address Book is attempted to be accessed through the iOS API. They already do this with location and push notifications which is why you see a pop-up dialog when you start a new app asking if it's ok to allow the app to access this data. Those dialogs are popped up by iOS when a function is called in those libraries ... not the app. If Apple treated Address Book data the way they do location then problem solved.

I was shocked to learn how protective people are over things like FB connect. It was a rude awaking in the form of a bunch of 1 star reviews in the app store when glmps (Shameless plug launched ... the main reason, that we only provided a way to login to glmps with Facebook and Twitter. Even though we do not get access to their username and password thanks to OAuth, they did not want to allow us access to this data. Our next release had a login with email address and even then people were not happy.

Apple has a pretty good review process in place and the hope is that they catch misuse. I think in this Path's case the fact that the data was being sent over unencrypted ... that should have been caught in the review process but was not. If they implement a simple hash before sending this data then anybody with a sniffer will not be able to steal this data.

My $.02.
The weird thing is that I'm not sure this was a necessary step. If the only goal is to understand relationships between people and suggest friends (a strange goal for an app that limits friendships to 150) then it could be achieved in numerous ways without downloading the address book.
On Windows Phone this couldn't happen without consent from the user. The API doesnt allow for it. You can have the app ask the user to pick a contact to share, but it wont let it snoop your whole address book!! Poor form Path.
+Robert Scoble would you please give some thought to a post about what Dave and the Path team might do to make lemonade? What examples can you point to? Give Joseph Chiesa a call?

On September 29, 1982, a "Tylenol scare" began when the first of seven individuals died in metropolitan Chicago, after ingesting Extra Strength Tylenol that had been deliberately contaminated with cyanide. Within a week, the company pulled 31 million bottles of tablets back from retailers, making it one of the first major recalls in American history.[5]
As a result of the crisis, all Tylenol capsules were discontinued, as were capsules of other brand names. Retained by McNeil President Joseph Chiesa new product consultant Martin Calle and management strategist Calle & Company conceived the world's first tamper-proof gelatin-enrobed capsule called "Tylenol Gelcaps" which proved to resuscitate the 92% of capsule-segment sales lost to the recall. The tamper-proof, triple-sealed safety containers were swiftly placed on the shelves of retailers 10 weeks after the withdrawal. Other manufacturers followed suit. The crisis cost the company more than $100 million. Tylenol regained 100% of the market share it had before the crisis. Seven people died. The Tylenol murderer was never found. A $100,000 reward offered by Johnson & Johnson still remains unclaimed.
Tylenol remains a top seller, controlling about 35% of the pain killer market in North America. -
Emails is the gold for any company to get their hands on. Facebook makes it impossible for you to get your friends email addresses (hence how they blocked my Facebook Friend Exporter Extension), if Path decides to put that data in, they should have from the start create a screen that tells the users that the data is being stored in the servers. I believe Path has great intentions, so nothing to worry about. They just need to be more careful, every company should be careful with sensitive data like this.
In Germany/Europe you might get in Jail for doing this without noticing the Enduser, just want to mention it
The bad part of it is that Path CEO doesn't give a fuck. Read his response in comments.
What interests me in any app. uploading personal data is how I can become a conduit to compromising my contacts privacy simply by installing it. I assume a level of risk by installing apps (full name, phone number, addresses, birthdate, etc.) but now my whole contact list does as well. Its one thing to be asked to upload my personal data to a service to better my experience but I doubt my friends would love to know that key personal data points were given up so MY online experience is more convienent. Your identity is yours to compromise if you know and agree to the risks. Now, your exposing many of your friends and family to the same risk BUT they don't even benefit from the app. Technically, I don't understand why the data wasn't hashed but I bet someone at Path is working on that very solution right now.

I think this is a bigger issue then this one event. 
rules for the Apple App store
17.1: Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used
17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
so both rules were violated, so why did Apple allow them to pass the check? Maybe because +Robert Scoble and a bunch of other influential Californians were devoted evangelists of Path? Questions.....
Even if users opt-in, they are not the ones that are allowed to disclose other peoples contact information. How is Path getting approval from people not using their app?
Ugh. I didn't even enjoy using Path and uninstalled it the day after I installed it. But by then, I'm sure they already had my entire address book. Not cool.
Surely the point is that if Path have been getting away with this then so could every app on your phone... Even if Path change their policy that doesn't alter the fact that the contents of your phone
are quite possibly freely available to app developers for the taking?
This does make me question what else Apple has let slip through the cracks. While Path had the responsibility of disclosure, Apple certainly should be aware when an app is accessing one of the core systems. Will they be instituting a review of all apps now? That could be quite an endeavor!
+Robert Scoble I have to say I totally agree with +Nicole Simon in that this activity should be OPT-IN, irrespective of the user experience. Sure, permission is often harder to obtain than forgiveness, but when we're talking about private and personal data such as telephone numbers and addresses, the actions and now stance taken by Path and Dave Morin is wholly unacceptable.

You are very much an edge case in this situation, since for many years you have personally made public your phone number and address. But what about all the rest of the people in your Address Book who might never want to have the data they entrusted you with being sent, without yours or their knowledge, to an unknown third party with an unknown level of security.

The trust line has now been crossed. People have no reason to believe Mr. Morin or Path ever again. How do we know they haven't already sold all those phone numbers to telemarketers yet? We don't. And no amount of "he's legit / a nice guy / smart" is ever going to convince me otherwise.
In my opinion: who cares. It's what they do with it. All our data is out there. They track our movements, see with whom we call, how long, know our sentiment, our birthdays, education, etc etc
Apple to share the blame? Really? 
I'm curious, has anyone found the regulations regarding this uploading? Are there any, and how can we know which apps are uploading all of our friends data? I'm a big big Path fan but i regularly decline apps on facebook that want access to my friends info. One more. Was this in a TOU that we all skipped right through and didn't read?
+Reuben Katz +Syl Mulder and +Robert Scoble read my comment above this where I spell out the Apple appstore regulations. The app has been approved so either Apple is extremely sloppy rendering the walled garden concept useless or they made an exception because of favoritism to a hot app in Silicon Valley.
+Marko van Kampen While I see your point, it's one thing for the data of the person using the service to have their data there... it's quite another to have them taking the data out of my device, for people who are NOT opting to use the service, and doing so without my knowledge or permission. That was overstepping way beyond the boundary IMO.
I think as far a social networks and privacy issues go, this usurps Facebook's battle with privacy. While most of Facebook qualms with privacy happen via a user controlled admission/declaration (i.e. targeting via a "Like", status update, profile information etc) with +Path, users had NO idea whatsoever that their data (down to their very own personal contacts) were being mined. Being in digital I often forget how shielded users are from the mechanics of most freemium services, but this is downright a violation..... Personally though, it really doesn't bother me because I'm essentially used to no privacy. It hasn't made me delete Path from my iPhone, nor do I really look at the service any differently as I am sure there are other services that I use on a daily basis that do much of the same. But again, I consider my view jaded compared to the average user. When it comes to Facebook, I could care less about privacy because I never click on any ads and honestly, it's Facebook.... If you don't want people to know about XXXXX, then don't post it on Facebook in the first place!!!!
Add a comment...