There’s a lot of press attention being paid today (by TNW as well) to Path. The life-journaling app has found itself in a tough position after it was found that it is accessing Address Book data and uploading it to its own servers without gaining express permission from users to do so. But there are bigger issues at hand here, and nobody seems to be paying attention to them.
First off, it’s worth noting that most companies aren’t building applications that snag your data and then do malicious things with it. There are exceptions, but I can wholeheartedly assure you that most of the startups I speak to have no clue that the data they’re collecting can be used to further their business, much less do they have intention to do anything “evil” with it.
A developer that I spoke to today about the Path debacle stated it best:
“These features are created benevolently. For companies with good intentions, they get looped under the Facebook umbrella.”
The problem is that almost all of us now base our ideas of personal data privacy off of our interaction with Facebook. The social network has, by and large, made very poor decisions about how it handles our personal info and we all are well aware that it’s using that information to sell us as products. Yet nearly a billion people continue to use Facebook every single month.
The other obvious misstep here is on Apple’s part. Flame me if you will, but Apple has set out some very specific language in its guidelines:
“17.1: Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used”
If that is indeed the case, then Apple has let Path slip through the cracks. Perhaps it’s because the app is widely well-recieved, but that doesn’t exonerate Apple’s process from its responsibility to fully check that an app isn’t doing things that it’s not supposed to.
But Path is far from alone in its transgressions. We’ve heard from developers, both publicly and privately, that there are other apps that do this exact same thing and nobody has said a word about them. Again, two wrongs don’t make a right, but it’s well worth noting that Path has probably only come under fire because of its popularity, thereby making it more likely that someone would dig around and find the flaw.
The other question that has to come up is this: Why hasn’t Apple set the flag for the address book to be inaccessible by default? It seems logical that access to the iOS Address Book should be relegated only to Apple’s own apps, or by requirement of specific permission on behalf of the user.
So Path isn’t without fault here, but it certainly doesn’t seem malicious. Apple isn’t innocent in all of this either. A bigger part of the problem is how we as users see our privacy. Invasions of it seem to be fine as long as they’re handled well and we benefit from them. For Path, it’s not the end of the journey, but rather just a bump in an otherwise-pretty road.
I watch to see if companies are getting permission, and generally trust that any "known" app is not going to try anything resembling spam or making my data public, for the same reasons you suggest. I can imagine some enthusiastic programmer thinking up all sorts of hacks that might even be helpful, but by the time they get funding, or the thousands of users that get them noticed in the press, it's safe to assume they have someone around who knows how the world works.
Of course this is not an excuse for Path or Apple. Thank goodness this isn't an accidental release of data into the wild or invite spams. Put into perspective, it's a glitch
- spam
- offensive
- disagree
- off topic
LikeWHICH OTHER APPS DO THE EXACT SAME THING?!
- spam
- offensive
- disagree
- off topic
LikeIs this only iOS related?
I love the look of Path but seriously, what you all using it for? Haven't seen much activity in my stream for awhile now.
- spam
- offensive
- disagree
- off topic
LikeThis is a really good point about Path and it's ilk's good intentions. Since the stolen car I drive is mostly used for commuting to work, I'm feeling pretty good about me too.
- spam
- offensive
- disagree
- off topic
LikeThis is a hot topic these days and I agree that most developers/companies are not malicious, but those of us who understand the technology need to be good stewards and CLEARLY give users a choice about what data they are sharing and how it will be used. New technologies are finally making this possible - so now we just need to start using them. @3pchoice
- spam
- offensive
- disagree
- off topic
LikeC'mon. The fault is the developers- Path and whoever else is doing this.
I say this as both a user and a developer and I think most would agree.
- spam
- offensive
- disagree
- off topic
Likeredkite I didn't say that the fault wasn't with the devs. I'd never argue that, as it's a fool's game. I'm just saying that Apple should also enforce its own rules, and we users need to have a better understanding of what safety really entails.
- spam
- offensive
- disagree
- off topic
LikeBrad McCarty well ok, but we really need to hold devs accountable for these kind of choices. uploading everyone's contacts, pointing out matches between them and not mentioning this anywhere, while at the same time claiming they care deeply about privacy (see the Scoble) interview? c'mon. especially Path- look at the kind of info they're collecting... soon enough it will include heart rate and blood pressure.
You mention other apps doing this? any idea what they are?
- spam
- offensive
- disagree
- off topic
LikeConversation from Facebook
They might start off benevolent...but times is hard and data has a high price on its head.