Matthew Panzarino was Managing Editor at TNW. He's no longer with the company, but you can follow him on Twitter. Matthew Panzarino was Managing Editor at TNW. He's no longer with the company, but you can follow him on Twitter.
In a post on its company blog, the private social network Path has stated that it will begin hashing user contact data in order to make it anonymous and protect it. This is in response to issues that began when it was found that Path was uploading its customer’s contact data to its servers and storing it there in plain text.
We take privacy and security seriously, and we believe your data deserves to be well-protected. That’s why, with the release of Path 2.1.1, we are enhancing our security by hashing user contact data so that it is anonymized. This means last names, phone numbers, email addresses, Twitter handles and Facebook IDs. We collect this data to connect you with those who are closest to you.
A cryptographic hash is a method by which a developer can record user data in a form that is unreadable to anyone. Instead of storing it in regular text, they are hashed against a value, creating a string of numbers and letters. The two values, one on the device and one on Path’s servers, can be compared in order to make a match.
This is what Path will now do with user contact information in order to recommend it other users in their address book who are also using the network. Path had already added in a dialog box that required users to get explicit permission to access contact data at all.
So, instead of storing the names, phone numbers and more of your contacts, it will be storing a random bunch of numbers and letters that cannot be read by employees of Path itself or anyone else, should the security of the company’s servers be compromised.
Predictably, when privacy issues are concerned, there was an outcry about how Path handled the data. But, as with most things, there is a bigger story here and it turns out that what Path was doing was far from out of the ordinary. We investigated and found that many popular applications on the App Store actually had access to or were collecting user data without explicit consent.
The U.S. Congress has also begun requesting more information about how iOS developers comply with Apple’s privacy policies regarding apps, how they gather information from users and what they do with it afterwards. This is likely related to the letter that Congress sent to Apple just last month about Path.
The post concludes with the hope that Path’s policy of hashing the data will “set a new standard in this field as we strive to serve you, our users, first.” Adding, “thank you for your trust, and thank you for using Path.”
Get the TNW newsletter
Get the most important tech news in your inbox each week.