5 Comments

Summary:

Path came under fire this week when it was discovered that its iPhone app uploads user address book data without notification. In a blog post Wednesday, Path CEO Dave Morin apologized, introduced a revised app, and said the company has erased the data from its servers.

davemorinfeature

Path CEO Dave Morin

Path, the mobile app for cataloging your daily activities and sharing them with a relatively small circle of contacts, came under serious fire on Tuesday when it was discovered that Path’s iPhone app imports all of its users’ address book data onto Path’s own servers without notification or asking permission. Not surprisingly, many people saw this as a major breach of user trust.

Path CEO Dave Morin quickly responded to the fallout, telling app developer Arun Thampi, the blogger who first discovered the address book upload activity, that the data was only used to help users find their friends and “nothing more.” Even so, he also said that the Android app has the address book upload as an opt-in feature, and released a new version of Path for iPhone that does the same. The question still remained, though: What about all the address book data that has is already in Path’s hands?

According to Path, you can now consider it completely gone. In a company blog post Wednesday, Morin explicitly apologized for Path ever having such a feature and said that all the address book data that has already been uploaded will be erased from Path’s servers. The blog post, entitled “We are sorry,” reads in part:

“Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts.

…We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path.”

It’s a very smart move by Morin and the Path team. Perceived privacy breaches can be hugely damaging to web companies, and especially so for a company like Path, which bills itself as a more private version of Facebook. Path is already on its second life of sorts (its first iteration as a pure photo sharing app did not take off so well) so it’s important for the company to value the users it has attracted. Path has not behaved perfectly, but its response to the outcry has been quick, sensitive and strong. The big test now is whether that will be enough from the users’ perspective.

You’re subscribed! If you like, you can update your settings

  1. So, now the new version of the Path app asks you if it’s OK to ‘find family and friends’ by uploading your Address Book contacts.

    Sorry, but what right does the user of any app have to send any third party a copy of ALL their contacts’ name, email, address, phone number etc??!! /cue outrage.

    If I see people I that I know have my personal telephone number using Path, I’m going to be pretty pissed off at them if I discover they used this trust-violating ‘feature’.

    1. Have to agree, kosso. Might as well be Tagged, LinkedIn, ShoppyBag, etc.

  2. Right. And they also went to each of their backups and shadow services and deleted information from those too. Right.

  3. “We are deeply sorry if you were uncomfortable with how our application used your phone contacts.” Maybe I’m just old-fashioned, but these kinds of conditional, non-apologies (I’m sorry if…”) are hardly “sensitive” as it shifts the blame from themselves to the user and his/her discomfort.

    How about simply: “We are deeply sorry for how our application used your phone contacts.” That’s real sensitivity — and spine.

  4. Butch Duane Hellums Wednesday, February 8, 2012

    So it was deleted from the servers. Was it ever aggregated anywhere first? Was it all imported into a database somewhere, before it was deleted from the server? Was it used or stored in any other way, and were all copies of the data destroyed? Typical legalese…

Comments have been disabled for this post