Update
Path has released an official apology for the mess. Really happy to see them do what is right for the user, because I love the app and use it everyday. I would say this is the best part and the most important one.
So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path. - Dave Morin (path)
I had made up my mind not to write a blog post about the Path fuck-up. Whatever criticism I had, I had already spoken on Twitter.
"Everybody else is in the industry is doing it" or "It is Apple's fault" is not such a great way to handle a compromising situation. #path
— Tuhin Kumar (@tuhin) February 7, 2012
However, I gave up resisting when I read the comments on Hacker News on the second article of the day talking about Hipster (yes, the Local deals- Local Q&A - Photo Postcard app company that had a funny jobs page). Apparently the hall of shame includes, Instagram (over https atleast), Facebook (no surprise), Kik, WhatsApp, Beluga (not sure) and many more. Path is just the kid that got caught with their pants down and hands busy.
Contact Lust: All your contacts belong to us
The desire of any company, that relies on network effects for it's product to succeed, is to get as many contacts as possible and then create leads based on invites, recommendations, cold emails and all kinds of tricks of the trade. We all know it and I would be surprised to find any company in the social space that can proudly say they have never resorted to anything of that sort. The easiest way for mobile apps to get this is the Address Book. To be honest the signal to noise ratio of my address book is way higher than my contacts on any social network. So truly this is a gold mine. Where there is gold, there are the miners. However, with miners and diggers comes the need for regulations.
Apple: the gatekeeper that should have stood
In all of this, probably the biggest blame falls on Apple. From the way I see it, it makes truly no sense that something as private as Address book should be accessible without explicit permission or opt in from the user.
One can do way more harm knowing the contact info of people close to me than where I am at any point, which I share publically for the most part either ways.
Industry Practice
This is currently the industry best practice and the App Store guidelines do not specifically discuss contact information. - Dave Morin (Path)
This is what makes me really annoyed at this drama. C'mon Dave, surely you are better than that. Also when did industry practice become a yardstick for company ethics?
- Apple gives you access to the user's Contact list without ever asking the user for explicit opt-in/permision a la the Locations popup- Apple's bad.
- You send this contact information from the user's device to the server in any form (secure or insecure is a different debate altogether) without asking/informing the user explicity- your bad
I am not talking about legal issues, data access, ownership of data or anything else. I am simply asking to keep users at the heart of the decision and their privacy at the helm of affairs. Just because Facebook has been getting away with it DOES NOT mean this is the "path" to follow.
Simply saying, every other app does it too, is NOT the attitude we as a community should have. Do you know who else blindly follows industry practices and copies what everyone else in the industry is doing? Hollywood!