The ‘alternative’ social network, Path, has had the tech world in uproar this week with the revelation that it was uploading its users’ entire address books to its database – without their permission. It also raises the question of whether an online social network can every truly be private, as Path claims it is. I’ll be addressing this question on another blog which will follow this one, titled “As Path goes through your phonebook, are there any private social networks?“.
So what’s actually gone on? To lift an explanation from another blog, Path uploads your entire iPhone address book to its servers. Pretty damning. The intended result of extracting a user’s contact list was that Path could then tell them when their friends had joined the social network, and then suggest that the two users connect. However, people are not happy about the fact this was done without their permission. TechCrunch did the numbers and worked out that if each of Path’s 2 million users had a conservative estimate of 50 contacts in their iPhone, that’s a database of 100 million contacts being accrued without anyone giving their consent to their content being used.
To quote TechCrunch again, another reason “why Path pissed people off” is that they weren’t even that careful about how they went about uploaded the data. Instead of putting in a little bit of effort to hash the contacts, the data is being uploaded in unhashed, plain text. In response to this, Dave Morin (Path’s founder) has said that they are working on an opt-in fix for this function, and defended the actions of taking users’ contact lists as a means of them getting further enjoyment from the service.
When commenting on a blog post question of whether not being an opt-in situation in the first place was against Apple’s own T&Cs, Morin said “This is currently the industry best practice and the App Store guidelines do not specifically discuss contact information.” Another commenter rebutted this by citing the App Store’s guidelines:
17.1: Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used
17.2: Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected
So it looks as it Path may have been rather naughty on this one. But can we really be that surprised? Facebook has 800 million users, none of whom pay a cent to use it, yet the company is valued at upwards of $100bn. There must be something that they are getting from us – the users – that makes the company valuable to third-parties and advertisers. Read our next blog for more on the question of private social networks.