Path's Big Mistake (Updated)

Illustration for article titled Path's Big Mistake (Updated)

Facebook is a privacy disaster. Nobody with an iota of sense really trusts it to respect their privacy. Which is precisely one of Path's big selling points: It's got better privacy. Or so it seemed. But then it surprised everyone. (Updated)

Path got caught uploading users' entire address books to its servers. It wouldn't have been a big deal if this was an opt-in action. But it wasn't. It happened in the background without most users' permission or even knowledge. This was a big surprise to a lot of people (even if Dave Winer did warn about it peeking at our address books in November of 2010.) It illustrates a huge point about privacy: Don't surprise people.


The worst thing a company can do with private data is something unexpected. Unexpected is almost always bad.

Typically, when a company has a privacy problem it's not because it has done something horrible, it is because it has done something surprising. People are often quite willing to share personal information—addresses, contact information, location, financial data, and the like. But they also want to have control over it. They want to be able to choose what is shared, and how it is shared.

When companies do surprising, unexpected things with our personal data, it leaves us feeling like we don't have control over our own data. Worse, it often leaves us feeling cheated, or deceived. And that makes people very angry. Doing something unforeseen with somebody's privacy is a surefire good-will extinction mechanism.

When it comes to Path, what we expect is privacy. The entire point of it is that it's a more private, intimate social network. In fact, privacy is among its key values. It even promises that "Path should be private by default. Forever. You should always be in control of your information and experience."


The thing is, there's nothing inherently wrong with Path using address book data had it given us that control that it promised. But Path took data without asking or notifying us what it was doing. It took away our control over our information and experience. That was unexpected.

There is an easy way out of this for Path. Mike Arrington is dead right: It should nuke all of the address book data that it has gathered. It should not wait for people to ask, forcing them to send an email. It should not wait for another version of the app to ship, it should do it now. Today.


That would be the kind of surprise people like.

UPDATE: And it's done just that. From a contrite blog post by company CEO Dave Morin:

We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we've deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path.


Nice move, Path.

Share This Story

Get our `newsletter`



The funny thing is that 99% of users have no idea this happened and wouldn't care or understand either.

I guess I'm just someone who is more about practicality than principal. I trust Path not to misuse the data since if they did they would get in a big PR shit. What we are seeing here is NOT a big PR shit. It is a tiny PR shit which will be forgotten in less than a month.

That is why I am not paranoid about privacy on the web. I am smart enough not to upload stupid stuff, and I realize that privacy is self regulating. Any company that TRULY fucks up (all the stuff Facebook has done doesn't even come close to truly fucking up) will pay for it dearly, and this will teach a lesson to other companies.

The free market may not be perfect, and I certainly have my criticisms of that ideology, but it actually is working a lot better now that the internet provides a degree of transparency that wasn't available before. This applies to politics as well. Politicians are shitting themselves because they just can't get away with the stuff they used to be able to.

I for one am quite optimistic about the future of privacy on the internet, because we will freaking slaughter any company that screws with us (ACTUALLY screws with us, not this little crap that we geeks poo our pants over).

Ok I will stop talking about excrement now.