Path got caught uploading users’ entire address books to its servers. It wouldn’t have been a big deal if this was an opt-in action. But it wasn’t. It happened in the background without most users’ permission or even knowledge. This was a big surprise to a lot of people (even if Dave Winer did warn about it peeking at our address books in November of 2010.) It illustrates a huge point about privacy: don’t surprise people.
The worst thing a company can do with private data is something unexpected. Unexpected is almost always bad. Typically, when a company has a privacy problem it’s not because it has done something horrible. It’s because it has done something surprising. People are often quite willing to share personal information — addresses, contact information, location, financial data and the like. But they also want to have control over it. They want to be able to choose what is shared, and how it is shared.
When companies do surprising, unexpected things with our personal data, it leaves us feeling like we don’t have control over our own data. Worse, it often leaves us feeling cheated or deceived. And that makes people very angry. Doing something unforeseen with somebody’s privacy is a surefire good-will extinction mechanism.
When it comes to Path, what we expect is privacy. The entire point of it is that it’s a more private, intimate social network. In fact, privacy is among its key values. It even promises that “Path should be private by default. Forever. You should always be in control of your information and experience.”
The thing is, there’s nothing inherently wrong with Path using address book data had it given us that control that it promised. But Path took data without asking or notifying us what it was doing. It took away our control over our information and experience. That was unexpected.
There is an easy way out of this for Path. Mike Arrington is dead right: It should nuke all of the address book data that it has gathered. It should not wait for people to ask, forcing them to send an email. It should not wait for another version of the app to ship, it should do it now. Today.
That would be the kind of surprise people like.
UPDATE: The little mobile-only social network kicked up a big privacy debacle by uploading its members address book data to its servers without their knowledge. Today, Path announced that it’s deleting that data, and released a new version of its app.
The new version gives users the ability to opt-in or out of sharing address book information. It also announced exactly what it does with that data:
In the interest of complete transparency we want to clarify that the use of this information is limited to improving the quality of friend suggestions when you use the ‘Add Friends’ feature and to notify you when one of your contacts joins Path––nothing else. We always transmit this and any other information you share on Path to our servers over an encrypted connection. It is also stored securely on our servers using industry standard firewall technology.
But the best news from the blog post is that it is deleting all of the data it had stored without getting people’s permission. Doing that in the first place was a bone-headed move.
The only real question now is why company founder Dave Morin decided to put his head shot at the bottom of the post.