A few post Path contacts list thoughts

There are a few things bugging me about the Path contacts uploading finding that was made last week.

Ok, so Path isn’t the first app to upload the contacts list,and until Apple implements a user interaction dialog similar to the location sharing permission they probably won’t be the last.

Path’s reaction to the scandal was, from a marketing perspective, pitch perfect and was handled beautifully. They didn’t make any excuses, didn’t try to justify, just apologized, said they made a mistake and deleted all of the contact information from their servers. So far so good … but…

I have a few issues with that:

  1. Firstly, the (kinda) less troubling. Anyone who has worked in any large scale web project knows that it’s good practice to have backups and copies of copies etc. The question here is that, since my contact list has been uploaded without my permission to their servers, and they said they’ve deleted it, does that mean that it’s also been purged from all backups, copies, redundant servers etc? There’s no clear answer here.
  2. Given the bandwidth, and some day there will be, would companies also grab all my photographs *just* to work out who my friends are by image analysis? I don’t see much of a difference in the violation made with the contacts list.
  3. Finally, whats the difference between making a mistake, and making a bad decision knowing that that decision is kind of shady to begin with. “Everyone else is doing it” is definitely not a good basis for any decision. And in a room full of intelligent people it’s hard to see how nobody raised issue with this practice.

If I build something that fails without any intent of that failure happening, then thats a mistake I made. I’ll be sorry about that and I’ll try to rectify the situation. If I make a bad decision, and I knowingly make that bad decision in order to give my solution some sort of advantage, is that a mistake? That makes the apology from Path seem a little disingenuous.

It’s great to see that Apple are already on top of that. Strange though that that security feature has been off the table for so long.

I wrote about why I really love Path before, but to be honest I haven’t fired it up since this finding, neither has my girlfriend and I’m not sure that I will, that remains to be seen, maybe that’s just some evidence of the trust that Path have lost with a lot of their users.