
We are sorry - revorad
http://blog.path.com/post/17274932484/we-are-sorry
======
tjoff
Only problem is: It was not a mistake.

They did this only to cover their asses and that has been the only concern
they've ever had. That they already tried to push the opt-in was of course
only in fear of what just happened.

I'm sorry, I'm all for public apologies and I truly believe that it is in
times like these companies have a chance to really prove themselves and really
make a mishap something positive (and come out stronger than ever before). And
they have tried to do that, for that I give them credit.

But. _It was not a mistake_. And this sentence really shows why: "Through the
feedback we’ve received from all of you, we now understand that the way we had
designed our ‘Add Friends’ feature was wrong."

They did it deliberately, there was not a mistake anywhere when implementing
this nor with their intentions, and if they honestly didn't understand that
what they did was wrong they don't deserve to be trusted again, not never. And
if they did understand that it was unethical, which they undoubtedly did, it
is _even worse_.

Their trust is not worth anything more than what they think they can get away
with. The only thing that is different today from yesterday is that they think
they can get away with less.

This desperately highlights why both android and iOS needs a way to spoof
contacts for apps (return an empty list). Some android developers have solved
this by having two apps in the market, one "private" version that requires
fewer permissions. But that's a kludge (that I _really_ appreciate) that
almost noone uses.

~~~
ghshephard
I suspect, if you probe more deeply, that some of the Path developers where
familiar with how this problem is normally solved and just copied a common
design pattern. A large number of IOS applications supposedly upload the
contact list to make it easier to find friends server side - I further suspect
that many, many of the popular social apps do this.

Hopefully at least Five good things will come out of this:

    
    
      1) Social Apps immediately remove the "upload contact list code from their
         apps"
      2) Social Apps come up with a more privacy clueful way of searching for 
         your friends.
      3) Social Apps (all apps, ideally) focus more on user privacy.
      4) Apple requires permission to be granted before allowing an app to read 
         your contact list.
      5) Apple is more explicit about what app developers are _not_ allowed to do 
         when transmitting information off the IOS Device
      6) The App review process adds a check to see if certain user private fields 
         are accessed, (Contact, Photos) - and ensures (through audit, or 
         confirming with the developers) that private information is not 
         being uploaded without opt-in.
    

If some or more of these things happen, then I'm actually happy what Path did
was publicized. They've deleted 100% of the contact information off their
servers - people now have to opt-in to add it back in.

~~~
nixj86
It seems to me to be more a case of developers taking the easiest option,
rather than spending some time considering a more secure, less creepy way of
doing what they wanted to do.

------
hexis
Key paragraph: "We believe you should have control when it comes to sharing
your personal information. We also believe that actions speak louder than
words. So, as a clear signal of our commitment to your privacy, we’ve deleted
the entire collection of user uploaded contact information from our servers.
Your trust matters to us and we want you to feel completely in control of your
information on Path."

Great save for a bad mistake.

~~~
phillco
I would bold it if I were them. It's a nicely written message, but it reads
like a lot of other PR apologies and it's easy to skim over it, deep in its
position in the 5th paragraph.

Sometimes you need to _make_ actions speak louder than words. :)

~~~
gorgonville
>We are deeply sorry if you were uncomfortable with how our application used
your phone contacts

Better would have been 'we are sorry we misused your phone contacts', rather
than trying to make the users responsible by invoking their feelings.

Aside: interesting how the concept of theft seems meaningless when applied to
copyrighted material, but meaningful when applied to private data.

~~~
zdean
I don't think that you should assume that they are sorry that they "misused
your phone contacts". This, like a lot of companies' efforts, is emblematic of
their efforts to find out what people's (ever-expanding) comfort zone is when
it comes to giving up their privacy. They (Path) are not looking at this as a
philosophical failure (which would be cause for the apology you put
forth)...they simply see it as an A/B test result ('sorry about making you
uncomfortable').

------
sshumaker
Honestly, I keep hoping Apple adds a permission check for the contact list
(like they do for GPS location). If the user says no, they should just return
a blank contact list (to keep old apps happy that aren't expecting the call to
fail).

~~~
mikeash
It's crazy that they haven't added this already. Facebook needs to get my
permission to find out where I am, but not to scrape a hundred names, phone
numbers, and addresses out of my phone? Bizarre.

~~~
nbm
I realise you might be using Facebook as an example in a theoretical sense
(i.e., that Apple believes protecting your location is more important than
protecting your contact database), but in case you weren't, Facebook's "find
friends" feature does give you an explanation of what is going to happen, asks
you to confirm.

Here's the explanation:

"If you enable this feature, all contacts from your device (name, email
address, phone number) will be sent to Facebook and be subject to Facebook's
Privacy Policy, and your friends' profile photos and other info from Facebook
will be added to your iPhone address book. Please make sure your friends are
comfortable with any use you make of their information."

~~~
jacquesm
Facebook is trying to push the responsibility for the privacy of your friends
to you with this, and by doing so they are violating EU privacy laws.

See: <http://en.wikipedia.org/wiki/Data_Protection_Directive>

This is one of the few areas where the EU is (still...) ahead of the rest of
the world. Facebook should not be able to collect data on your friends even at
your request unless your friends explicitly consent to this.

Clearly your friends have no business passing on your data and Facebook has no
business collecting it. "Make sure your friends are comfortable" is no excuse
for facebook to go ahead and break the law.

~~~
fleitz
Your neighbours to the north also have laws like this that are on par with the
DPD. The EU treats PIPEDA as essentially an implementation of the DPD so that
DPD compliant orgs can share data with Canadian businesses.

~~~
pyre

      > Your neighbours to the north
    

Confused me a bit, b/c I don't think that jacquesm is from the US. I was
thinking 'neighbors to the north' meant Scandinavia or Iceland.

------
huhtenberg
So what changed really?

Yesterday morning Path thought it was perfectly OK to scrape user's Address
Book behind their back, and now they suddenly acquired moral backbone and
ethics? Please give me a break. What they did today is the only sensible thing
there was to try and save the company, so they did it, but should they be
commended for that? Hell, no. Would you commend a landlord for dismounting a
hidden camera in your bathroom? Doubt it.

The fish rots from the head. The company is still under the exact same
management it was yesterday morning. Nothing's changed. I wish Path a slow,
painful and very public demise to serve as a dire warning to others in similar
positions.

~~~
Terretta
They still think it's okay. It's the users' fault this is a problem. Read
carefully:

\- _users brought to light an issue_

\- _we now understand that the way we had designed... was wrong_

\- _we are deeply sorry if you were uncomfortable_

Not sorry. Sorry if and only if you took it wrong.

\- _We want you to feel completely in control of your information on Path._

You won't be in control, but we want you to "feel" you are.

Also:

\- _stored securely on our servers using industry standard firewall
technology_

Hmm. My firewall doesn't store data.

\- _We hope this update clears up any confusion_

It's not us, it's you. Stop being confused.

~~~
megablast
So many people are fooled by these weasel words I am surprised.

------
dsr_
Surprise: an actual apology, followed by an explanation and how they're going
to do it slightly better in future, plus a remedy of sorts.

Better than ATT, VZW, MS, TW, Comcast, or any national US bank.

~~~
54mf
The fact that they've already deleted all user address book data, and have an
updated version of the app available _today_ with a privacy option, is a big
deal. I don't know how they managed to get an update to the app approved so
quickly (24-48 hours?), they must have worked directly with Apple. A good
sign, either way.

~~~
ellie42
There is no proof of that they really deleted all user address book data.

~~~
jacquesm
You can't prove a negative. You can only prove the existence of certain data
on a particular server, you can not prove that a company does _not_ have
certain data unless you are prepared - and they are willing - to give you full
access to audit each and every byte on their systems and to wipe any parts
that they can't explain and you can't find a way to decrypt.

Clearly that is not practical so we'll have to take them at their word, as it
stands I think that if path is found out to be lying about this that it will
come back to haunt them big time.

~~~
lnguyen
It probably would help if they had an outside auditor to verify the actions
that were taken. Still wouldn't be final proof to anyone who believes that
they might still be hiding something but is a step further than just saying
"trust us".

------
attheodo
This is a welcoming move from Path. However, "industry standard firewall
technology" is gibberish.

~~~
samarudge
Translates as "We don't use encryption because it would cost too much, but we
have ACLs so only our staff can look at your personal data"

~~~
seanp2k2
Hmm, I read it more as "We actually have no idea what we're doing with any of
this stuff and we're not giving you any more reasons to trust us with ANY
data".

Written by their CEO => icing on the cake.

------
ilamont
Dave Morin, 2010:

 _Path does not retain or store any of your information in any way._

Source: [http://gawker.com/5883549/dont-forgive-path-the-creepy-
iphon...](http://gawker.com/5883549/dont-forgive-path-the-creepy-iphone-
company-that-misled-us-once-already)

------
k-mcgrady
I was very critical of Path yesterday. Their initial response didn't really
address the issue and was basically an excuse. But this has restored my faith.
I never believed they were doing anything malicious with the data but the fact
that they bill themselves as a trusted/private social network leads me to want
to hold them to a higher standard.

The big thing in this apology is that they have deleted all the data. That was
a good move and shows they listened to complaints. The app update is also
smart. Hopefully they will implement a better friend finding system soon
(maybe using the hashing ideas put forward in yesterdays HN thread).

------
lwhi
It reads like standard PR damage limitation, but it ticks all the right boxes:

* They've admitted responsibility.

* They've shown they understand why they were wrong.

* They've explained what they've done to put it right now.

* They've explained how they intend to proceed in the future.

------
forgotAgain
_If you accept and later decide you would like to revoke this access, please
send an email to service@path.com and we will promptly see to it that your
contact information is removed._

My only qualm is that you can't revoke the permission from within the app. The
opt-out should be as easy as the opt-in.

~~~
alexholehouse
I suspect this is because technically it would be a PITA to allow users to
allow/revoke at their own discretion.

While I agree that it would be nice from the users point of view, the impact
of pulling data from the kind of analysis I'd expect them to be doing is going
to be a data analysts worse nightmare (i.e. holes in your data set can
sporadically appear, so nothing is concrete and all analysis must be reverse-
justifiable). If you can reduce the frequency this happens but still give the
users the option, this seems like the best of both worlds.

------
benwerd
It's not a perfect solution, but I don't understand why Path don't hash the
contact details before uploading them, and check against the hashes. You can
still infer all kinds of social graph information, of course, but they're at
least not consuming raw contact details.

~~~
Me1000
Preface: I will joining Path this Summer, but I do not speak for the company
in any way, nor have I spoken with them about the situation. This is a purely
technical reply...

You cant guarantee a unique hash. When you hash users' data there is the
possibility of collision; this probability grows with every new user. Without
identifying data of some sort, it's difficult (impossible?) to get the exact
user.

~~~
jwegan
That is incorrect. SHA1 still has no known collisions despite years of
research and computing power dedicated to finding just one collision.

Edit: Furthermore since the set of valid emails and phone numbers is a very
restricted set of input, it is extremely likely that there are literally no
two valid email/phone numbers that SHA1 hash to the same value.

~~~
hythloday
I agree that it's practically not a concern, but the local part of an email
address[0] is up to 64 characters in an alphabet of size 72, and the domain
part is 253+ characters in an alphabet of size 38, giving the valid email
space a size of greater than 3e519, which is enough to guarantee collisions in
SHA-512 and all of the SHA-3 finalists.

[0] <http://tools.ietf.org/html/rfc3696>

~~~
fleitz
If the set of data did contain 3e519 entries then yes it certainly would
generate collisions, however it you look at a more restrictive set of data,
lets say 5 emails per person alive then you're looking at about 2^35 email
addresses which could easily be hashed by MD5 with out a significant chance of
collision.

Instead of an MD5 they could just as easily upload a bloomfilter which would
expose even less data and would compress it significantly, however it would be
more computationally expensive to generate matches that way vs. hashing.

------
jarsj
"If you accept and later decide you would like to revoke this access, please
send an email to service@path.com and we will promptly see to it that your
contact information is removed."

There it is. If you have a button that stores all contact information, Why
can't you add a button that says remove all my contact information ? Ofcourse,
then more people will click it. Just a stunt, nothing more.

------
mark242
"It is also stored securely on our servers using industry standard firewall
technology."

Undoubtably in plaintext. Having "industry standard firewall technology"
didn't do jack for Zappos, why would Path's data be any more secure?

------
reidmain
The fact that you have to email Path to "revoke access" is still unacceptable.

This information should never be stored on Path's servers. Best case scenario
they should be storing hashes of information and before people say there can
be collisions so what? The number of people who would be presented with a
friend that they don't know will so minuscule versus the number of people
whose personal information is stored in plaintext in a database somewhere.

The idea that when someone signs up for Path and is instantly recommended to
friend someone else because that person shared their personal information is
scary.

Making this opt-in gives people the illusion of control when one of their tech
illiterate friends who always clicks accept has already given out all of this
information.

~~~
seanp2k2
This place is a privacy disaster waiting to happen. I smell an "ideas guy".

------
moizsyed
I'm glad they decided to nuke the data, but can you really trust them again?
This only happened because someone was hacking a project and ended up tracing
what Path is doing to his address book and then blogged about it, getting
enough attention and momentum to end up forcing Path to take this action.

But can you really trust a company like this in the future?

I think Dave Winer is right. One should treat others data as one would like
others to treat their data.

[http://scripting.com/stories/2012/02/08/gladIDontUsePath.htm...](http://scripting.com/stories/2012/02/08/gladIDontUsePath.html)

------
kyro
Good for the most part, but does anyone feel like they deliberately left out
what it was they're apologizing for?

I can imagine a user unaware of the recent event stumbling across this article
and leaving confused about what wrong was committed. They sort of just assume
you knew what happened, instead of explicitly explaining what they'd been
doing.

But, they're taking steps to resolve the issue, apparently; so good on them.

~~~
jeggers5
"We made a mistake. Over the last couple of days users brought to light an
issue concerning how we handle your personal information on Path, specifically
the transmission and storage of your phone contacts."

Dave explained the issue well enough in the first paragraph.

~~~
billpatrianakos
If you put yourself in a user's shoes that doesn't know what the issue was
then that is still generic. As a user who doesn't know the story I'd be
wondering:

\- Did they get hacked and now some unknown party may have the contents of my
address book?

\- Were they selling my information to others?

\- Did something happen as it relates to storage that mixed up or deleted
information

\- Was my data being transmitted in the clear

\- Was mt data being transmitted without my knowledge or approval?

Two of those things did happen but the user doesn't know for sure. To be fair
though, I think their statement was enough. They really don't have to go into
more details unless the situation calls for it and it doesn't right now. Those
who know get the apology they deserve and those who don't continue using Path
as if nothing ever happened. Win win.

~~~
sirclueless
Paragraph four, which answers questions 2 and 4 in your list and suggests that
the answer to 1 and 3 is "No":

"In the interest of complete transparency we want to clarify that the use of
this information is limited to improving the quality of friend suggestions
when you use the ‘Add Friends’ feature and to notify you when one of your
contacts joins Path––nothing else. We always transmit this and any other
information you share on Path to our servers over an encrypted connection. It
is also stored securely on our servers using industry standard firewall
technology."

The actual problem was number 5, and they tell you exactly how they are fixing
this: by deleting all existing data and letting people opt in to sharing it.

~~~
replax
Actually, in the blog post by the guy who discovered that, he said he was able
to read the data - meaning that it was transmitted NOT encrypted (please
correct me if I am wrong).

Also, I hope that their "industry standard" firewall is better than their
"industry best practices" data sharing practices.

------
jrockway
Isn't it unfair that Path gets all this press for making a mistake and
apologizing? What about all the apps that didn't make this mistake?

~~~
jopt
Sure, but on the other hand press isn't a currency system for rewarding good
work. The other apps should have a competitive advantage by not making this
mistake.

------
jfarmer
Give credit where credit is due. Zynga would never in a million years do this.
Facebook probably wouldn't, either.

Dave's message is straightforward and sincere.

~~~
Turing_Machine
Facebook actually asks for your permission before sucking up your entire
address book.

Even if that weren't the case, "better than Facebook" is a pretty low bar.
"Worse than Facebook" is way, way out of bounds.

------
lopatin
I have a question about how they store the contacts. Can't they encrypt each
of the phone numbers before they get sent to the server? This way there's no
breach of privacy and the friend suggestion feature still works for everyone.

~~~
davidcash
How would one carry out the friend suggestion feature with encrypted phone
numbers?

~~~
djb_hackernews
a cryptographic hash of a phone number on their server should match a
cryptographic hash of a phone number in a contact list on a phone. The app
sends the hash to the server, the server looks up users via the hash and
responds with user data for matches.

To be honest this should be a third party service, since it sounds like every
major social networking app is doing the same exact thing.

~~~
davidcash
In my opinion, giving out your number, along with the hash of each phone
number in your address book to an authority with millions of such hashes isn't
appreciably better than giving them in plaintext.

(Hi Dan?)

~~~
djb_hackernews
But you wouldn't give out your number. I haven't completely thought it through
but the service provider would provide an api for common platforms. All it
would do is 2-way encrypt contact numbers (SSL?). Then the service would do a
basic lookup using the encrypted data as a key. If there is a hit for this
particular platform it'll return the platform specific data (in this case,
like a path specific user id).

Of course the other side would be maintaining users in this service, which
again is pretty straight forward.

(Hi David?... I'm the OTHER DJB, probably not the one you are thinking of)

------
sambeau
So now they have admitted what they have done, is someone in the UK going to
prosecute them, I wonder?

It seems they may have broken the data protection act in more than one way.

* First, they collected personal data about UK citizens without their permission (as a 3rd party cannot give that permission),

* Secondly, personal information was kept for longer than is necessary (it should have been deleted after it was used)

* Thirdly, they allowed personal data to leave the EU.

Note that personal data includes name and address, telephone number or Email
address.

<http://en.wikipedia.org/wiki/Data_Protection_Act_1998>

~~~
mikehotel
This may be a calculated risk. Hopefully they did more due diligence, but a
quick search shows a Dec 2011 case [1] where an estate business was prosecuted
for collecting info, but was fined a small amount (< £1,000). The extenuating
circumstances were that they had already complied with the law by the time the
case was heard by the court. [1]:
[http://www.ico.gov.uk/news/latest_news/2011/estate-agent-
pro...](http://www.ico.gov.uk/news/latest_news/2011/estate-agent-prosecuted-
for-offence-under-the-data-protection-act-02122011.aspx)

~~~
sambeau
But they are still not complying. They are allowing people to opt-in on behalf
of their friends which strictly speaking is against the rules.

------
verelo
As someone who is always concerned about my own privacy and the privacy of
people who trust our company with their data, i am very pleased to see that
when things do go wrong honesty is being appreciated.

While i don't think its acceptable to ever make this kind of mistake, we
should also encourage companies to be upfront and honest about what went wrong
and what they're going to do to make things better when issues come up.

This is a positive step forward for this company and tech companies as a
whole. Having said that, maybe i would feel different however if i actually
used this app?

------
Tichy
Might be worth pointing out that presumably Path's business model is still to
collect as much data about their users as possible and sell it to advertisers.

------
curiousfiddler
"In the interest of complete transparency we want to clarify that the use of
this information is limited to improving the quality of friend suggestions
when you use the ‘Add Friends’ feature and to notify you when one of your
contacts joins Path––nothing else." Is "complete transparency" == me trusting
you just because you say so?

------
iamleppert
I don't understand how they could think it's not a terrible thing and feel
dirty for doing it just because they can. It's less about making mistakes and
more about developer greed. They could have md5'd the email addresses before
sending them or used any number of simple to implement techniques that would
still have retained the original feature. Stop telling us it was a mistake!
This was a premeditated privacy breach, 1st degree. They decided to hedge
their bets and profit from their users by blatant disregard for their own
users privacy -- the user's why they have a job and VC in the first place. In
the end all this is just going to reduce the user experience with unnecessary
confirmation dialogs and prompts because a few lousy startups couldn't keep it
in their pants. These companies do not deserve forgiveness; they deserve a
class action lawsuit.

------
mcculley
It is of course stupid that iOS doesn't sandbox and require permission of apps
to access the address book. Apple needs to fix this. But it is not enough.

I keep a lot of data about people in my address book in addition to phone
numbers and email addresses: birthdate, names of children and spouses,
residential and work postal and physical addresses, gift ideas, group
affiliations, etc.

I am happy to click "OK" if an app asks for essentially the social graph
information that I've already exposed through Twitter and Facebook. I don't
want an app to have the other data I've curated. Even if you can trust the app
vendor to not be evil, you can't guarantee they won't leak the data through
incompetence.

So while Apple really should require permission for apps to get access to the
address book, we really need a new model more sophisticated than all or
nothing.

------
ilamont
It's a step in the right direction, but doesn't clear up all of the confusion.
I can't update to 2.0.6 (it's not an option on my device, a 4th gen iPod touch
running 2.0.5). In addition, how will adding friends work going forward --
Facebook Connect, or manual searches by name?

Will hashing be implemented?

~~~
eridius
If you can run Path 2.0.5, you can run Path 2.0.6. I think you're confused
because the AppStore hasn't actually updated yet to show 2.0.6. Try again
later today.

------
yonasb
Nobody seems to be talking about the obvious issue here: they are essentially
asking us to trust them again when they tell us they have deleted everyone's
contact info from their servers. "We fucked up. But we fixed it, trust us." Am
I the only one that finds this odd?

------
_sentient
Nice to see a transparent and timely response to this issue. I get the feeling
that the startup world learned some serious lessons in crisis management after
seeing the Airbnb nightmare unfold. At the end of the day, the customers/users
are the real winners here.

------
deedorgreed
we are sorry you found out what we were doing and couldn't do much other than
apologize about it.

~~~
envex
Yeah. They should just shut down completely.

/s

------
jenius
Path is one of the most well-managed apps I have had the privilege of using to
date. Their response to this 'scandal' was as close to flawless as it gets.

Not only did they take full responsibility for what they did and apologize
instead of making excuses, they deleted all the data people were concerned
about, wrote a well-worded blog post about it that hit the top of hacker news
within a couple hours, AND pushed a fix for the issue to the app store all
within less than a day of the concern becoming public.

Path's attention to detail not only in the gorgeous design and user experience
of their app, but in the way they handle PR crises like this one only makes me
trust them more. Well done Path, well done.

------
stinger
Its very surprising that no one who was involved with the implementation of
the feature thought that they were doing something wrong.

Only when someone caught them "in a compromising position" they said sorry.

Its like Bill Belichick saying "I misinterpreted the rule" :)

------
gabaix
Path should come up with a Privacy Protection Program that commit them not to
repeat their mistake. It's too easy to do something and ask for forgiveness
later on. That would distinguish themselves from Facebook's way of doing
things.

~~~
rmc
The could set up a company in the European Union, and hence be subject to EU
Data Protection Law, which is stronger than the USA. They would then be
risking fines and court orders for things like this. It would show that they
don't think it'd happen again.

It would be a bit of an beaurocratic pain in the ass though.

------
richardlblair
Companies make mistakes. In the rush to develop great products decisions are
made rather quickly. When your intentions are pure, the fact that you might be
doing something wrong simply doesn't cross your mind.

Unfortunately, these things happen.

What you have to do now is look at how Path reacted. The second the article
exposing their mistake was published Path became very open and honest. Above
that they offered reassurance to their users, deleted the data (I never
expected that), and pushed a feature to opt-in to sharing your private data.

In my opinion they couldn't have handled this any better. For that reason, I
give Path all the trust and respect in the world.

------
gma
Call me a cinic, but suggesting that we shouldn't be concerned by saying "It
is also stored securely on our servers using industry standard firewall
technology" seems somewhat naïve. As if that means that our data was
adequately protected from prying eyes...

I'd be impressed if they'd turned round and said "We realise it looks like we
were trying to expand our business off the back of your private data, and have
therefore decided that in our next release we will stop uploading user's
contact details altogether. We'll make our social network so compelling that
it'll go viral without abusing your privacy."

------
kaichanvong
The photo of Dave Morin and the words "sincerely" felt like a bit of a
mismatch.

------
otakucode
A proper apology. Unlike what Google did with their fiasco in Kenya a few
weeks ago, the company actually did away with any benefits they derived from
the bad conduct. Google simply apologized (great because it's free) yet didn't
mention deleting all data scraped, deleting all contact information collected
for the businesses, and cancelling all orders for hosting and other such
services. I presume they must have maintained all profits generated by their
conduct. It's good to see that Path at least understand what it actually means
to be contrite.

------
yangtheman
Private social network seems almost oxymoron. To create large social network,
a company has to tap into user's vast social network and try to get the user's
friends/contacts to join in as well. And then to increase engagement or
stickiness, you have to keep reminding them to come back. Otherwise, the
social network company might not grow as fast as founders/investors would like
and also most likely affect revenue.... It's a tough place to be, really. I
don't condone their action. At the minimum, they should've gotten user's
permission first.

------
tdrgabi
How do you know they did delete the data?

Do you honestly believe they are sorry and they deleted your data just because
they said so?

I personally doubt it. It's valuable for the company and it would be foolish
(from their perspective) to delete it. Somebody has to write & test code, to
make sure that the code uploads all your contacts.

I find it hard to believe that you have access to all the data, see what is
coming in, and then discover, when you're caught that "ups, we did a mistake".
Our implementation sucked.

------
mcantelon
The thief is sorry to get caught.

------
jnorthrop
I like the apology. They are doing to right things as well by deleting all of
the existing data, but it is a lesson to all companies playing in the
business-to-consumer space: Have clear and easy-to-read privacy policies and
get explicit consent from users before you collect their data.

After reading the post, it is apparent that Path did nothing wrong except
poorly communicating their procedures and policies.

------
yaix
"""We are deeply sorry if you were uncomfortable with how our application used
your phone contacts."""

Or do they mean they are sorry you found out about it?

~~~
lt
a.k.a - the non-apology:

<http://en.wikipedia.org/wiki/Non-apology_apology>

------
thought_alarm
They really need to update their privacy policy, which is currently mostly
generic nonsense. <https://path.com/privacy>

Regardless of whether they throw up a confirmation prompt, their privacy
policy needs to clearly describe what information is scraped from your phone,
how it's used, and how long it's retained.

------
gsiener
There was a great discussion about hashing strategies as an alternative to
storing all of this contact info. Did any specific code/examples follow?

It'd be great to see a new "best practice" emerge from this discovery. If it's
easy to use, everyone building an app will just default to comparing hashes
vs. matching phone numbers.

------
steele
Perhaps I'm too cynical but as I subvocalized this, I added "now" to the end
of every sentence.

~~~
AmazingBytecode
But there are all sorts of sentences in that post that don't make sense with
"now" tacked onto the end of them, wouldn't that bother you?

------
crististm
I see a trend of pushing the envelope of what is admissible. If users don't
like it they are quick to apologize (lusers..., we'll iterate over this...)

If they do it often enough, in the end one of them will even claim they're
using the "standard industry practice"

~~~
crististm
"Standard industry practice" in the second paragraph. I can't believe it:

<http://uncrunched.com/2012/02/13/we-are-better-than-this/>

------
ChadMoran
I like the "sorry if" comment ...

~~~
soosh
Yeah, I don't consider an apology that blames ME an apology. You screwed up,
full stop. You're shirking your responsibility if you're talking about my
response to your mistake.

------
uptown
I wonder how many backups of their database still have remnants of this
contact info?

------
wmeredith
Bah, "We are deeply sorry if you were uncomfortable with how our application
used your phone contacts." Is still a non-apology. We're sorry that YOU feel
this way. Not, we're sorry that WE screwed up.

------
yabai
We are sorry.

We are guilty. We took your contacts...and no, you can't have them back.

------
switz
I was hoping to see that they would just drop the entire database, and then
implement hashing from here on out. Otherwise, the apology feels sincere and I
appreciate it.

~~~
josegonzalez
"So, as a clear signal of our commitment to your privacy, we’ve deleted the
entire collection of user uploaded contact information from our servers."

That sounds like exactly what you were hoping for.

~~~
mistermann
Except for the "and then implement hashing from here on out." part.

So, they haven't changed their implementation, they've just added the ability
to opt out of the poor implementation.

~~~
unreal37
But hashing doesn't add any protection in this case. There are a very limited
number of phone numbers in North America and so those hashes can be pre-
computed and rainbow-tabled in a short, reasonable timeframe.

~~~
mistermann
Is this true if they were salted with a very long phrase?

~~~
unreal37
But the app would need to contain the salt in order to send it to Path's
servers hashed and salted. So a hacker could decompile the app to determine
the salt.

------
fora
Im SORRY to post this but i just couldn't resist
<http://www.youtube.com/watch?v=BeP6CpUnfc0>

------
oconnore
(This will be an unpopular opinion)

The community response to this is ridiculous. Off the top of my head, I can't
think of any other company that has responded to community criticism within a
day or two with a policy reversal, a software change, and a deletion of
offending data.

Guys and gals, stop picking on Path. They are AWESOME. They deleted your data
and changed their app so it would never happen again. Try that with Facebook.

As a nerd, on some level I too lament that they didn't fix this with a
cryptographic hash and a bloom filter, but come on, as businesses go, this is
top notch.

~~~
makmanalp
So if I do something bad and then when someone finds out I reverse it, am I
instantly forgiven and innocent? And anyone with half a brain can figure out
that people would get pissed about this, which means they took the risk to do
this secretly. They did not do this accidentally.

~~~
oconnore
Occam's razor disagrees with you. It is perfectly plausible that some engineer
with little interest in cryptography/privacy implemented the most obvious
solution.

Also, yes, I typically forgive people when they reverse their actions and ask
for forgiveness. It makes for good relationships.

~~~
5teev
Forgive people, yes. Companies? Eh, plenty of other fish in the sea.

------
sheldor
A sincere apology always adds value to this world. And I guess, it's sincere,
even if there are flaws in it here and there. Just my perception ...

------
BonoboBoner
Trust - difficult to earn, easy to lose. Let us see whether their users give
them a second chance. At least they are open and honest about it.

------
elb0w
This comes to mind <http://www.youtube.com/watch?v=BeP6CpUnfc0>

------
ashbrahma
I still don't understand how someone, maybe even a friend, can allow Path to
access/store my information from his/her contact book.

------
gaving
Not bad, but could have done without the "As we continue to expand and grow we
will make some mistakes along the way." sentence.

------
code51
how do you know they actually deleted all? I'm not saying they did not, but at
some point, I expected you to say "pics or it didn't really happen" Many
people are getting emotionally attached with companies, apps etc. so that it
hinders their ability to even think about whether there is evidence or not.

------
prawn
Is anyone cataloging public apologies like this for future reference by start
ups and other online businesses?

------
betterlabs
The right thing to do. However, their 2nd paragraph should have been the one
starting with "We believe you should have control when it comes to sharing
your personal information..."

The rest of it is a repeat of yesterday and is really not necessary.

I do want to know how I can backup by Path to a S3 or Dropbox account. Does
anyone know if they support this?

------
crististm
Are you guys buying into their PR BS? They knew exactly what they were doing!

------
latchkey
I wonder if when Path 'deleted' the data, they shredded the hard disks too?

[http://www.networkworld.com/news/2011/042511-google-hard-
dri...](http://www.networkworld.com/news/2011/042511-google-hard-drive-
shredding.html)

~~~
jacquesm
That's a good point, and then there are of course back-ups to be considered.
Deleting data is surprisingly hard, but fortunately for path this is 'bulk' so
that makes it a little bit easier.

Making sure you really lose a single record is a lot more expensive because
then you have to selectively remove it from your spinning back-ups as well, in
this case you can just wipe the back-ups of the file by opening the file for
'update' and overwriting it with random data.

Tapes are a bit harder again...

------
bwarp
Sorry doesn't make it OK to start with.

------
telemekus
Dear Path, go F __K yourself. BYE.

------
shareme
I have a real IMPORTANT question...

Did you know that Path by default and always does not store android phonebook
address entries on their server?

In facts its against standard android dev practices to the point where its
prohibited by Google..

So when Path found out about that in completing the android app why did they
continue to insist that it was right on iphone to do so?

Now I would not say the Path CEO is directly lying, but it stinks pretty bad..

------
Alind
"we’ve deleted the entire collection of user uploaded contact information from
our servers. " -- I doubt it based on how he define "delete".

------
horsehead
Seems like they did the right thing. Kudos to a company that reacts
appropriately.

------
ellie42
They still didn't respond to my email that I sent >24 hours ago.

------
jsavimbi
Note to PR dicks: never include a mission statement in an apology if that very
mission statement is the reason you were hired to write an apology.

Note to app builders: never hire a PR firm to do your dirty work.

~~~
drivebyacct2
I have to say, of all the comments here (and the large volume of downvoted
ones), I don't see the problem wiht jsavimbi's comment. It does seem very
strange to say "We are all about user choice and privacy" while apologizing
for violating that credo.

------
ColdAsIce
Hahahhaahah what a fucking joke

------
natural219
I'm kind of sick of this "let's revolt against everybody using my data"
mentality. They don't persist your contact data to their server. What exactly
is it that you're afraid of?

Moreover, how on earth did you think the "Add Friends" feature worked? I'm
assuming at least some of you program software, and you should know that data
doesn't just appear out of nowhere. Do you really expect a software startup to
move every piece of data sorting & analyzing to the client side that has
potential to piss off its userbase?

I understand that it's easy to just encrypt the information, or some other X
remedy. I'm just saying there's a line between a software mistake and the
let's-grab-the-pitchforks rhetoric that inevitably stems from stories like
this.

~~~
evan_
I agree in general, but they do actually store your data on the servers.

~~~
natural219
Oh. Nevermind, then.

