You know what would be awesome? Some solid technology journalism. The last thing we need is another conflicted, industry mouthpiece. If this is the content they're pushing, I hope it fades into oblivion.
Technology != Consumer-Oriented Devices
Edit (before the downvotes hammer this comment into oblivion): The subject here is "tech journalism". I don't consider puff pieces about smartphones, MP3 players, your cell carrier, or anything else related to consumer-grade products to be "tech journalism".
I've pretty much stopped listening to "tech podcasts" and subscribing to "tech magazines" because of this problem. They're not delivering anything even vaguely related to technology any more. They're telling me about the latest iPhone or iPad press release, or how some cell carrier is doing something that I really could care less about. Just like I don't care about the latest digital camera, or the latest MP3 player.
I've stopped listening to "Buzz Out Loud" because of its wall-to-wall smartphone coverage. And I'm about to give up on "This Week In Tech" (along with four or five other podcasts) for the same reason.
Second, I want real technology news. I don't want to read anything about smartphones, or cameras, or tablets, or gaming / gaming consoles (my favorite magazine, Maximum PC, does waste too much space on gaming for my tastes), or MP3 players.
Bottom line is that I don't want to be "entertained" by any magazine or podcast. I want to learn something.
EDIT (belated): Always in the market for tech magazine and tech podcast recommendations if anyone has some!
If your address book data was stolen and made public because of poor practices by one of your apps, you'd be pretty upset right? PandoDaily mocking that type of situation is somewhat alarming.
However, if PandoDaily doesn't care about that type of scenario then go ahead and publish their address books. Otherwise, it's no laughing matter.
Edit: I agree with Dave's point. They wouldn't share it because no one wants this to happen. Therefore they shouldn't be mocking something that is fairly serious.
Pando's mocking of the situation with clipboard example is off the mark. User's expectations from the clipboard is to actually share data (between the applications). Yes, there's a chance that app will publish the contents of your clipboard, but I don't think many users will store sensitive data in the clipboard anyway. In other words - vulnerability of the clipboard is an acceptable trade-off, however accessibility of contacts, photos, other private data is really not.
Of course, maintaining a database of sensitive information is rife with risk, and it's completely fair for journalists to point that out. However, Path, Hipster, Instagram, etc. have no intention of leaking your data. An article reminding us to give developers the benefit-of-the-doubt in these cases is not even remotely the same thing as an article defending leaking personal data.
It's therefore disingenuous of the author to suggest that reminding people to be civil in the ways they react to these situations implies that we should all be comfortable publicly posting our personal rolodexes.
Someone else's contact information is not your IP to divulge; however, that doesn't mean we need to start a witch-hunt about it.
Uploading your address book to Path is not the same as an app locally reading the contents of your clipboard and asking if you want to use that data. It's not even in the same league.
And, loathe though I am to defend PandoDaily, the OP misses the point of their article. Uploading your address book to an app is different than posting it publicly because people trust Path their their data. If they didn't then the really shouldn't be using it in the first place.
Are you sure about this?
Has every Path user really reviewed Path's data security policies and deemed them satisfactory? Do Path users even have access to that information? And if they did, would most of them be in any position to evaluate it knowledgeably?
Or isn't it more likely that they trust Path because they don't know the full scope of what Path has access to? Blind trust is easier to extend to someone the less information you're trusting them with, after all.
Other points that you are mentioning have more to do with user's willingness to take privacy seriously. Most don't take it seriously because a) it's tedious and time-consuming b) they probably don't understand it c) it is easier to trust the company like everyone else and get onto using the app and 4) ... as long as it does not include criminal, financial, health or their telephone records, everything is pretty much a go go for a user.
Users don't care about their privacy unless it has elements of the 4 categories stated above. Users hate hassle and they have pretty much resigned from the fight for privacy mainly because they have found that the benefit of sharing things with others outweighs the willingness to be clear of a trouble that rarely every shows up in their conscience anyway .... think about it ... when was the last time a major security breach occurred that compromised so many millions and devastated so many thousands that it has left a blip or a bad mark on users conscience.
We maybe very techi ... but average users are far more occupied with other concerns. So blind trust plays a strong role for them.
I'm not saying Path is right for what they did, but neither do I think it's the same as publishing everything where identity thieves can get at it. Such black & white thinking is of little use in creating policy.
You should have read them. All those people who got stung by Adjustable Rate Mortgages? Didn't read the terms either.
Now imagine that an app has terms that are a bit like Adjustable Rate Mortgages.
This really is a false comparison. Accessing an address book for the app's use only and accessing the address book for public publishing are so far apart it's ridiculous. Security policies don't mean anything. If data is stored digitally there will always be a way to compromise its security no matter how much encryption, SSL, etc. you use. Security, especially on the web is a total misnomer. All you can really do is make it inconvenient to access.
Trusting a company isn't about their data privacy and security policies. It's about their brand to a large degree. Their track record and other peoples' experiences with the app. I'm in the camp that understands these policies and what they mean but thats not the reason I trust the company behind an app. I trust Google with my docs because they have a good track record. Facebook I trust as a necessary evil. Scratch that, I don't trust Facebook but I use it anyway because I'm banking on the odds. I think that's what it boils down to for most average folks. If the odds are that they'll have no trouble then that's a risk they're willing to take. If there's a breach of security and a bunch of people have their data exposed (but I'm not affected) well that makes me think twice not because of the breach itself but because of all the pile-on press coverage.
I'm one who firmly believes that people don't make their own minds up about this stuff. The average person's view of this whole app uploading address books thing is based purely in whichever side of the manufactured debate is the loudest and seemingly most expert-y. After watching how people use the web, their computers, and their smartphones for some time now I've become really cynical when it comes to this stuff. People don't seem to care until someone writes a blog post that tells them they should care.
But that's the point, isn't it? They shouldn't have to care! People shouldn't have to be security experts to use a phone. The phone should protect them by default and make them have to jump through hoops to waive that protection, rather than the other way around.
Putting yourself in a situation where you are very likely to get mugged would be better comparison. Winer is being mild in his challenge.
So yeah, I agree it's not in the same league, but not in the way you mean.
When you upload to an app, the makers of that app have access to your data. Don't get me wrong- that's a bad thing. But if you upload your data publicly, anyone in the world has access to your data. Drastically different.
No way they are running their operation on the cheap and don't have their servers secured against intrusion.
No way they can be inexperienced developers and build an API that leaks information to improperly authenticated requests.
No way they can have a disgruntled employee throw a torrent of it all up when he gets fired.
No way they can get bought by someone with fewer scruples and hand your data over to them as part of the acquisition.
But they aren't really relevant to the parent comment's point, which is that, even with these (potential) holes giving your address book to Path is fundamentally different than posting it publicly. In one instance, your data is public, immediately and unconditionally. In the other, there is potential for abuse that could result in your data becoming public if an arguably unlikely sequence of events were to occur.
So it doesn't make any sense at all for Winer to be challenging PD to engage in a behavior that is simply not analogous to the issue at hand. All that Winer's post does is distort the issue, intentionally or not, and distract from the important debate/conversation that Path's policies initiated. I honestly don't see how that's helpful at all.
[UPDATED: Minor correct for clearer syntax]
I once did a deal with a software publisher that required me to turn over the source code.
One day I came into the office and found a disk clearly labeled as the source for my product, on the receptionists desk.
That was pretty close to public, and I remember that every time I let something sensitive out of my control.
Also every few months I have to change my credit card number because a charge appears that I didn't make. Luckily the credit card companies have developed good algorithms for detecting these. Now you might assume that every company that you give your CC to is being careful not to make it public, but if you believe that, you aren't reading the news.
I think the same applies to apps. There is a sensible middle ground in there somewhere, and the new permission request alerts from Apple will go a long way to helping with that. But no, never any guarantees about anything.
Either way, TC was/is lame. PandoDaily is too.
Companies I trust don't break the law and violate my privacy. Contract, especially unwritten "social" contracts don't override the law.
In my opinion, it would have to take a data breach of the likes of katrina, tsunami 2004 and BP oil spill all within a few weeks for users to get hammered with the point that they should be more concerned about what is happening with their data.
Having said that, there will always be a small group who would be up in arms about the simple act of stealing whether a negative consequence follows or not. And kudos to them for they are doing a service to us all by keeping an eye on these companies.
The point that I am trying to get across is that the history of the web along with the time consuming nature of reading huge agreements has led to users entering into social contracts of trust with these companies. They could care less about how much you try to alert them. Companies can continue to take one action after another to alert the users of all that the things company will do and the user will merely see that has an obstacle to get to the app and therefore will simply accept/agree robotically and move on. Why?
Users behave in herd mentality, respond to only the most imminent of threats or fear of extremely dire potential consequences. If they see everyone else doing something they will do it too, even if that means you get them to agree to very stiff contracts. They will simply accept it as a way of life and move on.
When creating privacy policies, companies play this balancing act. What to constantly alert a user about, how many of them will actually care, we as a company know that all their data will be protected and not used criminally anyway?
Whatever path, facebook, twitter and others do with our data is irrelevant to most users so long as most of their trusted circles are doing it too. It just isn't a big issue for them as they maneuver around other pressing issues in their lives. Kudos to those few who have made it a big issue and have kept these companies at their toes. Their effort is worth commending and appreciating, and not mocking as has been done by others.
How many pointless arguments take this form? He should articulate why he considers the situations comparable, so the Pando people have something to disagree with.
Their point is that we are being silly for caring where our personal data goes.
If we're being silly, here's an easy way to prove it. Show us how careless you are with your own personal data.
If there's a limit, something you won't do to show how casual you are about it, then we found something that we agree on.
My belief is they haven't thought it through, and are just being cute for the sake of being cute, about something that is very serious.
Actually trying to help them find a good place. Because where they are now, is not good.
Of course imho and ymmv.
What I find scary sometimes is if you make challenges like you did to Pando you are assuming they even have the same sense of care and responsibility about their data as you or an average person would.
This reminds me of someone who runs an amusement ride and says "I let my kids ride that ride" as if that is to imply ultimate safety. It doesn't. To wit: There was a story or two recently about parents who let their teenage daughters sail around the world solo. I don't think most parents would do that.
Also, call a spade a spade. If you want to issue them a challenge, ask them to download the Facebook app or the Path app or any of the other infringing apps. But they already have. They have already done the thing they're being accused of being uncomfortable with.
How sharing information from your iPhone with a company and publishing it online for the world to see are equivalent, I can't fathom.
The only reason I could come up with is that on the phone we have apps that actually use that data, social networks of various fashions, while on our computers we mostly use apps to do stuff and social networks stay in the browser.
Should we be asking OS vendors to add those checks to our computers too?
Now the platform owners (Apple, Tootle, Microsoft, etc) must respond to keep the promise they've made, whether stated or implied, or eventually users will rebel. But until the response or rebellion happens, how much damage will be done?
The platforms will adapt, and users will eventually upgrade or move to competitors, but it will take months or years.
He's the guy who practically invented blogging.