Path Reaches Settlement with FTC Over Address Book Privacy Concerns

[MacRumors]

Early last year, the popular iOS app Path came under fire for uploading users' entire address books to company servers without alerting users or asking for authorization.

The scandal resulted in Apple locking down user data in iOS 6, requiring explicit permission before apps could access a users location, contacts, calendars, photos, and reminders.

Today, the U.S. Federal Trade Commission announced that it has reached a settlement with Path. The agreement requires Path to establish a new privacy program, obtain independent privacy assessments for 20 years, and pay an $800,000 fine.

Quote:

"Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it's mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers," said FTC Chairman Jon Leibowitz. "This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans."

The FTC alleged that Path's app was misleading and failed to offer the consumer any choice in whether his data was uploaded, and that Path violated the Children's Online Privacy Protection Act by collecting personal information from children without getting parents' consent.

Path has posted a response to the settlement on its blog.

Article Link: Path Reaches Settlement with FTC Over Address Book Privacy Concerns

[designaholic]

Quote:

Originally Posted by MacRumors

$800,000 fine.

Ouch.

[gnasher729]

Very nice result. Now what we would like to know whether that idiot in their marketing department who thought stealing people's complete address book was a good idea got fired.

[bacaramac]

Didn't research the size of this company, but $800k is a ton of cash.

[GoldenJoe]

Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

[Sayer]

Independent privacy assessments for 20 years and an $800k fine. Good thing we have the Government to protect us from ourselves!

[Verbatim Cookie]

Quote:

Originally Posted by Sayer

Independent privacy assessments for 20 years and an $800k fine. Good thing we have the Government to protect us from ourselves!

Are you implying that the users who had their contacts uploaded and/or the kids younger than 13 who signed up are to blame?

[1Alec1]

Quote:

Originally Posted by Sayer

Independent privacy assessments for 20 years and an $800k fine. Good thing we have the Government to protect us from ourselves!

Read this, read the signature, looked at the avatar... Either it's Alex Jones or one of his followers.

----------

Quote:

Originally Posted by Puevlo

The whole company should be thrown in jail for 20 years. What they did was worse than murder.

First of all, if what they did was worse than murder, they should be killed. But how is this worse than murder?

----------

"Early last year, the popular iOS app Path came under fire for uploading users' entire address books to company servers without alerting users or asking for authorization."

Once I read that, woah. I'm not so worried about my privacy but about all the people in my address book whose email addresses would probably be given out if I downloaded this retarded app.

But why am I the first to ask HOW Apple didn't notice this in the app review? Someone wasn't doing his job right.

----------

Quote:

Originally Posted by sebimeyer

FTC Chairman Jon Leibowitz. "This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans."

Riiiiiight...

Data mining by huge companies like Google, Apple, Facebook and others excepted of course.

Google, Apple, and Facebook actually tell the users that what data they are taking, and it's anonymous. I've already gotten into this dumb argument with someone else, so I'll just end it before it starts: Your ISP knows every URL you've ever visited, every IP address you've ever connected to. Forget about Google.

----------

Quote:

Originally Posted by mrsir2009

800K in my opinion is too much. It’d probably kill the company, which would be bad for everyone.

I think it's a service to everyone to kill dirtbag companies like these. They're everywhere. According to a user above, Path also spams their users. It's like Babylon Search, the company whose products are classified as malware by some. Search "Babylon Search", and you'll only get instructions on how to delete it and a Wikipedia article. Also Bonzi Buddy. Path is spyware like Bonzi Buddy.

----------

Quote:

Originally Posted by Verbatim Cookie

Are you implying that the users who had their contacts uploaded and/or the kids younger than 13 who signed up are to blame?

Who knows. He's a conspiracy theorist. For all you know, he might think Coca Cola and Pepsi are the same company.

[mw360]

Quote:

Originally Posted by GoldenJoe

Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

Didn't Path delete their database shortly after the story broke?

[macsrcool1234]

This punishment is excessive, $800,000? I can think of some crimes far worse that our government has given less for....
I think it was a dumb thing to do but this will probably kill the company.

Quote:

Originally Posted by gnasher729

Very nice result. Now what we would like to know whether that idiot in their marketing department who thought stealing people's complete address book was a good idea got fired.

Ahhh sensationalism at its finest.

Quote:

Originally Posted by mw360

Didn't Path delete their database shortly after the story broke?

Yeah

[aristotle]

Quote:

Originally Posted by GoldenJoe

Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

No, you are not missing anything. The legal system is not about "justice" or setting things right. It is often a way for the state to enrich itself at the expense of others.

Have you heard of the phrase "Don't steal, the government hates competition"?

Governments view the mafia as their competition in areas such as extortion, racketeering and outright theft. When the government does it, it is legal.

[notabadname]

Quote:

Originally Posted by aristotle

No, you are not missing anything. The legal system is not about "justice" or setting things right. It is often a way for the state to enrich itself at the expense of others.

Have you heard of the phrase "Don't steal, the government hates competition"?

Governments view the mafia as their competition in areas such as extortion, racketeering and outright theft. When the government does it, it is legal.

Yawn

[manu chao]

Quote:

Originally Posted by GoldenJoe

Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

Since government spending is controlled by a budget that is passed by parliament, any extra income should go towards paying back the debt.

----------

Quote:

Originally Posted by orangebluedevil

Their response is a total straw man about the children under the age of 13. It doesn't ONCE mention automatically uploading mycontacts to their servers.


EDIT: Apparently, it's Macrumors that should embarrassed, this entire story makes it sound like the problem was the contacts, when in actuality, the FTC fined them only because of underage accounts.

Yes, but what Path did with these underage accounts (ie, uploading the address book) likely influenced the size of the fine.

[Me1000]

Quote:

Originally Posted by manu chao

Yes, but what Path did with these underage accounts (ie, uploading the address book) likely influenced the size of the fine.

That's entirely unsupported speculation. You don't even know that at the time 12 year olds were allowed to sign up, addressbooks were being uploaded. Path 1.0 and 2.0 are vastly different products.

[jonnysods]

Who gets the $800k?

[iphone495]

Quote:

Originally Posted by MacRumors

Image

Image

Early last year, the popular iOS app Path came under fire for uploading users' entire address books to company servers without alerting users or asking for authorization.

The scandal resulted in Apple locking down user data in iOS 6, requiring explicit permission before apps could access a users location, contacts, calendars, photos, and reminders.

Today, the U.S. Federal Trade Commission announced that it has reached a settlement with Path. The agreement requires Path to establish a new privacy program, obtain independent privacy assessments for 20 years, and pay an $800,000 fine.
The FTC alleged that Path's app was misleading and failed to offer the consumer any choice in whether his data was uploaded, and that Path violated the Children's Online Privacy Protection Act by collecting personal information from children without getting parents' consent.

Path has posted a response to the settlement on its blog.

Article Link: Path Reaches Settlement with FTC Over Address Book Privacy Concerns

"$800,000 fine"? Does the users get part of that?

[iGrip]

It sounds like these scumbags got what they deserved. 20 years of supervision? Youch!

[threesixty360]

They needed the address book data to work out who to connect you with.
Apple never had an API that asked for access to that data and as far I remember, tons of developers were doing the same thing Path were doing.

Its just that Path got caught, maybe because they were slightly more famous than everyone else at that time.

I dont think they were being malicious at all but I think the potential to be was too great. Any company that accesses your data, be it google, path or FB has to have even higher standards of security and transparency than normal. It's the nature of the business.

And if any of those firms thinks its ok to disregard this they must understand that it only takes 1 really bad incident in any industry to turn everyone off the whole thing. Just like airlines or car companies, social data companies need to be self policing to keep that business alive.

[mabaker]

Why is that this story is receiving so much coverage and when Google was fined the BIGGEST amount of money in FTC's history all news outlets were like crickets? I see this as a proof of Google's monopolistic and complacent attitudes. Path's developers are being torn to shreds while Google is collecting all the money back to their bank accounts while spying on users.