MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,042
14,798



path_address_book.jpg
Early last year, the popular iOS app Path came under fire for uploading users' entire address books to company servers without alerting users or asking for authorization.

The scandal resulted in Apple locking down user data in iOS 6, requiring explicit permission before apps could access a users location, contacts, calendars, photos, and reminders.

Today, the U.S. Federal Trade Commission announced that it has reached a settlement with Path. The agreement requires Path to establish a new privacy program, obtain independent privacy assessments for 20 years, and pay an $800,000 fine.
"Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it's mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers," said FTC Chairman Jon Leibowitz. "This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans."
The FTC alleged that Path's app was misleading and failed to offer the consumer any choice in whether his data was uploaded, and that Path violated the Children's Online Privacy Protection Act by collecting personal information from children without getting parents' consent.

Path has posted a response to the settlement on its blog.

Article Link: Path Reaches Settlement with FTC Over Address Book Privacy Concerns
 

gnasher729

Suspended
Nov 25, 2005
17,980
5,550
Very nice result. Now what we would like to know whether that idiot in their marketing department who thought stealing people's complete address book was a good idea got fired.
 
Comment

bacaramac

macrumors 65816
Dec 29, 2007
1,419
82
Didn't research the size of this company, but $800k is a ton of cash.
 
Comment

GoldenJoe

macrumors 6502
Apr 26, 2011
368
163
Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?
 
Comment

Sayer

macrumors 6502a
Jan 4, 2002
981
0
Austin, TX
Independent privacy assessments for 20 years and an $800k fine. Good thing we have the Government to protect us from ourselves!
 
Comment

mw360

macrumors 68000
Aug 15, 2010
1,777
1,921
Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

Didn't Path delete their database shortly after the story broke?
 
Comment

macsrcool1234

Suspended
Oct 7, 2010
1,551
2,130
This punishment is excessive, $800,000? I can think of some crimes far worse that our government has given less for....
I think it was a dumb thing to do but this will probably kill the company.

Very nice result. Now what we would like to know whether that idiot in their marketing department who thought stealing people's complete address book was a good idea got fired.

Ahhh sensationalism at its finest.

Didn't Path delete their database shortly after the story broke?

Yeah
 
Comment

aristotle

macrumors 68000
Mar 13, 2007
1,768
5
Canada
Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?
No, you are not missing anything. The legal system is not about "justice" or setting things right. It is often a way for the state to enrich itself at the expense of others.

Have you heard of the phrase "Don't steal, the government hates competition"?

Governments view the mafia as their competition in areas such as extortion, racketeering and outright theft. When the government does it, it is legal.
 
Comment

gnasher729

Suspended
Nov 25, 2005
17,980
5,550
This punishment is excessive, $800,000? I can think of some crimes far worse that our government has given less for....
I think it was a dumb thing to do but this will probably kill the company.

Ahhh sensationalism at its finest.

I develop software for a living.

If my boss told me to write code that uploads a user's address book to our servers, I would politely ask him to contact our legal department. If he refused or said the legal department is Ok with this, I would ask him to give me the order to write this code in writing and signed, and the written response from legal as well.

And in my company, it would be _him_ losing his job over this, not me.


Didn't Path delete their database shortly after the story broke?

Do thieves stay out of jail if the police recovers the money that was stolen?


Independent privacy assessments for 20 years and an $800k fine. Good thing we have the Government to protect us from ourselves!

Path can consider itself well-protected from itself.
 
Comment

Slow Programmer

macrumors regular
Jun 25, 2011
162
35
Interesting that the companies response does not say anything about the misuse of user data, but only that a computer issue let underage users sign up. Apparently, they still don't get it. Maybe a larger fine or a class action lawsuit is in order to make them see the error of their ways.
 
Comment

SmileyBlast!

macrumors 6502a
Mar 1, 2011
654
43
People were hoping to profit somehow from all of that contact info.
I think the fine is meant to show Path and other Mobile developers that you have to pay a heavy fine for helping yourself to this data without asking permission and havinga EULA.
 
Comment

macsrcool1234

Suspended
Oct 7, 2010
1,551
2,130
I develop software for a living.

If my boss told me to write code that uploads a user's address book to our servers, I would politely ask him to contact our legal department. If he refused or said the legal department is Ok with this, I would ask him to give me the order to write this code in writing and signed, and the written response from legal as well.

And in my company, it would be _him_ losing his job over this, not me.

I develop software for a living too. This is a bit unrelated but If I had an employee tell me something like that, I'd fire them on the spot. It's not your job to play lawyer, as you said "it would be _him_ losing his job over this, not me."

Do thieves stay out of jail if the police recovers the money that was stolen?
Path can consider itself well-protected from itself.

Why are you so convinced this was done with malicious intent?

You sound like Nancy Grace spouting off on something with no facts or knowledge of the situation. :rolleyes:
 
Comment

iphone495

macrumors member
Sep 13, 2012
86
0
[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]


Early last year, the popular iOS app Path came under fire for uploading users' entire address books to company servers without alerting users or asking for authorization.

The scandal resulted in Apple locking down user data in iOS 6, requiring explicit permission before apps could access a users location, contacts, calendars, photos, and reminders.

Today, the U.S. Federal Trade Commission announced that it has reached a settlement with Path. The agreement requires Path to establish a new privacy program, obtain independent privacy assessments for 20 years, and pay an $800,000 fine.
The FTC alleged that Path's app was misleading and failed to offer the consumer any choice in whether his data was uploaded, and that Path violated the Children's Online Privacy Protection Act by collecting personal information from children without getting parents' consent.

Path has posted a response to the settlement on its blog.

Article Link: Path Reaches Settlement with FTC Over Address Book Privacy Concerns

"$800,000 fine"? Does the users get part of that?
 
Comment

Me1000

macrumors 68000
Jul 15, 2006
1,794
4
I'm really disappointed by the quality of the reporting here.
The $800K fine was for allowing 12 year olds the create accounts (a bug which was fixed long before the FTC got involved), but the entire post makes it sound like it's all about addressbook gate.

The FTC conducted an investigation because of the address book scandal, but the $800K had nothing to do with that.
 
Comment

writingdevil

macrumors 6502
Feb 11, 2010
254
32
I develop software for a living too. This is a bit unrelated but If I had an employee tell me something like that, I'd fire them on the spot. It's not your job to play lawyer..."


And they'd be lucky to be fired before you dragged them into your web. In your kind of thinking, whistle blowers should be fired before they get in the way of your goals. Path is NOT naive if you study their background and level of expertise. It is possible that your approach might be naive rather than malicious.
 
Comment

orangebluedevil

macrumors 6502
Jun 28, 2010
323
17
Path's response is embarrassing

Their response is a total straw man about the children under the age of 13. It doesn't ONCE mention automatically uploading mycontacts to their servers.


EDIT: Apparently, it's Macrumors that should embarrassed, this entire story makes it sound like the problem was the contacts, when in actuality, the FTC fined them only because of underage accounts.
 
Comment

manu chao

macrumors 604
Jul 30, 2003
7,168
2,992
Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?
Since government spending is controlled by a budget that is passed by parliament, any extra income should go towards paying back the debt.

----------

Their response is a total straw man about the children under the age of 13. It doesn't ONCE mention automatically uploading mycontacts to their servers.


EDIT: Apparently, it's Macrumors that should embarrassed, this entire story makes it sound like the problem was the contacts, when in actuality, the FTC fined them only because of underage accounts.

Yes, but what Path did with these underage accounts (ie, uploading the address book) likely influenced the size of the fine.
 
Comment

Me1000

macrumors 68000
Jul 15, 2006
1,794
4
Yes, but what Path did with these underage accounts (ie, uploading the address book) likely influenced the size of the fine.

That's entirely unsupported speculation. You don't even know that at the time 12 year olds were allowed to sign up, addressbooks were being uploaded. Path 1.0 and 2.0 are vastly different products.
 
Comment

macsrcool1234

Suspended
Oct 7, 2010
1,551
2,130
And they'd be lucky to be fired before you dragged them into your web. In your kind of thinking, whistle blowers should be fired before they get in the way of your goals.

This makes no sense. You have no idea what you're saying.

Path is NOT naive if you study their background and level of expertise. It is possible that your approach might be naive rather than malicious.


How about enlightening us, Nancy Grace?
 
Comment

BiigBiscuit

macrumors member
Aug 23, 2011
68
0
I develop software for a living.

If my boss told me to write code that uploads a user's address book to our servers, I would politely ask him to contact our legal department. If he refused or said the legal department is Ok with this, I would ask him to give me the order to write this code in writing and signed, and the written response from legal as well.

And in my company, it would be _him_ losing his job over this, not me.

I would think that he'd fire you first.




Do thieves stay out of jail if the police recovers the money that was stolen?

I think you mean: "Do thieves stay out of jail if they return the money that was stolen?"
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.