Edward Aten

What kind of crazy fucked up world we live in where companies saying they are 'helping users' is acceptable excuse to steal people's personal data?

And I'm not using 'steal' hyperbolically. 

Theft is: 'the wrongful taking and carrying away of the personal goods or property of another.' Path broke into an unprotected section of my phone and stole the information there. 

What they say they are using it for is inconsequential. Its wrong. Its immoral.

It's theft.  

I figured since the same tech world that rails on Facebook for default public sharing settings are giving Path a complete pass for doing something far worse I'd add my perspective as a CEO and product designer.

I feel pretty differently than they do. Here's why:

1. People's contact info isn't just any old information it's intensely personal and private. 

The tech community is treating this situation as if Path accessing trivial, inconsequential information.

Maybe I'm in edge case but I've never lost my phone, so I have a lot of intensly personal email addresses and phone numbers stored there. Some examples

 - My ex-wife and all of her family members

 - Every girl I've dated since college

 - My personal and corporate attorneys

 - Every doctor I've had or seen for 15 years

 - My accountant and financial advisor

 - Every client I've worked with at 10+ companies

 - Influential musicians I've spent years working with who rarely give out their numbers

 - Cell phone and home phone numbers of VCs and entrepreneurs

In fact I'd be hard-pressed to find anything more personal other than the actual conversations and emails I've actually had with these people.

This situation doesn't even require a slippery slope argument: Path is already at the bottom of the hill.  

2. Path isn't taking my information to "help" me, they are taking it to help themselves.

Path's explanation that they lifted my address book to help me is incomplete - The complete thought is 'Path lifted my address book to help me use their product.' 

Thats a big distinction. Remember: Path needs me to use their service more than I need their help. 

It goes like this: Path's success depends on my adoption. My adoption depends on great content. Great content in a personal network only comes in your personal contacts. 

That's why Path is stealing my information, to help themselves.

3. Path's theft isn't Apple's fault. 

When the credit card numbers started leaking out of Sony we blamed Sony for having a penetrable database but we all knew Anonymous did the hacking. Blaming Apple for these thefts is like saying guns shoot people by themselves. Path walked up and pulled the trigger.

Even worse is Path CEO Dave Morin's response that the 'App store guidelines do not specifically discuss contact information'. (http://mclov.in/2012/02/08/path-uploads-your-entire-address-book-to-their-servers.html#comment-432202082)

They do. From the guidelines '17.1: Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used.'

Path knew what they was against guidelines and did it anyway.

4. Stealing is never a best practice.

From the same Dave Morin response, 'This is currently the industry best practice...'

First, it's clear the CEO of the company knew the practice was going on. Second, was there really no one on the product team that thought this 'best practice' was a deceitful (and potentially illegal) bad idea?

Is Silicon Valley so desensitized to 'gain users at all costs'  this clear violation of trust and ethics was rationalized in their heads?

If so, thats sad for us in the valley and should be scary to those outside.

5. What now?

48 hours later it appears the dust is settling and that Path will probably continue as if this mess didn't happen.

Thats sad.

Not sad because I want to see Path fail (quite the contrary, I think its the best designed app available) but because it allows us to miss two important things we could have done:

First, if Silicon Valley publicly and vocally condemned this type of activity it would make it seem a lot less like a 'best practice' to new developers and less experienced companies.

Second it opens us to much worse scenarios. If these types of activities continue its entirely possible for someone to do something very bad. Bad to the point that the government gets involved.

No one wants that. 

So to Path and the other developers in Silicon Valley I say: It isn't only in our best interest for you to stop stealing from us. Its in your best interest too.

 - Follow me on Twitter @edwardaten