Question: How sensitive is the content of your mobile phone address book?  Would you be happy for your data to be taken without your consent?

This is precisely what has been happening to users of Path -- the Smart Journal launched November 2010

Developer Arun Thampi recently discovered that when he setup a new account with Path the app took the contents of his mobile address book and uploaded the data to the Path servers, without his consent.  The data included names, email addresses and phone numbers.

We are all familiar with this concept on Social Networking sites.  They store our address book and look for, and suggest, new connections.  The key here however is that we give permission or have to actively take steps to achieve it.

The major failing from Path is simply that it is done without your consent.  Their Terms & Conditions do not mention the upload process either.

In a communication with Mr Thampi, Dave Morin, Co-Founder and CEO of Path, has admitted that they do indeed take a copy of the address book data and say this is "an industry standard practise".  Perhaps, but everyone else asks first!

An update to Path is making its way to the iPhone, and one is already available for Android, which will allow you to opt out of uploading.  What about those who have already had their data copied?   Apparently if you email you can request all your data is removed.

My next email is to cancel my account and ask them to confirm my address book is removed.


UPDATE:  Today (8 February), Path have issued an apology.  They have also confirmed they have removed all address book data from their servers and users must now opt-in if they wish to upload their address book.

site by DAJ