Got a tip for us? Share it...

New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Path Reaches Settlement with FTC Over Address Book Privacy Concerns

Early last year, the popular iOS app Path came under fire for uploading users' entire address books to company servers without alerting users or asking for authorization.

The scandal resulted in Apple locking down user data in iOS 6, requiring explicit permission before apps could access a users location, contacts, calendars, photos, and reminders.

Today, the U.S. Federal Trade Commission announced that it has reached a settlement with Path. The agreement requires Path to establish a new privacy program, obtain independent privacy assessments for 20 years, and pay an $800,000 fine.
"Over the years the FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it’s mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers," said FTC Chairman Jon Leibowitz. “This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans."
The FTC alleged that Path's app was misleading and failed to offer the consumer any choice in whether his data was uploaded, and that Path violated the Children’s Online Privacy Protection Act by collecting personal information from children without getting parents' consent.

Path has posted a response to the settlement on its blog.

Top Rated Comments

(View all)

19 months ago
Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?
Rating: 10 Votes
19 months ago

This punishment is excessive, $800,000? I can think of some crimes far worse that our government has given less for....
I think it was a dumb thing to do but this will probably kill the company.

Ahhh sensationalism at its finest.


I develop software for a living.

If my boss told me to write code that uploads a user's address book to our servers, I would politely ask him to contact our legal department. If he refused or said the legal department is Ok with this, I would ask him to give me the order to write this code in writing and signed, and the written response from legal as well.

And in my company, it would be _him_ losing his job over this, not me.


Didn't Path delete their database shortly after the story broke?


Do thieves stay out of jail if the police recovers the money that was stolen?


Independent privacy assessments for 20 years and an $800k fine. Good thing we have the Government to protect us from ourselves!


Path can consider itself well-protected from itself.
Rating: 7 Votes
19 months ago

Wait, so instead of making Path delete it's database of user address books, the Feds just took $800k for themselves? Am I missing something?

No, you are not missing anything. The legal system is not about "justice" or setting things right. It is often a way for the state to enrich itself at the expense of others.

Have you heard of the phrase "Don't steal, the government hates competition"?

Governments view the mafia as their competition in areas such as extortion, racketeering and outright theft. When the government does it, it is legal.
Rating: 6 Votes
19 months ago

I develop software for a living too. This is a bit unrelated but If I had an employee tell me something like that, I'd fire them on the spot. It's not your job to play lawyer, as you said "it would be _him_ losing his job over this, not me."

I wasn't raised in the USA. Maybe that makes a difference. Where I come from, you don't keep your mouth shut when you see unethical or illegal behaviour.

Why are you so convinced this was done with malicious intent?

You sound like Nancy Grace spouting off on something with no facts or knowledge of the situation. :rolleyes:


I don't know who Nancy Grace is, but with professional developers this kind of thing doesn't happen by accident. So there was intent.
Rating: 5 Votes
19 months ago
FTC Chairman Jon Leibowitz. "This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans."

Riiiiiight...

Data mining by huge companies like Google, Apple, Facebook and others excepted of course.
Rating: 5 Votes
19 months ago
Who gets the $800k?
Rating: 5 Votes
19 months ago
Didn't research the size of this company, but $800k is a ton of cash.
Rating: 5 Votes
19 months ago

$800,000 fine.


Ouch.
Rating: 4 Votes
19 months ago
Interesting that the companies response does not say anything about the misuse of user data, but only that a computer issue let underage users sign up. Apparently, they still don't get it. Maybe a larger fine or a class action lawsuit is in order to make them see the error of their ways.
Rating: 4 Votes
19 months ago
This punishment is excessive, $800,000? I can think of some crimes far worse that our government has given less for....
I think it was a dumb thing to do but this will probably kill the company.

Very nice result. Now what we would like to know whether that idiot in their marketing department who thought stealing people's complete address book was a good idea got fired.


Ahhh sensationalism at its finest.

Didn't Path delete their database shortly after the story broke?


Yeah
Rating: 3 Votes

[ Read All Comments ]