Path CEO Dave Morin: Mea Culpa

Path CEO Dave Morin: Mea Culpa

Summary: Bowing to the mounting pressure, Path CEO Dave Morin apologized today for uploading iOS user's Address Books to its servers without permission. But, is it enough?

Path CEO Dave Morin: Mea CulpaFinally. Bowing to the enormous pressure of an Internet scorned, Path CEO Dave Morin posted an apology to its users today on the Path blog. Path's PR agency sent the following email to me at around 3:00pm ET time after I emailed Morin last night for comment about Pathgate:
We are sorry. We made a mistake. Over the last couple of days users brought to light an issue concerning how we handle your personal information on Path, specifically the transmission and storage of your phone contacts. As our mission is to build the world’s first personal network, a trusted place for you to journal and share life with close friends and family, we take the storage and transmission of your personal information very very seriously. Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts. In the interest of complete transparency we want to clarify that the use of this information is limited to improving the quality of friend suggestions when you use the 'Add Friends' feature and to notify you when one of your contacts joins Path––nothing else. We always transmit this and any other information you share on Path to our servers over an encrypted connection. It is also stored securely on our servers using industry standard firewall technology. We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we've deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path. In Path 2.0.6, released to the App Store today, you are prompted to opt in or out of sharing your phone's contacts with our servers in order to find your friends and family on Path. If you accept and later decide you would like to revoke this access, please send an email to and we will promptly see to it that your contact information are removed. We care deeply about your privacy and about creating a trusted place for you to share life with your close friends and family. As we continue to expand and grow we will make some mistakes along the way. We commit to you that we will continue to be transparent and always serve you first, our users. We hope this update clears up any confusion. You can find Path 2.0.6 in the App Store here:
Needless to say, I've already emailed my opt-out request to The Twitterverse seems pretty equally divided on the topic: So, is it enough? I'd love to hear from other Path users on Morin's response. Will you continue to use the service? Follow me on Twitter for early access to my posts. Tweet me with the hashtag #ZDNET if you'd like to be considered for inclusion in a post.

Topic: CXO

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Path CEO Dave Morin: Mea Culpa

    Luckily I use WP7 ;-) What is telling is the use of a PR firm. Doesn't anyone just put out an apology anymore wthout spinning it?
    • RE: Path CEO Dave Morin: Mea Culpa

      What does your using WP7 have to do with article, yeah I know nothing.
      You chose to add something unrelated to article, any remaining remarks are null/void.
  • RE: Path CEO Dave Morin: Mea Culpa

    This is a direct quotation from the Path Statement of Values:<br>"Private<br><br>Path should be private by default. Forever. You should always be in control of your information and experience."<br><br>And this quotation is from Path's Privacy Policy:<br>"At Path, we respect and value our users' right to privacy. We want you to feel safe and secure as you share your life with the people you love. You can read more about our Privacy Policy. If you have any questions or concerns about your privacy, please feel free to contact us."<br><br>Mere words, it would seem . . . and certainly not Values inculcated into the behaviour of staff in the organisation.
  • Return the favor by trashing their app store rating

    They have just released a new version to the app store, so now is the PERFECT time to trash their rating with a one-star review on your way out the door!

    As of this writing there are only nine reviews for it, so yours will weigh heavily. And the current-version rating is what the app store displays first, so it will hurt them for a good long while.
    • RE: Path CEO Dave Morin: Mea Culpa


      Too bad we can't give negative stars.
  • So, we're just supposed to trust them now?

    A) I don't trust that they actually deleted ALL the data. Can they prove it?
    B) I don't believe that they've actually learned their lesson? Perhaps more importantly, if they were that naive (and that's a polite word for it) to think that stealing everyone's address book's -- without telling anyone! -- was somehow acceptable, then perhaps they have a deeper, more fundamental failing that suggests they don't deserve any more chances.
    C) What about the people whose contact info was in the address books that they stole? Path is apologizing to the Path users, but what about the rights of the people who would never have given permission to have their info uploaded? I have all sorts of people in my address book that are deathly afraid of having their info "in the wild", so I'd never knowingly release it to anyone. (And since I didn't use Path, I don't have much fear that it's gone anywhere.) But Path owes an explanation to all the people whose personal contact info ended up in their systems against their wishes.

    I'm no privacy zealot, but this is sooooo not cool. They totally don't deserve a "pass" on this, apology or not. People like those at Path give legitimate social networks and developers a bad reputation.
  • RE: Path CEO Dave Morin: Mea Culpa

    And then there are the various "free floating" copies of this AB data on developer hard drives and flash drives that DIDN'T get deleted.

    I am sure no one cares about 'my' contact list - anonymity has it's privileges - but it is a bit disturbing info so close to home is made accessible like this without my knowledge or approval. Cloud computing has yet to convince me it's safe.
  • RE: Path CEO Dave Morin: Mea Culpa

    If I opt-in (stupid me) and then opt-out (smart me) I have to remember to contact them via email to have MY personal information removed from their servers! And how deep does the removal go? Does it include backups, copies of databases, etc? If any of my personal information makes it to the web I always assume that it can and will always exist somewhere and can never be removed. A company like this needs to be put out of business by loosing all of their customers.
  • RE: Path CEO Dave Morin: Mea Culpa

    I still don't think they get it... I should be able to choose what ABcontacts I am interested in sharing with them, not the whole 15,000. I might have 100 contacts that I would be interested in knowing when they activate. As far as their claims for security we all know there is no such thing...