A few days ago, Path were discovered to be uploading the entire addressbooks of users of their iPhone App to their servers for processing when they used it, without asking them, or offering opt-out options.
As you'd expect, Twitter went totally apeshit - earning trust with online is incredibly difficult, and losing so much goodwill like this can be fatal if you're building a social network that trades on being an intimate trusted service.
This morning, I came across this tweet from @philhawksmoor, that suggests Path may have been able to recover from this epic SNAFU.
Following the link takes you to this apologetic blog post from the CEO - I've edited it somewhat, to show the general gist.
We are sorry.
We made a mistake. Over the last couple of days users brought to light an issue concerning how we handle your personal information on Path, specifically the transmission and storage of your phone contacts.
… (edited for brevity)
We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path.
In Path 2.0.6, released to the App Store today, you are prompted to opt in or out of sharing your phone’s contacts with our servers in order to find your friends and family on Path. If you accept and later decide you would like to revoke this access, please send an email to email@example.com and we will promptly see to it that your contact information is removed.
I'm not a Path user, but I am impressed by how they handled this situation, and bizarrely, I'm now more likely to use the service than when I first heard about Path, if this is how they handle screwups as company.
Why did it work?
When looking for lessons to learn from this, I'd say it came down to these factors:
- they were quick to respond and clear that they understand why people were upset
- they showed what they were doing to make it better
- they offered somewhere to continue a conversation
- they actually apologised - so important, but often overlooked
- they used a personal tone, not just a faceless corporate voice in their copy
Worth bearing in mind next time some spectacular privacy fail on the web occurs with some incredibly sensitive data, which based on Dustin Curtis recent blog post, is probably coming soon - Path are far from unique in uploading people's addressbooks like this.