In the aftermath of Path’s well-publicized privacy issues, many people began looking at how other applications were using address book data. The goal was of course two-fold. On the one hand, researchers wanted to be able to determine which apps were taking data unprompted. On the other hand, some researchers jumped the gun and made false accusations to get their name out there. Normally, blogs would investigate the matter on their own and verify the results. This did not happen.
Specifically, Cult of Mac didn’t verify data it reported as fact for a report they published about Hipster, the mobile photo sharing application. Instead of verifying it, they immediately published the report and stated that Hipster was “doing the same thing as Path”. This turns out to be false.
I spoke with Hipster CEO Doug Ludlow today, and he told me what the truth of the matter is. He made it clear that Hipster does not store the data from address books on their servers. While address book data is sent to Hipster’s servers, it is not stored. (Of course, it would be impossible for Cult of Mac to know this, but they could have asked.) Rather, Hipster temporarily uploads the data and then checks it against the existing user base. Once this check is done, the address book is erased and the suggested user list is returned to the user. Ludlow says that it would be great if they could ‘nuke’ the data like Path, but since they don’t store it, they can’t.
The one problem Hipster runs into, though, is how it deals with sending the data. Hipster allows users to look for friends on the network via Facebook, Twitter, and, yes, with the address book. It provides options to enable these choices, and the address book option is set to ‘on’ by default. Ludlow explained to me that this was not done out of a desire to grab data quickly, and recant when caught. Rather, Ludlow said, “Don’t attribute to malice what should be attributed to incompetence”.
Of course, many users won’t agree with this assertion, and will instead see this as another startup misappropriating data. Ludlow wants to negate these feelings, and spelled out what steps they will take to remedy the issue. First, they’ve sent an update to the App Store changing the default for the address book (should be available by Friday). Next, they will lay out the details of all future app changes and fully explain the privacy implications. Finally, the Hipster iPhone app will now fully explain what the application is doing with user data – a feature already present in the Hipster Android app.
What this really shows us is that not all applications are created equally. Data transmissions can be confusing with the full story, and not all startups are stealing the data of users without their consent. Sometimes, mistakes are made, and simple design decisions can be mistaken for evil. Keep this in mind as more startups announce that they will be changing how they use user data, and as more accusations start to fly.
[...] Hipster [...]
- spam
- offensive
- disagree
- off topic
Like[...] Hipster [...]
- spam
- offensive
- disagree
- off topic
LikeKik Messenger and other apps have been doing this for years, how else can they build a social graph? We app developers can move toward an opt-in stance, but unless the OS vendors lock down the address book access at the user level, this behavior will continue.
- spam
- offensive
- disagree
- off topic
Like@Pallab - "You are way too soft on Hipster" <-- Nailed it -- As does Pete So Pando, why so soft? Are the Hipsters friends of yours?
- spam
- offensive
- disagree
- off topic
Like[...] gehörten zu den ersten, die ebenfalls den heimlichen Blick auf die Smartphone-Kontakte der Nutzer eingestanden – mit dem feinen Unterschied, dass die Daten zwar abgeglichen, aber nicht auf den eigenen [...]
- spam
- offensive
- disagree
- off topic
LikeSorry officer, I wasn't stealing that car, I was just misappropriating it. I wasn't going to keep it permanently. Also, if anyone uploaded a movie without permission, they'd be looking at time in jail. http://entertainment.msnbc.msn.com/_news/2011/12/20/9581045-man-jailed-for-year-for-pirating-wolverine-movie
- spam
- offensive
- disagree
- off topic
LikeYou are way too soft on Hipster. In a way Hipster is worse than Path as it is sending the data as plaintext. And then, there is simply no excuse for not asking permission before uploading their data. Don't tell me they didn't know better. Last year Facebook app for Android was slammed for not making it clear that syncing contacts will upload and store phone numbers on facebook's servers.
- spam
- offensive
- disagree
- off topic
Likea social network for people who had hip replacement surgery?
- spam
- offensive
- disagree
- off topic
LikeUploading the entire address book is different from uploading and storing it, however doing either without informing users is still a serious violation of privacy expectations. Startups often cross the line like this knowing they can claim incompetence and apologize later. I can't say I blame them - that's what scrappy businesses do and getting users is hard - and you can always "reform" later - shoot first, ask questions later - blah blah. It is what it is though - Hipster doesn't deserve to take the high road on this one. (And while phoning the CEO is certainly a step further down the road to investigative journalism, it's hardly verification. Next conversation could be about how he forgot to ask his CTO, or how he misunderstand, and in fact they are storing data. So sorry. Incompetence ya know.) It's also a bit disingenuous to claim incompetence. I mean - what social app does not think very, very hard about how they can spread, and how far they can push it? Is it really believable that they didn't at least consider the privacy implications of uploading a user's entire address book - regardless of whether they store it? And given that they were so incompetent (their words) how do we know they are competent enough to erase the data securely from wherever they temporarily store it while cross-referencing? Just say "we should have made this an opt-in feature and disclosed it better." Trying to defend it by claiming incompetence is lame, not credible, and nonsensical. Just own up and move on.
- spam
- offensive
- disagree
- off topic
LikeEvil design, evil programming, and I don't believe for a nanosecond management doesn't see address-book data as a 'valuable asset' toward exit (or worse - selling this data).
- spam
- offensive
- disagree
- off topic
LikeThey just posted all of our data unencrypted in a giant string like your mom mailing you and all her friends in a giant chain email.
- spam
- offensive
- disagree
- off topic
Like