Earlier this week, we received a tip that the popular reading application Instapaper was looking at clipboard data without prompting users for their permission. Shocked that an application would be so bold as to do anything without user permission, we investigated. What followed was a look inside one of the most corrupt and illegal privacy breaches of…well, at least the past few days.
First, we decided to open up Instapaper and hunt for any clue that the service was actually copying user data. When we opened the application, we didn’t realize that we had a URL copied to the clipboard. As such, we were shocked when the following dialog box appeared:
Yes, without even searching for the privacy breach, or sniffing the data, we found the problem. Not only does Instapaper have the gall to copy data from the clipboard (nevermind that copying data is the purpose of the clipboard!), but he shoves it into our face.
When asked for comment, an Instapaper representative made it clear that this privacy breach was “unintentional”, and that they would be “making it right” in the future. The full statement is as follows:
I’m So Sorry.
While “Add URL” feature was implemented to help users of Instapaper, we now understand that it was wrong to simplify the lives of the users. In a future update to Instapaper, we will be changing how this works. In order to avoid confusion, everytime you open the application, you will be asked if you wish to give Instapaper access to the clipboard. Once granted, you will be prompted again to make sure that you clicked the right button on the previous dialog. Finally, you will be asked if you will permit Instapaper to look at the clipboard and copy the data.
As with most privacy breaches, it will be hard to ever trust Instapaper again. Privacy breaches are something to be taken seriously, as Dave Winer never fails to point out. Not only do they have access to our…reading data…but also they can see…our clipboard…
Wait a minute.
Maybe we’ve gone too far. Maybe we’ve reached the point where when an application looks at our data to simplify our lives, we should be grateful that we didn’t have to spend 10 minutes figuring out how to use a certain feature.
In the end, yes, applications can mis-use our data. That said, if an Android application wants to look at my photos, I’d appreciate being asked, but I also don’t care that much. If someone does something nefarious with my data, they will eventually be caught, and I trust Google and Apple to institute measures to stop it from happening again, if it turns out to be something important.
That’s what the Internet is based upon. Trust. Trust in larger technology companies, in the developers, and in each other. Sure, that trust can be breached now and again with less-than-honest developers and profit-obsessed companies. In the view of the larger picture, though, think of all of the services that you use that actually don’t do anything wrong with your data. Yes, they do things without asking your permission. In the end though, they do it to simplify your life.
So let’s cut people some slack. Let’s not just assume that Google wants to see your photos, and that Apple wants the phone number of your 10 year old nephew, and that Path wants to have every address ever in their possession. Sometimes companies should be clearer in how they operate, but overall, they’re trying to create products that help people.
[Thanks to Instapaper for being a good sport.]