It’s the privacy snafu that will not die. A day after a developer discovered that mobile social network Path was storing users’ entire address books on its servers, the startup seemed to have defused the incident by apologizing and deleting all the personal data it had stored.
But now Gawker’s Ryan Tate has published an email he got from Path CEO Dave Morin back in 2010 in which the CEO acknowledges that his company looks through your contacts in order to suggest connections, but made it explicitly clear that, “Path does not retain or store any of your information in any way.”
That’s the opposite of what he said today in his apology, when he noted that Path users’ contacts, including phone numbers, names, emails, and addresses, were all “stored securely on our servers using industry standard firewall technology.”
We’ve reached out to Path for comment. TechCrunch is reporting that Path 1.0 didn’t have the “Add Friends” feature, and that Morin wasn’t lying since Path didn’t store user data then. This is a little confusing, since the email was prompted by a Dave Winer post, where he called out Path’s uncannily accurate suggestions for which friends to follow.
But it is clear from this email that Morin was being disingenuous in his apology today, when he wrote that, “Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts.”
Morin knew when he wrote Tate back in 2010 that users were not comfortable with the idea of Path storing their contacts. So he went out of his way to make clear that it didn’t. When Path made that change, it never alerted users, an oversight for which the company is now being forced to answer.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.