The Path “Controversy”
With the development of the internet, in particular, social networks and applications, it’s never before been easier to collect, analyze and store these different arrays of data on a large amount of individual human beings and to store all this data on servers for an economic friendly price. The earliest form of this was first seen in the 1950's and as you may have guessed, it’s your credit score.
Information brokers collect information about individuals from the public and private sectors, including the United States Census, Department of Motor Vehicles, and user created and submitted content such as Twitter, Facebook, LinkedIn, etc. This information is widely used for targeted marketing and with that, the data aggregated is used to create actual individual “user profiles”. A good way to think of it is a huge folder, with things you like, dislike, your political preference, etc. Now of course there are a handful of companies that do this specifically, but in my opinion Path definitely isn’t one of them.
A company that does this, and one of the predominant ones at that, Acxiom, has said (quoted here) from the Senate.gov website, that they have files of over 10% of the human population, which equals to about ~700 million people, with over 1500 pieces of information per customer /human— here’s the snippet from the PDF I got from the Senate.gov website:
By design, data is captured and stored in a variety of different ways, but the issue at hand is “what type of data is being stored, captured, and what’s this data being captured being used for?”. Now the social network Path has over 23,000,000 registered users, with Indonesia being their biggest userbase with over 4,000,000 active users daily. In early 2013, Path was fined $800,000 for storing data and data scraping from “underaged” users, even though in the TOS it reads:
Path made a blog post which I will post below, saying essentially “There was a time in the companies registration system where it did not “decline” people underage to sign up. Although the terms of use said you were prohibited from signing up if you were not of legal age to form a binding contract, these underage users were apparently still able to sign up, and in turn, Path, by design captured these underaged people’s data, I think it was “13” or less underaged people that got their data scraped.
So it begs the question, why wasn’t this looked at more in depth? From a developers perspective, Path was doing what it’s designed to do. For some reason I can’t help but feel bad for Path, although this can of worms is behind Path (they’ve even sold the company since), I think it’s safe to say there’s a bigger problem here, and this really wasn’t a “Controversy”.
As wikipedia states, In 2013, I contended the notion that Path was sending Spam SMS’s out to other people (via using their data), it was said to have happened on somebody’s blog, I quote here: “I’m pretty sure I didn’t opt in…”. Essentially meaning, when singing up, he didn’t give permission for this to happen, although, I don’t think this really happened.
The thing to remember here is this, we are all signing up for social media, whether it be Facebook, Twitter, LinkedIn, Ello, or Path. The reason we sign up for these networks is to primarily to connect and share information with people, and via a developer error, it costed Path over $800,000. Although Path at the time had raised well over $41.6 million dollars, it made me think, if a company is only in their first round of funding with only $500,000 and they make a small developer mistake like not adding “auto rejection” to all underage people, even though in the terms of use it clearly states you can’t join if you’re not at a legal age. It could potentially ruin your business if you’re not well funded.
If there’s anything to be learned about Path’s misfortune in this event, business is delicate, especially in the early stages of a business and in the end, you can’t make every single last person happy, this wasn’t a “controversy”. This rather was a “developer error” that would have had a different outcome if a simple “auto rejection” function was implemented. Ironically Path is now subjected to have its privacy policies assessed every two years for the next twenty years or so years by the FTC.
With 100's of new startups coming into the San Francisco area yearly and that number doesn’t seem to be slowing down, one thing new startups can take away from Path (Path is successful in it’s own right) is to make sure your terms of use is strong, but your developers and your platform are even stronger, that is, if you want to make in the startup world, especially in San Francisco.
