Wait: What about MY INFORMATION if I've never installed Path? If someone I know with my contact information installs Path, does that mean that my information is stored on their servers?
How can I remove my information if I've never installed Path before? It doesn't seem right that my contact information, which I have kept private, because someone I know has uploaded that information. Do I not have a right to keep that information private?
This would make Path and other companies that upload the entire contacts database the prime candidate for hackers and government agencies that want non-Facebook information about people, given a name, phone number of email address.
Clearly there are a lot of WTFs going on at Path, but this isn't one of them.
> Do I not have a right to keep that information private?
But you didn't. You gave it to someone else. It's not your information any more.
Information about you is not information you own.
Privacy and anti-spam laws in various jurisdictions cover what an organisation can do with information they collect about private individuals, but that has nothing to do with ownership.
"Do I not have a right to keep that information private?"
Generally no. I mean anyone can put their in law's information on their blog. It's a dick move but not illegal generally (if you're putting the person in danger like an battered spouse or witness protection there may be problems, IANAL).
I get the outrage that they didn't hash everything but the righteous indignation that a social network is trying their best to let people know when their friends sign up seems overblown.
Moral of the story: don't be shocked when social networks don't follow best practices for privacy. Also foxes like chickens.
If they're smart they'll revamp their system to work like this:
edit: (0) we get your permission /edit
(1) we check for your contacts in our database (hashing your contacts).
(2) we let you know if any matches are found.
(3) we throw away all your data afterwords.
They'll generate a few fewer matches this way but since they're going for stronger ties it shouldn't really be an issue.
How can I remove my information if I've never installed Path before? It doesn't seem right that my contact information, which I have kept private, because someone I know has uploaded that information. Do I not have a right to keep that information private?
This would make Path and other companies that upload the entire contacts database the prime candidate for hackers and government agencies that want non-Facebook information about people, given a name, phone number of email address.