Tons Of Companies Sued In Class Action Lawsuit Over Uploading Phone Addressbooks
from the class-actions-in-action dept
There was some controversy a month or so ago, when it came out that app maker Path was secretly uploading your entire address book to its servers. The company apologized and deleted all the data. Of course, pretty quickly, people realized that lots of apps do this, if you allow the app to search your address book to see who else you know is already using the service. The way they do this is to upload your address book. I would have thought this was, well, obvious, but not everyone seemed to think so (it’s also why I never use that feature). Either way, lots of apps quickly changed either how they work or how they explain what happens with that feature.
But, of course, in our litigious society, that’s not going to stop the class action lawsuits from being filed. In a 152 page document, a class action lawsuit has been filed against pretty much every big name company in the space:
Path, Inc., Twitter, Inc., Apple, Inc., Facebook, Inc., Beluga, Inc. ., Yelp! Inc., Burbn, Inc., Instagram, Inc., Foursquare Labs, Inc., Gowalla Incorporated, Foodspotting, Inc., Hipster, Inc., LinkedIn Corporation, Rovio Mobile Oy, ZeptoLab UK Limited aka ZeptoLab, Chillingo Ltd., Electronic Arts Inc., and Kik Interactive, Inc.,
The lawsuit kicks off by quoting Robert Fulghum’s “All I really Need to Know I Learned In Kindergarten,” saying, “Don’t take things that aren’t yours.” Of course, as with many such class actions, this one is all about getting the lawyers paid. This isn’t to say that I think the actions in uploading the address books were ok, but worth a lawsuit? Seems a bit extreme. It seems that the public pressure about all of this has caused pretty much all of these companies to change how they work, and it’s unlikely any real significant “harm” came from this.
Filed Under: address books, class action, privacy, uploading
Companies: ea, facebook, foursquare, instagram, linkedin, path, rovie, twitter, yelp
Comments on “Tons Of Companies Sued In Class Action Lawsuit Over Uploading Phone Addressbooks”
In the end, it won't matter
Most people don’t realize that Mark Zuckerberg is a spammer — just like Sanford Wallace. The only difference is that Zuckerberg is a better con man than Wallace ever was, and one of the bits of fallout from that is that he’ll get away with this. So will the spammers at LinkedIn, and all the rest, even though we all KNOW they’ve been spamming profusely for years and are doing so today. It seems that users are willing to have their mailboxes repeatedly gang-raped in return for a few worthless trinkets.
Pity. I’d hoped for better. But “oooooh shiny!” seems to trump everything.
Re: In the end, it won't matter
I totally disagree. First, your statement that … huh? …
Oooooh shiny!
Re: Re: In the end, it won't matter
Is this from the Red Dwarf where The Cat is always looking at shiny things?
Re: In the end, it won't matter
Huh…and here I thought having multiple email accounts to sign up for things, a spare google voice account, and several spam filters was enough. Apparently my inbox is being gang raped though? Funny considering I haven’t seen a piece of spam in the last 5 years…
Re: Re: In the end, it won't matter
@AC4:25pm I just think it is so sweet how you defend the virtue of your inbox. 😉
Privacy is one of the few illusions we cling to.
We know the Government no longer needs warrants, probable cause, or even a Judge to question the merits.
When corporations take “liberties” with the information it is an automatic reaction from the people.
Had any of them spelled out this was done clearly, there would be no real basis for the case.
The fact people found out after it was done, made them aware it was possible and it was being done.
Corporations need to stop thinking it is better to ask forgiveness than permission. That we will be SOOO happy with their vision of this makes it so easy to overlook what seen form the outside looks like a huge invasion of privacy.
While I don’t think the class action will do much good for the members, it will paint a very clear picture to the next big thing that respect for the consumer needs to trump you deciding you know best for them. Just because you can, should always result in asking yourself SHOULD you.
Do you believe that?
“There was some controversy a month or so ago, when it came out that app maker Path was secretly uploading your entire address book to its servers. The company apologized and deleted all the data.”
I think it safer to believe the the company did not delete all the data.
“The lawsuit kicks off by quoting Robert Fulghum’s “All I really Need to Know I Learned In Kindergarten,” saying, “Don’t take things that aren’t yours.” Of course, as with many such class actions, this one is all about getting the lawyers paid. This isn’t to say that I think the actions in uploading the address books were ok, but worth a lawsuit? Seems a bit extreme. It seems that the public pressure about all of this has caused pretty much all of these companies to change how they work, and it’s unlikely any real significant “harm” came from this.”
When it becomes OK for some citizen to say “OK, sorry, I’ll delete any data I have snatched during my hacking” and have no further action taken against them, then I would consider it ok for business to do the same. Until then and while citizens are being locked up and/or attempts are made to extradite them and lock them up (for years), then I think businesses should be nailed to the mast financially via class action law suits and their executives thrown in the same hole some citizen hackers are finding themselves.
Re: Do you believe that?
You agree to the data snooping when you click “I agree” and don’t read the EULA. Get over it, or start reading boy.
Re: Re: Do you believe that?
I have just created a user account on Path.com. There was no “I agree” button to click nor any link to an EULA.
Does this mean they have not snooped on me, ie, not collected personal information on me such as Internet Protocol (IP) address, my operating system, my browser type, the address of a site that may have referred me, etc, because I have not clicked on any “I agree” button linked to their EULA?
Re: Re: Re: Do you believe that?
“I have just created a user account on Path.com. There was no “I agree” button to click nor any link to an EULA. Does this mean they have not snooped on me”
No, it means the poster to which you responded is wrong – go figure. Regardless, it is amazing that some believe it is ok to do whatever they please, simply because they add some bs clause in a pos they call a EULA which no one ever agrees to.
Re: Re: Do you believe that?
Make sure to hire a lawyer to fully interpret the 15 page legalese document, as well, derogatory insult.
Word Games
Perhaps the problem lies in the wording? “Search your address book” suggests interest only in the particular information being sought, whereas “upload your entire address book” suggests interest in the entire contents of your address book.
Re: Word Games
Officer, I was just “searching” Minority Report for IP infringements, I did not “download” it for personal enjoyment …
The only winners in a class action lawsuit are the class action lawsuit lawyers.
Re: Re:
Actually the “winners” appeared to have been all the leech tech companies sneakily invading your privacy.
Until they were caught.
And now the apologists want us to believe it’s the lawyers that are bad?
You people are endlessly amusing.
Re: Re: Re:
“You people are endlessly amusing.”
Please explain exactly who “you people” are, because the phrase “you people” sounds suspiciously like “they”( i.e. anyone you don’t like or agree with).
Self-Inflicted Injury
Come on, people, you do not seriously imagine that anything stored on a mobile phone is going to stay private, do you? The known-sleazy mobile phone network operators are continuously in bed with the known-sleazy security services and police, all backed by the known-sleazy government. Your privacy on a mobile phone is toast, and has been for a very long time.
Only keep non-confidential stuff on your mobile phone. Or, better still, do not have a mobile phone.
They cut corners and got caught
Re: “if you allow the app to search your address book to see who else you know is already using the service. The way they do this is to upload your address book. I would have thought this was, well, obvious”
No. They didn’t need to load address book data to find friends using it, so the “obvious” assumption was that they didn’t.
Loading a “hash” would be enough, without the same privacy risks. It’s like comparing a password without storing the raw data. For example see the documentation for Microsoft’s Friend Finder:
http://msdn.microsoft.com/en-us/live/hh278351
Re: They cut corners and got caught
Good intro on using hashing to protect privacy
http://mattgemmell.com/2012/02/11/hashing-for-privacy-in-social-apps/
Frankly, I am glad to see the lawsuits
I don’t typically like lawsuits, but in this case I am glad to see them. You cannot even download an app these days that doesn’t want access to nearly every permission a smartphone has. I had a bible app that wanted permission to everything. A bible app! It didn’t need any permissions at all much less permission to my phone book!
The new trick seems to be to get an app out there that doesn’t ask for all these permissions. Then one day, during an update, you notice it is asking for a whole slew of new permissions. I have about 10 apps in my Amazon market that I never installed the update for because of this.
This needs to be clamped down on now as it is already out of hand.
Re: Frankly, I am glad to see the lawsuits
The thing that annoys me the most is when EULA have in them clauses which say the EULA terms can change at the whim of the business.
When I buy tech, I want to buy the product and lock in the terms and conditions at the time of purchase.
I do not want the terms & conditions changed a some future point(s) as for me that may mean the product does not meet my ‘fit for purpose” criteria (“fit for purpose” as a bit of UK consumer legalese). Also, I don’t want to have to read changes to T&C over and over again, life too short.
I want to analyze whether the product and the T&C’s at a point in time (when I purchase) are adequate for my needs, and if so, I want to be bound by those T&C while I use the product.
Re: Re: Frankly, I am glad to see the lawsuits
he thing that annoys me the most is when EULA have in them clauses which say the EULA terms can change at the whim of the business.
Funny you mention this. Every time I get on Netflix.com now, they prompt me to accept their new TOS. They have been doing this now for many, many months and I just keep ignoring it. I can still do what I want to do online w/o accepting the new TOS. I am waiting to see how long it takes before they force me to accept them before they allow me to do anything else. 🙂
It's your "friends" fault. Sue them too!
When I send an email to a friend, it does NOT come with my permission to publish my personal information to the world!
In the good old days, when names, phone numbers, birthdays, addresses, email addresses …. were kept in those nice leather-bound address books, one could become righteously pissed if your “friend” posted copies of your information in a newspaper! Modern address books contain LOTS of data, from voice phone numbers, to cell numbers, to fax numbers …. to home addresses, work, job title ….. When you give this information to “friends” or to associates, there is a fair expectation that they keep it private, and for their personal use.
I am not on any of these social nets, and yet, I get spammed regularly by them. Why? Because stupid and inconsiderate “friends” have divulged MY information to these spammers without MY permission.
Yes, get pissed at the app makers, at the social nets, but I get more pissed at these “friends” who have published my personal information without MY permission.
Every idiot who uploads other people’s personal data to third parties should be named in these class action suits. They are as, or MORE culpable than the spamming companies they deal with. When an app asks for your permission to upload your address book, not only is YOUR permission required, but the permission of everyone in your address book is required as well. What gives you the right to publish MY personal information, which I gave you in confidence?
The Cyclops
The way some do it could count as a TOS violation
I was “invited” to join a gaming site called PlayFire.com. During the sign-up process, their site asked me for my Windows Live ID and password, so they could invite my friends to the site. That’s how I got the invite in the first place — someone created an account on their site, in the process giving them their username and password, with which PlayFire logged in as my friend and sent messages to all her friends.
I saw that form and closed my browser. Giving your username and password to some third party is a very basic “NO” when it comes to security.
LinkedIn lets you “find friends” on a variety of networks. If you use Hotmail or Yahoo, their app takes you to that provider’s site to log in and explicitly grant access to LinkedIn. (I think one of them lets you select specific contacts to share, and the other lets you set a time limit on the access; both of them send you a link you can use to immediately revoke LinkedIn’s access to your address book.)
If you choose Gmail, however, LinkedIn asks for your Google login and password in a form on LinkedIn’s site, so it can log in as you to get your contacts.
I presume this is because Hotmail and Yahoo provide an API for this, and Google does not (or LinkedIn hasn’t implemented it yet). [Note this is based on my trying it out a year or so ago; things may have changed since then.]
No site should ever directly ask for your login credentials to another site. That’s just asking for trouble.
Mike Masnick knows thousands of people. Of those, he trusts hundreds of them to know his phone number, email address, and street address. Of those hundreds, 90% are tech-savvy, but dozens of them aren’t. Of those dozens of non-tech-savvy people who have Mike’s phone number and street address on their phones, a dozen of them install a new app by DataLeech, and either fail to read the 40-page terms before agreeing, or fail to realize that “search your contacts” actually means “upload your entire contact list to our servers and keep it there forver.”
Now DataLeech has Mike’s name, email address, phone number, and street address, and knows who six of his trusted friends are, and knows the information is still current any time any of those people run the app, regardless what Mike does or doesn’t do.
But of course that isn’t worth a lawsuit.
Re: Re:
No, it deserves a LAW, not a LAWsuit.