Tons Of Companies Sued In Class Action Lawsuit Over Uploading Phone Addressbooks
from the class-actions-in-action dept
There was some controversy a month or so ago, when it came out that app maker Path was secretly uploading your entire address book to its servers. The company apologized and deleted all the data. Of course, pretty quickly, people realized that lots of apps do this, if you allow the app to search your address book to see who else you know is already using the service. The way they do this is to upload your address book. I would have thought this was, well, obvious, but not everyone seemed to think so (it's also why I never use that feature). Either way, lots of apps quickly changed either how they work or how they explain what happens with that feature.But, of course, in our litigious society, that's not going to stop the class action lawsuits from being filed. In a 152 page document, a class action lawsuit has been filed against pretty much every big name company in the space:
Path, Inc., Twitter, Inc., Apple, Inc., Facebook, Inc., Beluga, Inc. ., Yelp! Inc., Burbn, Inc., Instagram, Inc., Foursquare Labs, Inc., Gowalla Incorporated, Foodspotting, Inc., Hipster, Inc., LinkedIn Corporation, Rovio Mobile Oy, ZeptoLab UK Limited aka ZeptoLab, Chillingo Ltd., Electronic Arts Inc., and Kik Interactive, Inc.,The lawsuit kicks off by quoting Robert Fulghum's "All I really Need to Know I Learned In Kindergarten," saying, "Don't take things that aren't yours." Of course, as with many such class actions, this one is all about getting the lawyers paid. This isn't to say that I think the actions in uploading the address books were ok, but worth a lawsuit? Seems a bit extreme. It seems that the public pressure about all of this has caused pretty much all of these companies to change how they work, and it's unlikely any real significant "harm" came from this.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: address books, class action, privacy, uploading
Companies: ea, facebook, foursquare, instagram, linkedin, path, rovie, twitter, yelp
Reader Comments
Subscribe: RSS
View by: Time | Thread
In the end, it won't matter
Pity. I'd hoped for better. But "oooooh shiny!" seems to trump everything.
[ link to this | view in chronology ]
Re: In the end, it won't matter
Oooooh shiny!
[ link to this | view in chronology ]
Re: Re: In the end, it won't matter
[ link to this | view in chronology ]
Re: In the end, it won't matter
[ link to this | view in chronology ]
Re: Re: In the end, it won't matter
[ link to this | view in chronology ]
We know the Government no longer needs warrants, probable cause, or even a Judge to question the merits.
When corporations take "liberties" with the information it is an automatic reaction from the people.
Had any of them spelled out this was done clearly, there would be no real basis for the case.
The fact people found out after it was done, made them aware it was possible and it was being done.
Corporations need to stop thinking it is better to ask forgiveness than permission. That we will be SOOO happy with their vision of this makes it so easy to overlook what seen form the outside looks like a huge invasion of privacy.
While I don't think the class action will do much good for the members, it will paint a very clear picture to the next big thing that respect for the consumer needs to trump you deciding you know best for them. Just because you can, should always result in asking yourself SHOULD you.
[ link to this | view in chronology ]
Do you believe that?
I think it safer to believe the the company did not delete all the data.
"The lawsuit kicks off by quoting Robert Fulghum's "All I really Need to Know I Learned In Kindergarten," saying, "Don't take things that aren't yours." Of course, as with many such class actions, this one is all about getting the lawyers paid. This isn't to say that I think the actions in uploading the address books were ok, but worth a lawsuit? Seems a bit extreme. It seems that the public pressure about all of this has caused pretty much all of these companies to change how they work, and it's unlikely any real significant "harm" came from this."
When it becomes OK for some citizen to say "OK, sorry, I'll delete any data I have snatched during my hacking" and have no further action taken against them, then I would consider it ok for business to do the same. Until then and while citizens are being locked up and/or attempts are made to extradite them and lock them up (for years), then I think businesses should be nailed to the mast financially via class action law suits and their executives thrown in the same hole some citizen hackers are finding themselves.
[ link to this | view in chronology ]
Re: Do you believe that?
[ link to this | view in chronology ]
Re: Re: Do you believe that?
Does this mean they have not snooped on me, ie, not collected personal information on me such as Internet Protocol (IP) address, my operating system, my browser type, the address of a site that may have referred me, etc, because I have not clicked on any "I agree" button linked to their EULA?
[ link to this | view in chronology ]
Re: Re: Re: Do you believe that?
No, it means the poster to which you responded is wrong - go figure. Regardless, it is amazing that some believe it is ok to do whatever they please, simply because they add some bs clause in a pos they call a EULA which no one ever agrees to.
[ link to this | view in chronology ]
Re: Re: Do you believe that?
[ link to this | view in chronology ]
Word Games
[ link to this | view in chronology ]
Re: Word Games
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Until they were caught.
And now the apologists want us to believe it's the lawyers that are bad?
You people are endlessly amusing.
[ link to this | view in chronology ]
Re: Re:
Please explain exactly who "you people" are, because the phrase "you people" sounds suspiciously like "they"( i.e. anyone you don't like or agree with).
[ link to this | view in chronology ]
Self-Inflicted Injury
Only keep non-confidential stuff on your mobile phone. Or, better still, do not have a mobile phone.
[ link to this | view in chronology ]
They cut corners and got caught
No. They didn't need to load address book data to find friends using it, so the "obvious" assumption was that they didn't.
Loading a "hash" would be enough, without the same privacy risks. It's like comparing a password without storing the raw data. For example see the documentation for Microsoft's Friend Finder:
http://msdn.microsoft.com/en-us/live/hh278351
[ link to this | view in chronology ]
Re: They cut corners and got caught
http://mattgemmell.com/2012/02/11/hashing-for-privacy-in-social-apps/
[ link to this | view in chronology ]
Frankly, I am glad to see the lawsuits
The new trick seems to be to get an app out there that doesn't ask for all these permissions. Then one day, during an update, you notice it is asking for a whole slew of new permissions. I have about 10 apps in my Amazon market that I never installed the update for because of this.
This needs to be clamped down on now as it is already out of hand.
[ link to this | view in chronology ]
Re: Frankly, I am glad to see the lawsuits
When I buy tech, I want to buy the product and lock in the terms and conditions at the time of purchase.
I do not want the terms & conditions changed a some future point(s) as for me that may mean the product does not meet my 'fit for purpose" criteria ("fit for purpose" as a bit of UK consumer legalese). Also, I don't want to have to read changes to T&C over and over again, life too short.
I want to analyze whether the product and the T&C's at a point in time (when I purchase) are adequate for my needs, and if so, I want to be bound by those T&C while I use the product.
[ link to this | view in chronology ]
Re: Re: Frankly, I am glad to see the lawsuits
Funny you mention this. Every time I get on Netflix.com now, they prompt me to accept their new TOS. They have been doing this now for many, many months and I just keep ignoring it. I can still do what I want to do online w/o accepting the new TOS. I am waiting to see how long it takes before they force me to accept them before they allow me to do anything else. :)
[ link to this | view in chronology ]
It's your "friends" fault. Sue them too!
In the good old days, when names, phone numbers, birthdays, addresses, email addresses .... were kept in those nice leather-bound address books, one could become righteously pissed if your "friend" posted copies of your information in a newspaper! Modern address books contain LOTS of data, from voice phone numbers, to cell numbers, to fax numbers .... to home addresses, work, job title ..... When you give this information to "friends" or to associates, there is a fair expectation that they keep it private, and for their personal use.
I am not on any of these social nets, and yet, I get spammed regularly by them. Why? Because stupid and inconsiderate "friends" have divulged MY information to these spammers without MY permission.
Yes, get pissed at the app makers, at the social nets, but I get more pissed at these "friends" who have published my personal information without MY permission.
Every idiot who uploads other people's personal data to third parties should be named in these class action suits. They are as, or MORE culpable than the spamming companies they deal with. When an app asks for your permission to upload your address book, not only is YOUR permission required, but the permission of everyone in your address book is required as well. What gives you the right to publish MY personal information, which I gave you in confidence?
The Cyclops
[ link to this | view in chronology ]
The way some do it could count as a TOS violation
I saw that form and closed my browser. Giving your username and password to some third party is a very basic "NO" when it comes to security.
LinkedIn lets you "find friends" on a variety of networks. If you use Hotmail or Yahoo, their app takes you to that provider's site to log in and explicitly grant access to LinkedIn. (I think one of them lets you select specific contacts to share, and the other lets you set a time limit on the access; both of them send you a link you can use to immediately revoke LinkedIn's access to your address book.)
If you choose Gmail, however, LinkedIn asks for your Google login and password in a form on LinkedIn's site, so it can log in as you to get your contacts.
I presume this is because Hotmail and Yahoo provide an API for this, and Google does not (or LinkedIn hasn't implemented it yet). [Note this is based on my trying it out a year or so ago; things may have changed since then.]
No site should ever directly ask for your login credentials to another site. That's just asking for trouble.
[ link to this | view in chronology ]
Now DataLeech has Mike's name, email address, phone number, and street address, and knows who six of his trusted friends are, and knows the information is still current any time any of those people run the app, regardless what Mike does or doesn't do.
But of course that isn't worth a lawsuit.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]