Tons Of Companies Sued In Class Action Lawsuit Over Uploading Phone Addressbooks

from the class-actions-in-action dept

There was some controversy a month or so ago, when it came out that app maker Path was secretly uploading your entire address book to its servers. The company apologized and deleted all the data. Of course, pretty quickly, people realized that lots of apps do this, if you allow the app to search your address book to see who else you know is already using the service. The way they do this is to upload your address book. I would have thought this was, well, obvious, but not everyone seemed to think so (it's also why I never use that feature). Either way, lots of apps quickly changed either how they work or how they explain what happens with that feature.

But, of course, in our litigious society, that's not going to stop the class action lawsuits from being filed. In a 152 page document, a class action lawsuit has been filed against pretty much every big name company in the space:
Path, Inc., Twitter, Inc., Apple, Inc., Facebook, Inc., Beluga, Inc. ., Yelp! Inc., Burbn, Inc., Instagram, Inc., Foursquare Labs, Inc., Gowalla Incorporated, Foodspotting, Inc., Hipster, Inc., LinkedIn Corporation, Rovio Mobile Oy, ZeptoLab UK Limited aka ZeptoLab, Chillingo Ltd., Electronic Arts Inc., and Kik Interactive, Inc.,
The lawsuit kicks off by quoting Robert Fulghum's "All I really Need to Know I Learned In Kindergarten," saying, "Don't take things that aren't yours." Of course, as with many such class actions, this one is all about getting the lawyers paid. This isn't to say that I think the actions in uploading the address books were ok, but worth a lawsuit? Seems a bit extreme. It seems that the public pressure about all of this has caused pretty much all of these companies to change how they work, and it's unlikely any real significant "harm" came from this.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: address books, class action, privacy, uploading
Companies: ea, facebook, foursquare, instagram, linkedin, path, rovie, twitter, yelp


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 20 Mar 2012 @ 3:57pm

    In the end, it won't matter

    Most people don't realize that Mark Zuckerberg is a spammer -- just like Sanford Wallace. The only difference is that Zuckerberg is a better con man than Wallace ever was, and one of the bits of fallout from that is that he'll get away with this. So will the spammers at LinkedIn, and all the rest, even though we all KNOW they've been spamming profusely for years and are doing so today. It seems that users are willing to have their mailboxes repeatedly gang-raped in return for a few worthless trinkets.

    Pity. I'd hoped for better. But "oooooh shiny!" seems to trump everything.

    link to this | view in thread ]

  2. icon
    GMacGuffin (profile), 20 Mar 2012 @ 4:05pm

    Re: In the end, it won't matter

    I totally disagree. First, your statement that ... huh? ...

    Oooooh shiny!

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 20 Mar 2012 @ 4:13pm

    Re: Re: In the end, it won't matter

    Is this from the Red Dwarf where The Cat is always looking at shiny things?

    link to this | view in thread ]

  4. icon
    That Anonymous Coward (profile), 20 Mar 2012 @ 4:14pm

    Privacy is one of the few illusions we cling to.
    We know the Government no longer needs warrants, probable cause, or even a Judge to question the merits.
    When corporations take "liberties" with the information it is an automatic reaction from the people.
    Had any of them spelled out this was done clearly, there would be no real basis for the case.
    The fact people found out after it was done, made them aware it was possible and it was being done.
    Corporations need to stop thinking it is better to ask forgiveness than permission. That we will be SOOO happy with their vision of this makes it so easy to overlook what seen form the outside looks like a huge invasion of privacy.

    While I don't think the class action will do much good for the members, it will paint a very clear picture to the next big thing that respect for the consumer needs to trump you deciding you know best for them. Just because you can, should always result in asking yourself SHOULD you.

    link to this | view in thread ]

  5. icon
    awbMaven (profile), 20 Mar 2012 @ 4:18pm

    Do you believe that?

    "There was some controversy a month or so ago, when it came out that app maker Path was secretly uploading your entire address book to its servers. The company apologized and deleted all the data."

    I think it safer to believe the the company did not delete all the data.


    "The lawsuit kicks off by quoting Robert Fulghum's "All I really Need to Know I Learned In Kindergarten," saying, "Don't take things that aren't yours." Of course, as with many such class actions, this one is all about getting the lawyers paid. This isn't to say that I think the actions in uploading the address books were ok, but worth a lawsuit? Seems a bit extreme. It seems that the public pressure about all of this has caused pretty much all of these companies to change how they work, and it's unlikely any real significant "harm" came from this."

    When it becomes OK for some citizen to say "OK, sorry, I'll delete any data I have snatched during my hacking" and have no further action taken against them, then I would consider it ok for business to do the same. Until then and while citizens are being locked up and/or attempts are made to extradite them and lock them up (for years), then I think businesses should be nailed to the mast financially via class action law suits and their executives thrown in the same hole some citizen hackers are finding themselves.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 20 Mar 2012 @ 4:25pm

    Re: In the end, it won't matter

    Huh...and here I thought having multiple email accounts to sign up for things, a spare google voice account, and several spam filters was enough. Apparently my inbox is being gang raped though? Funny considering I haven't seen a piece of spam in the last 5 years...

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 20 Mar 2012 @ 4:37pm

    Re: Do you believe that?

    You agree to the data snooping when you click "I agree" and don't read the EULA. Get over it, or start reading boy.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 20 Mar 2012 @ 4:49pm

    Word Games

    Perhaps the problem lies in the wording? "Search your address book" suggests interest only in the particular information being sought, whereas "upload your entire address book" suggests interest in the entire contents of your address book.

    link to this | view in thread ]

  9. icon
    awbMaven (profile), 20 Mar 2012 @ 5:05pm

    Re: Re: Do you believe that?

    I have just created a user account on Path.com. There was no "I agree" button to click nor any link to an EULA.

    Does this mean they have not snooped on me, ie, not collected personal information on me such as Internet Protocol (IP) address, my operating system, my browser type, the address of a site that may have referred me, etc, because I have not clicked on any "I agree" button linked to their EULA?

    link to this | view in thread ]

  10. icon
    awbMaven (profile), 20 Mar 2012 @ 5:07pm

    Re: Word Games

    Officer, I was just "searching" Minority Report for IP infringements, I did not "download" it for personal enjoyment ...

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 20 Mar 2012 @ 5:28pm

    The only winners in a class action lawsuit are the class action lawsuit lawyers.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 20 Mar 2012 @ 5:41pm

    Re:

    Actually the "winners" appeared to have been all the leech tech companies sneakily invading your privacy.

    Until they were caught.

    And now the apologists want us to believe it's the lawyers that are bad?

    You people are endlessly amusing.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 20 Mar 2012 @ 6:29pm

    Re: Re: Do you believe that?

    Make sure to hire a lawyer to fully interpret the 15 page legalese document, as well, derogatory insult.

    link to this | view in thread ]

  14. icon
    BeeAitch (profile), 20 Mar 2012 @ 8:54pm

    Re: Re:

    "You people are endlessly amusing."

    Please explain exactly who "you people" are, because the phrase "you people" sounds suspiciously like "they"( i.e. anyone you don't like or agree with).

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 20 Mar 2012 @ 9:07pm

    Self-Inflicted Injury

    Come on, people, you do not seriously imagine that anything stored on a mobile phone is going to stay private, do you? The known-sleazy mobile phone network operators are continuously in bed with the known-sleazy security services and police, all backed by the known-sleazy government. Your privacy on a mobile phone is toast, and has been for a very long time.

    Only keep non-confidential stuff on your mobile phone. Or, better still, do not have a mobile phone.

    link to this | view in thread ]

  16. icon
    Simple Mind (profile), 21 Mar 2012 @ 12:40am

    Re: Re: In the end, it won't matter

    @AC4:25pm I just think it is so sweet how you defend the virtue of your inbox. ;)

    link to this | view in thread ]

  17. identicon
    Pete Austin, 21 Mar 2012 @ 1:08am

    They cut corners and got caught

    Re: "if you allow the app to search your address book to see who else you know is already using the service. The way they do this is to upload your address book. I would have thought this was, well, obvious"

    No. They didn't need to load address book data to find friends using it, so the "obvious" assumption was that they didn't.

    Loading a "hash" would be enough, without the same privacy risks. It's like comparing a password without storing the raw data. For example see the documentation for Microsoft's Friend Finder:
    http://msdn.microsoft.com/en-us/live/hh278351

    link to this | view in thread ]

  18. identicon
    Pete Austin, 21 Mar 2012 @ 2:11am

    Re: They cut corners and got caught

    Good intro on using hashing to protect privacy
    http://mattgemmell.com/2012/02/11/hashing-for-privacy-in-social-apps/

    link to this | view in thread ]

  19. identicon
    John Doe, 21 Mar 2012 @ 4:27am

    Frankly, I am glad to see the lawsuits

    I don't typically like lawsuits, but in this case I am glad to see them. You cannot even download an app these days that doesn't want access to nearly every permission a smartphone has. I had a bible app that wanted permission to everything. A bible app! It didn't need any permissions at all much less permission to my phone book!

    The new trick seems to be to get an app out there that doesn't ask for all these permissions. Then one day, during an update, you notice it is asking for a whole slew of new permissions. I have about 10 apps in my Amazon market that I never installed the update for because of this.

    This needs to be clamped down on now as it is already out of hand.

    link to this | view in thread ]

  20. icon
    awbMaven (profile), 21 Mar 2012 @ 4:47am

    Re: Frankly, I am glad to see the lawsuits

    The thing that annoys me the most is when EULA have in them clauses which say the EULA terms can change at the whim of the business.

    When I buy tech, I want to buy the product and lock in the terms and conditions at the time of purchase.

    I do not want the terms & conditions changed a some future point(s) as for me that may mean the product does not meet my 'fit for purpose" criteria ("fit for purpose" as a bit of UK consumer legalese). Also, I don't want to have to read changes to T&C over and over again, life too short.

    I want to analyze whether the product and the T&C's at a point in time (when I purchase) are adequate for my needs, and if so, I want to be bound by those T&C while I use the product.

    link to this | view in thread ]

  21. identicon
    John Doe, 21 Mar 2012 @ 5:00am

    Re: Re: Frankly, I am glad to see the lawsuits

    he thing that annoys me the most is when EULA have in them clauses which say the EULA terms can change at the whim of the business.

    Funny you mention this. Every time I get on Netflix.com now, they prompt me to accept their new TOS. They have been doing this now for many, many months and I just keep ignoring it. I can still do what I want to do online w/o accepting the new TOS. I am waiting to see how long it takes before they force me to accept them before they allow me to do anything else. :)

    link to this | view in thread ]

  22. identicon
    abc gum, 21 Mar 2012 @ 5:18am

    Re: Re: Re: Do you believe that?

    "I have just created a user account on Path.com. There was no "I agree" button to click nor any link to an EULA. Does this mean they have not snooped on me"

    No, it means the poster to which you responded is wrong - go figure. Regardless, it is amazing that some believe it is ok to do whatever they please, simply because they add some bs clause in a pos they call a EULA which no one ever agrees to.

    link to this | view in thread ]

  23. icon
    SailingCyclops (profile), 21 Mar 2012 @ 6:16am

    It's your "friends" fault. Sue them too!

    When I send an email to a friend, it does NOT come with my permission to publish my personal information to the world!

    In the good old days, when names, phone numbers, birthdays, addresses, email addresses .... were kept in those nice leather-bound address books, one could become righteously pissed if your "friend" posted copies of your information in a newspaper! Modern address books contain LOTS of data, from voice phone numbers, to cell numbers, to fax numbers .... to home addresses, work, job title ..... When you give this information to "friends" or to associates, there is a fair expectation that they keep it private, and for their personal use.

    I am not on any of these social nets, and yet, I get spammed regularly by them. Why? Because stupid and inconsiderate "friends" have divulged MY information to these spammers without MY permission.

    Yes, get pissed at the app makers, at the social nets, but I get more pissed at these "friends" who have published my personal information without MY permission.

    Every idiot who uploads other people's personal data to third parties should be named in these class action suits. They are as, or MORE culpable than the spamming companies they deal with. When an app asks for your permission to upload your address book, not only is YOUR permission required, but the permission of everyone in your address book is required as well. What gives you the right to publish MY personal information, which I gave you in confidence?

    The Cyclops

    link to this | view in thread ]

  24. icon
    Yakko Warner (profile), 21 Mar 2012 @ 8:42am

    The way some do it could count as a TOS violation

    I was "invited" to join a gaming site called PlayFire.com. During the sign-up process, their site asked me for my Windows Live ID and password, so they could invite my friends to the site. That's how I got the invite in the first place -- someone created an account on their site, in the process giving them their username and password, with which PlayFire logged in as my friend and sent messages to all her friends.

    I saw that form and closed my browser. Giving your username and password to some third party is a very basic "NO" when it comes to security.

    LinkedIn lets you "find friends" on a variety of networks. If you use Hotmail or Yahoo, their app takes you to that provider's site to log in and explicitly grant access to LinkedIn. (I think one of them lets you select specific contacts to share, and the other lets you set a time limit on the access; both of them send you a link you can use to immediately revoke LinkedIn's access to your address book.)

    If you choose Gmail, however, LinkedIn asks for your Google login and password in a form on LinkedIn's site, so it can log in as you to get your contacts.

    I presume this is because Hotmail and Yahoo provide an API for this, and Google does not (or LinkedIn hasn't implemented it yet). [Note this is based on my trying it out a year or so ago; things may have changed since then.]

    No site should ever directly ask for your login credentials to another site. That's just asking for trouble.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 21 Mar 2012 @ 2:32pm

    Mike Masnick knows thousands of people. Of those, he trusts hundreds of them to know his phone number, email address, and street address. Of those hundreds, 90% are tech-savvy, but dozens of them aren't. Of those dozens of non-tech-savvy people who have Mike's phone number and street address on their phones, a dozen of them install a new app by DataLeech, and either fail to read the 40-page terms before agreeing, or fail to realize that "search your contacts" actually means "upload your entire contact list to our servers and keep it there forver."

    Now DataLeech has Mike's name, email address, phone number, and street address, and knows who six of his trusted friends are, and knows the information is still current any time any of those people run the app, regardless what Mike does or doesn't do.

    But of course that isn't worth a lawsuit.

    link to this | view in thread ]

  26. identicon
    Joe, 23 Mar 2012 @ 2:15am

    Re:

    No, it deserves a LAW, not a LAWsuit.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.