Addressgate: After The Path Fallout, Whose Address Book Is It Anyway?

Next Story

Here’s What Facebook Stock Looks Like

Editor’s note: Guest author Keith Teare is General Partner at his incubator Archimedes Labs and CEO of newly funded just.me. He was a co-founder of TechCrunch. Just.me is a stealth company in the mobile space and as such Keith’s opinions on this issue are likely to reflect his product focus.

Addressgate seems like an appropriate name for what is dominating Silicon Valley headlines: Path’s mobile app uploading all of your contacts. Today Michael Arrington suggested that Path delete the data gathered and start over, and now Path CEO and founder Dave Morin has decided to do just that, and apologized.

The past 24 hours of discussion has mainly been characterized by shock, horror or forgiveness. Although all well-intentioned none of these get to the heart of a very significant issue that will only get more important as the mobile and cloud architecture of consumer apps replaces the desktop and cloud combination that has characterized the past 10 years of web services. Beneath the drama there are some big issues. Here I want to try and surface them.

Background to address book issues

It helps to understand what is happening at a macro level in order to grasp why Path was hammered while Google Plus and Facebook largely get a free pass when it comes to the question – “who owns the address book?”

The past 10 years of web apps and services created a set of assumptions about where one’s address book should sit. In the early days of Web 2.0, when Plaxo built an early cloud-based synchronization platform, it was full of controversy. In January 2006 our own Michael Arrington, writing on Crunchnotes, entitled his piece “The Plaxo Virus”, and asked:

“Plaxo, can you please find a way to run your business but never, ever email me again?.”

Subsequent TechCrunch pieces were notably reluctant to endorse the service to say the least.

This was the dawn of cloud-based address book management.

The rise of Web 2.0 and the normalization of the cloud based address book.

Since then Yahoo, Google, Microsoft, Facebook and others have normalized the notion that the right place for your contact list, or “friends,” is in the cloud. Indeed, given the cloud-centric architecture of web 2.0, that is the only place they can be. Almost all of the functionality of these services derives from being able to host the address book and to make comparisons between the address book of person ‘A’ and other people.

Facebook even goes so far as to restrict an individual’s access to the records in the address book. It considers that details like a friend’s phone number or email address are private to the friend, and thus blocks the ability of the address book owner to download the address book from Facebook to their mobile phone or other device. A user has to log into Facebook and look up those details on its web service if he or she wants to check on an email address or phone number. In this scenario Facebook is not hosting your address book, it owns it and merely gives you permission to look it up.

From Web Services to Mobile Apps

Now that we are moving out of the era of web services and into a mobile era, decentralization of one’s address book becomes the norm. Your phone contacts become the center of gravity for your relationships. In this world, mobile-first applications have to make a decision about how to think about the address book.

Now we are mobile, where should the address book sit?

Answer 1: In the Cloud

They can, as Path has done, choose to still host the address book and perform algorithmic queries on it in order to provide a set of services—like friend suggestions—based off of it.

It is worth noting that this decision does not require the download of a person’s address book. That was simply Path’s method of doing it. There are many other ways the goal could have been accomplished. Indeed Path’s decision to host the address book seems old-fashioned and harks back to a pre-mobile era, but it is also normal in that context.

The only real crime, if one was committed, was failure to alert the user.

In a mobile context this becomes an issue because it is taking something from the user. In the web era the user was putting this data onto a service via an explicit upload process.

Answer 2: On the Phone

A second way of thinking about the mobile address book is that its inherently distributed characteristic is a good thing, and the services that utilize it should sit on the device and be under the control of the user. In this distributed model it is still possible to provide services like friend suggestions, but without needing to host the data from the address book in the cloud. The data could remain on the device and accessed through the cloud by other devices instead. That way, nothing is stored in the cloud, it just passes messages back and forth. Clearly this architecture is more mobile centric, more under the control of the user, and not vulnerable to service providers mismanaging a person’s contact lists. In theory such an architecture reverses the web 2.0 power relationship between a merchant and a user but does not reduce the functionality that a user can expect.

This set of issues reinforces once again that privacy is a product issue, not merely a policy issue. Products that empower the user to act on their address book without taking the content of it and hosting it will likely find favor in a decentralized mobile world as it emerges. Those who want to persist with hosting the address book will need to ask for explicit permission again, or face the “Plaxo is a virus” style of reaction.