Two Months Removed From AddressGate, Path Starts Hashing, Anonymizing Data

Back in early February, Path met with some serious backlash when Arun Thampi revealed that the social app was uploading address book data without explicit permission from its users. Path responded by taking Mike Arrington’s advice, deleting the entire collection of user-uploaded contact information from its servers, along with an app update which added an opt-in feature to prompt users for permission before using its data.

Today, Path is re-upping its commitment to showing users that it takes privacy seriously, announcing via blog post the release of Path 2.1.1 that the latest version enhances security by “hashing user data so that it is anonymized.” According to the post, this includes last names, phone numbers, email address, Twitter handles, and Facebook IDs — all of which will be anonymized.

From the post:

We take privacy and security seriously, and we believe your data deserves to be well-protected … We hope our actions set a new standard in this field as we strive to serve you, our users, first. Thank you for your trust, and thank you for using Path.

While Path was hardly alone in the way that it handled its user data, the startup became the lightning rod for all the unrest surrounding privacy in the age of next generation social apps, which has even attracted the attention of Congress.

Up to that point, Path had been on a hot streak, seeing quite a bit of buzz around its new iteration, gaining a host of new supporters craving a less noisy social and design experience than oh, say, Facebook. Also a company known for the sometimes aggressive ways in which it handles user data.

Even in spite of the backlash, Path has continued to plug along, as reports surfaced that even Britney Spears could be contributing to its new funding round, which could be as high as $30 million — at a $250 million valuation. CEO Dave Morin discussed the funding rumors, the company’s approach to its API, as well Version 2.1 of the app with TC’s Colleen Taylor last month, which you can check out here.

While the company continues to push forward, it is obviously imperative to Path’s long-term success that it break out every trick in the book to reassure users (and the tech community) that there is nothing questionable about the approach its taking to friend-finding. After nuking its data, hashing data certainly appears to be further affirmation that Path heard the message loud and clear.

For those unfamiliar, hashing is an approach to recording user data that allows that data to be collected, while making sure that it is unreadable. Rather than storing the information in text form, hashing creates an alphanumeric string, assigning one to a user’s device, the other being stored in Path’s servers. Developers can compare the strings to match the device, but the information remains obscured, even if someone were to hack into its servers.

So this is the approach Path will now take when it recommends the contact information of other users based on their address book, adding a further level of security on top of the opt-in box it implemented in order to ask for permission to access contact data.

Considering Congress sent a letter to Apple to investigate the company’s policing (or lack thereof) of apps that access contact data without authorization, Path’s approach to privacy has implications that extend beyond its own business. So, it’s good to see Path taking the necessary steps to ensure user privacy — granted, this is what they should have been doing from day one. And let that be a lesson to the rest of yas.

Will be updating