Path hit with FTC fine, finds itself in a geotag muck up

Path privacy issues, FTC fine
Off the beaten path

Path is billed as a social networking app that allows you to remember all of life's moments, but this is one day that the company may want to erase from its timeline.

The Federal Trade Commission (FTC) and Path announced today that the entities reached a settlement over the company's unauthorized collection of address book information on mobile devices.

The social networking start-up must establish a comprehensive privacy program and obtain independent privacy assessments every other year for the next 20 years.

Path also has to throw a little bit of money into the federal pot. It will pay $800,000 in civil penalties for not rejecting new members who were under the age of 13.

FTC, Path issue statements

Outgoing FTC Chairman Jon Leibowitz made sure to highlight this settlement as a victory for privacy-threatened consumers in the United States.

"This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans," said the resigning chairman in a press release.

"The FTC has been vigilant in responding to a long list of threats to consumer privacy, whether it's mortgage applications thrown into open trash dumpsters, kids information culled by music fan websites, or unencrypted credit card information left vulnerable to hackers."

Path, meanwhile, chalked this up to a learning experience.

"From a developer's perspective, we understand the tendency to focus all attention on the process of building amazing new things," the company said in a blog post addressing its Children's Online Privacy Protections Act violations.

"It wasn't until we gave our account verification system a second look that we realized there was a problem. We hope our experience can help others as a reminder to be cautious and diligent."

Path's blog post, curiously, didn't comment on its harvesting of users' address book data.

More Path privacy concerns

Path may need another "cautious and diligent" reminder, as the company's iOS app can still give away a user's location information without obtaining permission.

"Path's iOS app (yes, that same Path that was caught stealing users' entire address books last February) will use the embedded EXIF tag location information from photos," discovered self-described hacker and security researcher Jeffrey Paul.

This exploit happens when iOS Camera Roll photos are geotagged to Path posts, even when Location Services are disabled for the Path application.

Paul told TechRadar that he doesn't know if the issue also affects Android users, as he doesn't use the app on devices running Google's mobile operating system.

In a response to Paul's blog post, Path Product Manager Dylan Casey said that the company was unaware of the issue and has implemented new code to ignore the EXIF tag location.

A new version of the app has been submitted to the App Store for approval, according to Casey, who noted that "this only affected photos taken with the Apple Camera and imported into Path."

Matt Swider
Latest in Phones
Apple iPhone 16 Pro REVIEW
The iPhone 17 Air looks impressively slim in this new comparison image, but that just makes me more worried about the specs
Two Android phones on a green and blue background showing Google Messages
Google Messages just added a fun upgrade to one of its best chat features
Samsung Galaxy S25 on a blue deals background
Bored with your iPhone? The ‘incredible’ Samsung Galaxy S25 just hit a record-low price in the Amazon Spring Sale
Samsung Galaxy S25 from the front
The Now Bar on Samsung One UI 7 is about to get a lot more useful – and could soon match Live Activities on iOS
An iPhone running iOS 18 on a purple and blue background
iOS 18.4 could launch soon with a major upgrade to your iPhone’s notifications
Google Pixel 9a being held, from the back
The Google Pixel 9a’s mysterious delay may have just been explained
Latest in News
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list