nGenuity

Get a Security Assessment

Path Privacy

Path is simply amazing. It’s all signal and less noise as you interact with a small curated group of friends and loved ones. Adoption is rapidly increasing. As with all social apps there are privacy concerns that arise, let’s talk about a few in Path.

Location data:
Locations that you create are not private. When a new location is created it is stored in Foursquare. So not only is the location you created available in Path, it’s also available in Foursquare.

Additionally your location data is broadcast to Path every time you open the application (and periodically while it’s open). The following information is representative of what is actually sent.

{'elevation': (8, 148.0), 'elevation_accuracy': (8, 4.0), 'lat': (8, XX.20745912664216), 'velocity': (8, 0.0), 'lng': (8, -YYY.20841353956536), 'accuracy': (8, 5.0)}


Profile Information:
It may not be obvious based on the app interface or privacy policy but the following information is also easily available to any path user via a simple API call. The search results in Path actually have this data, the app just doesn’t display it. You can see what information is displayed for you at _______

UPDATE (12/8/2011 6:00 PM): As expected Path removed the account I was using to do the searches with for the path.evilpacket.net tool. Instead you can download the source and use the command line version from  https://github.com/evilpacket/path-search Additionally it appears that Phone #'s, Email addresses, and facebook ID's are now not included in the search results.

  • Account Created Date

  • Name

  • Facebook ID

  • Email address

  • Gender

  • Phone #

  • Cover and Profile Pictures (The original and various other sizes)

  • Username

  • (At least they don’t share your birthday in this data)


You can remove your phone # from being shared by removing it from the Path app settings, however I have not seen a way to stop sharing my email address or other information.

It’s not that earth shattering I know, but not all consumers realize this information on Path is out there. I would like to see a little more transparency from Path about what data is public, what is private and what other data they collect and how they use it. Path has done a lot better than other social apps in many areas, now it’s time to do better with user privacy and awareness.

filed under location, path, and Privacy View Comments

posted by Adam Baldwin
blog comments powered by Disqus