Twitter Inc. has acknowledged that after mobile users tap the "Find friends" feature on its smartphone app, the company downloads users' entire address book, including email addresses and phone numbers, and keeps the data on its servers for 18 months. The company also said it plans to update its apps to clarify that user contacts are being transmitted and stored.
The company's current privacy policy does not explicitly disclose that Twitter downloads and stores user address books.
It does say that
"Twitter users may customize your account with information such as a cellphone number for the delivery of SMS messages or your address book so that we can help you find Twitter users you know."
As with many online social services, Twitter allows users to look for friends that are also registered users. In the case of Twitter's iPhone app, users see a screen noting that the service will "Scan your Contacts for people you already know on Twitter." The short description of the feature does not mention that it also downloads every entry in the address book and stores it.
Twitter's current privacy policy notes that some categories of "Log Data" are stored for up to 18 months.
The policy says.
"Log Data may include information such as your IP address, browser type, the referring domain, pages visited, your mobile carrier, device and application IDs, and search terms. Other actions, such as interactions with our website, applications and advertisements, may also be included in Log Data."
In response to questions about the process, Twitter spokeswoman Carolyn Penner said the company is planning an update to the language they use in the mobile app.
Penner wrote in an email.
"We want to be clear and transparent in our communications with users. Along those lines, in our next app updates, which are coming soon, we are updating the language associated with Find Friends -- to be more explicit. In place of 'Scan your contacts,' we will use 'Upload your contacts.' and 'Import your contacts' (in Twitter for iPhone and Twitter for Android, respectively)."\
Penner also noted that Twitter users can have the service remove their contact databases using the "remove" link on this Twitter webpage (see below).
The disclosure from Twitter comes after another online social service, Path, came under fire last week for automatically downloading iPhone users' address books without permission. The chief executive of Path, Dave Morin, apologized for the automatic download and said Path would correct it, but also mentioned that such processes were "industry best practice."
Updated February 15th, 12:51 p.m. Twitter has clarified that it does not store names from address books, only email addresses and phone numbers. The company initially told the Times that names were among the types of data it gathered from users'mobile contacts lists.
When users activate the service's "Find friends" feature, "the email addresses and phone numbers in your address book will be shared with Twitter," wrote Carolyn Penner, Twitter's spokesperson. "Later, if one of your contacts signs up for Twitter with one of those email addresses and chooses to be discoverable by the address, we can connect you two."
COMMENTARY: I used Twitter's app for several years, so this privacy violation by Twitter is like a kick to my groin. In a blog post dated March 31, 2011, I reported on Twitter and Google both placed on 20-year probation with privacy audits by the FTC for privacy violations. In a blog post dated November 30, 2011, I reported on Facebook being put on a 20-year probation with annual privacy audits. You would think that during all this time, Twitter would've come clean, and admitted that it was downloading our entire address book. Now Twitter clarified that it "does not store names from address books, only email addresses and phone numbers." Thanks for making me feel a bit better about this privacy violation. cough, cough.
What is really eye-opening is Path's CEO Dave Morin mentioning that such processes (downloading address book data) were "industry best practice." I think it is time that Twitter and Path users report these gross privacy violations to the Federal Trade Commission for further investigation. Makes you wonder, what other tidbits of information about their users social networks are helping themselves to, without our permission.
Protecting your online privacy is of the utmost importance. In today’s connected world, it is far too easy to lose your privacy to the hands of many unscrupulous individuals. What can you do if you have discovered that your privacy has been violated by your favorite social network?
Your privacy rights are addressed with two acts: the 1974 Privacy Act and the Computer Fraud and Abuse Act of 1984. There are also many agencies that handle the enforcement of Internet privacy laws, including the FTC (Federal Trade Commission).
Protect yourself from privacy violations by thoroughly reading any and all privacy policies for any website entities you want to do business with. Do not, in any case provide private information, if you think that website may use your information fraudulently. Make sure you feel secure prior to any financial transactions.
You have 180 days to report these violations under a general statute of limitations. Your individual state may also have other rules and regulations for reporting these violations .
Use the FTC’s online form to file a complaint located HERE. You can report cases of unwanted spyware installations, online shopping fraud and internet auction complaints using this process.
You can try to contact the disputed company directly to try resolving the issue prior to filing a formal complaint. If this fails, file the FTC report and be sure to attach any and all documentation, including prior attempts at resolution.
Courtesy of an article dated February 14, 2012 appearing in the Los Angeles Times
Comments
You can follow this conversation by subscribing to the comment feed for this post.