Most of us have memories as kids of raising hell around the house. My mother, being the nurturing and kind person that she is, had little real recourse. Except the one thing. And it didn’t even matter if she said it every day, it worked.

“Wait until dad gets home, you’re in big trouble.”

Gulp.

Dad was really good at exactly two things. Making big 1960’s era mainframe computers work at scale was one of them. Scaring the daylights out of me with a spanking was another. He was the enforcer. If there was some sort of dispute in the house, the last thing you wanted was dad getting involved after work.

Well, dad just showed up. And he’s looking for Apple, the guy that’s handing out people’s contact information to anyone who asks for it. Who’s probably upstairs in his room practicing his innocent face and preparing his “but my friends stole the data even though the users trusted me with it” story. Along with the “hey, we ganged up and beat the crap out of that 4 year old over this, it’s all fine now” story.

And dad’s kinda pissed off right now because the kids just made him look like a moron over SOPA. Dad wants some payback.

This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts.

The tech journalists don’t seem all that eager to look at the dozens of social mobile apps that still download your address book information from your phone (because they haven’t been able to push their update yet). As I’ve said over and over, the fact that Path did this was annoying, but in my opinion not that big of a deal. Still, the company has been eviscerated.

At some point the press, or someone, will go to the trouble of looking at all the apps and figuring out who’s doing this. I’ll just kick things off by pointing out that one of the most popular social apps, Foursquare, is definitely part of this party.

The surface evidence is clear – I created a new foursquare account on my iPhone and it immediately told me that 402 of my contacts were on Foursquare and suggested I connect with them.

There are theoretical (but highly unlikely) ways Foursquare could connect me with them without uploading my contacts, but it’s highly unlikely. So a developer I know went to the trouble to proxy the iPhone through Charles Proxy to sniff the traffic. It showed a substantial amount of data being uploaded to Foursquare from the phone immediately before the screen above was shown with contact information. We perused that data, and it included email addresses and phone numbers for everyone in the phone contacts.

Does this excuse Path? No. But unlike Foursquare and others, (the relatively tiny) Path was proactively changing this before the press hit, which is why their updated app was available and approved the day after the initial stories. That means Path is significantly less evil than Foursquare. And Foursquare is, in my opinion, not evil at all.

Even if they’re also trying to kill Egyptian dissidents like Path.

My recommendation to Foursquare is exactly the same as it was for Path – just nuke all the data and move on. Just because everyone else does this doesn’t mean Foursquare and Path (two apps I love) should.

Who’s next? Let’s just pull the bandaid off and get this over with. And let’s point the blame where it should be pointed, or at least where it will do some good – at the platform which permits this. That would be Apple.

It would be awesome if the tech press changed the focus from “Path is evil” to “this needs to be fixed by Apple.” That would be one option. The other would be to just continue to scream uninformed invectives at anyone who’s trying to have an actual conversation about the issue.

Disclosure: CrunchFund is not an investor in Foursquare, but we’d sure love to be. That’s probably some kind of conflict of interest.

I’m rarely surprised by the things I read from the tech press any more, but this ongoing Path story has definitely surprised me.

Partly because I’ve never seen a single company take such a staggering hit for doing something that, while wrong, is quite clearly industry practice. If you’ve used a mobile social app that suggested friends to you, it almost certainly uploaded your address book, and almost certainly did it without your permission.

As a user I’m slightly annoyed by this, and I think the apps doing this should be publicly criticized. But I think all of them should, not just one of them.

Normally all of them would be. There are two reasons why only Path is taking the hit.

First, because it’s not easy for tech writers to figure out who’s doing it, so they just criticize the one that everyone knows did it.

That ones obvious. But I was taken aback today when I spoke to a journalist who’d criticized Path. I asked why he just attacked them, not the others. His answers – “CEO Dave Morin is really arrogant and touchy.”

I said “wow, that’s a quote for my next story,” and he freaked out. I think just then he realized how awful it was.

The press is doing a good thing by publicly airing this. Apple may change its policies, and the apps are certainly falling into line.

But to focus on one company because you think the CEO is arrogant (which probably just means you’re upset that he’s well known and wealthy), is atrocious. And to just focus on one company because you don’t want to take an hour and download the top 50 social apps to discover that all of them are also doing this is pathetic.

On a related note, I just read one of the most vicious personal attacks I’ve seen on me, and I’ve seen a lot over the years. Dan Lyons suggests that my defending Path on this issue means, because we’re an investor, that we’re a paid apologist (and much worse). He calls my partner MG Siegler “a mean-spirited, egomaniacal buffoon who is not very bright.” But he never talks about is past issues with MG, or how thoroughly MG has discredited him.

Dan Lyons is a friend – or was. I spent a half hour on the phone with him a couple of weeks ago at his request to explain how venture funds work because he didn’t really understand it. He asked to work at TechCrunch multiple times over the years, too, although his salary requirements made that impossible.

The only reason he would write such hateful stuff is because he can’t help it. Journalists freak out when the truth is told about their industry. What MG wrote in the second half of his post yesterday was completely correct – the industry is a mess and unable to really change.

Most journalists don’t like other journalists much, but when the group is attacked as a whole they galvanize quickly. Antibodies kick in and they just can’t help themselves. They immediately move to the most disheartening personal attacks you can imagine. I don’t even think they realize quite why they’re doing it.

Lyons paints our actions in the worst possible light.

He doesn’t point out that Path was less than thrilled by my post telling them they needed to delete the data.

He doesn’t point out that I’ve repeatedly defended Facebook over privacy slipups, and I’m not an investor.

Or that I defend companies like Zynga (also not a shareholder) when I see the press massing to attack them unfairly.

Or that I was merciless in attacking the gaming industry when I saw how they were scamming users.

Or that I criticized Airbnb (where we are investors) heavily for the trashed apartment issue last summer.

Or that I got in a very public fight with Paul Graham over the Airbnb issue, and Paul Graham may be the single most important person not to piss off when you’re an angel investor.

He says that our insanely over subscribed venture fund is just a joke. He says our work at TechCrunch over the last six years is a joke. He says MG is a joke. He drags Pando Daily and Techmeme into the fight and trashes them too.

I’m surprised that my mother wasn’t mentioned, frankly.

If I was the person that Dan Lyons says I am, I would be a psychopath. I don’t understand why he wouldn’t even consider the fact that I’m simply speaking my mind. That I’ve always just spoken my mind. That I’ve never been the type of person to not speak my mind. There’s no way to look at my record and think that I am somehow a “hack for hire.”

Further, if he had any real sense of how Silicon Valley works he’d understand that, if the story he paints about Path were true, most of it’s employees would have walked out in disgust and be talking to the press. It just isn’t true. This startup scene is far less about money than tech press thinks it is. Startups are often careless, or too rushed, or just dumb. But I rarely see truly evil behavior from them.

We cannot, as a community, be ok with people being utterly trashed as individuals just because they say something counter to the prevailing wisdom that day. But in fact we celebrate it. Some of us can take it and carry on (I’ve lasted this long, I can handle it, and MG is a lot tougher than me). But it’s too heavy a cost for doing nothing more than writing what you think.

I think Path is being treated vastly unfairly. I think Apple is being given a pass and other startups and being protected. I may be right, I may be wrong. But I should be able to say that without being accused of being not just unethical but basically worthless as a human being. We all deserve that.

As a final note, I’m not trying to play the victim card here. I not particularly emotional over Dan’s article, which is part of the problem. It’s just another day in the tech world. I think we can do a lot better.

ps – I know that I have at times in the past written things that I regretted later. I remember this post, way back, about Blaine Cook. A few months later I was talking to someone and they said that I had lowered myself by mocking him. I agreed and I made a conscious decision to try not to do that again. The funny thing is I haven’t read that post in quite a while. The way I remembered it I was really out of line. But really, that post wouldn’t even raise eyebrows today. Times sure have changed.

Update: MG’s post on this. I’m starting to understand that this was all just some sad attack based on Lyons’ past issues with MG.

Update: See Foursquare Also Trying To Kill Egyptian Dissidents.

Just saw this on Michael Rubin’s Facebook stream. Amazing. And totally accurate.

I’d just add one more – “What Nick Bilton thinks entrepreneurs do” (just kidding Nick, you know I love you):

Don’t get mad at companies because they apologize so quickly. It’s the only way to survive in the Internet.

“All this social media nonsense is destroying our community,” a prominent venture capitalist told me on the phone a couple of weeks ago. It was a throw away comment in a larger conversation, but he was talking about how quickly startups are humbled by dramatic but ultimately superficial press stories that explode out of nowhere. Like a meth-fueled mob of millions tearing through a city and destroying anything that pisses it off.

That mob has incredible destructive power, but it peters out very quickly. If it gets fired up enough it can focus on a single issue like SOPA for a few days. But as soon as it senses defeat, as soon as the target rolls over and shows its unprotected belly, the mob declares victory, gets bored and moves on.*

So is it really so surprising that anyone who finds themselves the target of the mob just immediately rolls over and gives up? And the way to roll over is an unqualified apology, backed up with a short and easily understood explanation of how such a thing will never happen again. Don’t use any big words, and for the love of God don’t try to justify any part of what happened.

One example: Airbnb’s press fiasco last year went away only after an unqualified apology.

So you shouldn’t be surprised that Path went that route as well, issuing an unconditional apology last week for downloading your address book without permission. CEO Dave Morin’s attempts at first to explain what was going on made the mob murderous. Much better to simply say you’re sorry, back it up with the deletion of the offending data, and lay low for a couple days.

Nick Bilton at the NY Times doesn’t seem to get the big picture here. He writes about the Path situation, saying “Mr. Morin seemed unconcerned about how people could be harmed by his company’s carelessness” and “It seems the management philosophy of “ask for forgiveness, not permission” is becoming the “industry best practice.”

That’s not quite right. First, it’s more than a bit of a stretch to suggest that carelessness by Path could lead to “roundups and arrests” or dissidents in Egypt. My educated guess is Path is unlikely to sell, or give, any user data to the Egyptian authorities. Instead, they were using the data to make intelligent friend suggestions, which is significantly less evil.

But more importantly, Bilton seems to think that companies do this kind of thing for some nefarious purpose, thinking they’ll just apologize if they get caught and everything will be fine. That plays to the crowd but it isn’t accurate.

The truth is that startups are always in a hurry and always make mistakes. A good CEO knows that she must remain nimble and prepared to deal with the fallout of those rushed decisions. And the mob has taught those nimble CEOs that a nuanced discussion is not what the mob wants to hear. They want to see that belly.

So the belly is shown.

Bilton seems to think that these CEOs are pulling a fast one on us, getting away with bad behavior. But what he really should lament are the lost conversations that could be had. In the Path situation there was a fascinating conversation about why Apple allows this data to flow out without user consent that never happened. Or why, if address books are so important (dissidents in Egypt!) companies like Facebook are still allowed to use it as their own personal property in any way they wish.

So instead Bilton tries to stir the crowd again. Which is fine because he also noted the very real trend of startups to just apologize, and fast, when the mob looks their way. I’m not sure things will change, though. The mob just can’t stay mad when they see that belly.

Pretty soon all we’ll have is an Internet landscape of people who’ve laid down in submission, when those people should be proudly pushing forward, trying new things, and making us, even the Egyptian dissidents, all better off.

Instead of attacking the apologizers, Nick should use his platform to lament the fact that we’re all being trained to apologize because it’s pointless to have a conversation with a mob.

…

Just a couple of additional thoughts here. First, sometimes an unconditional apology is the only solution, and I’ve done it at least once. But I don’t apologize just because a mob is after me. That’s easier to do as an individual, harder when you have a startup with employees and investors. Second, I am always fascinated by Facebook, which has had to deal with so much criticism over the years. The one time I think they really did need to apologize to the community they didn’t, and the issue still went away quickly.

Also, the “*” above – the whole rolling over on your belly thing reminds me of a scary day with my dog Laguna. I was taking her for a walk in a neighborhood. Up ahead I saw an unleashed pit bull laying in front of a house. We gave it a wide berth, walking in the middle of the street instead of the sidewalk. The pit bull rushed her anyway, silently, and hit her head on and knocked her over. Laguna, being the docile retriever she is, rolled on her back and submitted completely. But the pit bull didn’t stop, it was tearing into her stomach and Laguna screamed and it sounded like a human screaming. Without thinking I kicked the pit bull in the head as hard as I could, which was pretty hard. It became airborn but landed squarely and looked at me with emotionless eyes. For a moment I thought it was coming for me. But it turned and trotted off, and didn’t give us another thought. Laguna was shaken up but was ok.

Nick Bilton is like that pit bull (in the same way that Path is endangering those dissidents, which means not really). He didn’t weigh in and attack until his prey was on its back and showing its belly. A safe way to conduct business, but not very noble.

Disclosure: Both Path and Airbnb are CrunchFund portfolio companies. We don’t own any Facebook stock, but their privacy snafus have also failed to incense me.

Update: Wow, an epic rant by MG.

VEVO, a music label joint venture, got caught with its pants down by TechCrunch’s Jason Kincaid – They illegally streamed a NFL game at a party they hosted at the Sundance festival. Yes, this is just too deliciously, hypocritically juicy.

In other circumstances whoever was responsible would face severe criminal and civil penalties for copyright infringement.

Unless, and I’m quite serious about this, the copyright laws apply to everyone, then they shouldn’t apply to anyone. The only way for the legislators and copyright holders who are fighting for tougher copyright laws to maintain any credibility whatsoever is for them to pursue any and all violators, even their own, as aggressively as they pursue everyone else.

Frankly, the VEVO execs should turn themselves in, not fight this in the least, and serve their jail time. I believe they’d serve five years.

See TechDirt for more.

Good for Path – In response to the address book issue from yesterday that sent the tech press into a romper room hissy fit (no offense, hissy fits are fun sometimes), they’ve decided to take the very simple and most effective remedy: nuking all the data.

Path’s blog post on the decision is here.

This is exactly what I recommended yesterday, although Path had come to the same conclusion independently. I had reached out to CEO Dave Morin before I posted last night but didn’t reach him. But we spoke very early this morning and he told me that they had already begun deleting all the data, well before I wrote my post, and would announce it later today.

As my partner MG Siegler says, there was absolutely nothing nefarious about this, but it shouldn’t have happened regardless.

I’m extremely proud of the way the company handled itself yesterday and today, and I’m more proud than ever to be an investor. Companies (people) screw up all the time. It’s how they handle themselves in a crisis that shows what they’re really made of.

The story of the day is definitely about Path (a CrunchFund portfolio company). The company has been copying address book information to their servers without user knowledge.

The company was apparently already aware of the issue and was taking steps to address it prior to this post coming out. The Android app has an opt-in, and a version of the app with an opt-in is awaiting approval at Apple, says CEO Dave Morin in the comments to the original post. Morin has also flat out apologized.

This is a common problem with apps, due in large part to the fact that Apple doesn’t consider the data as sensitive as, say, location information. To get location info the app must alert the user and get their permission on screen. There’s no such requirement for address book data.

There’s an app coming that allows users on jailbroken phones to monitor and intercept when address book information is being exported, at least when it’s being done in the most common way.

But What About Path

A lot of users just don’t care about their address book integrity, they know that it’s been exploited, repurposed, shared and siloed for a long, long time. The argument that Facebook has always made is that it isn’t really your data since it includes personal information of others. So it isn’t really yours to control. The only way that mess ever gets sorted out is the courts, after a lot of guided lobbying-fueled meddling (or lack of meddling) in the legislative branch.

But back to Path. Their apps should soon be opt-in only for address book data, and a lot of users will want to send it to help Path find your friends and invite them to the service. Users can also ask Path to remove the data immediately – “In the meantime, if you would like your data deleted from our servers please contact our service team at service@path.com.”

Which is nice, but I’m wondering if there’s a better solution to this. Path should just state that they’re nuking all collected address book data for all users right now. Remove it from their servers entirely.

It definitely sends the right message to users – you can trust this company with your data. They’ve apologized and they were already in the process of fixing the issue. It seems like the perfect last piece is to remove all that data from their servers. And I doubt it’ll take them all that much time to collect the data all over again, this time with user permission.

And in the meantime, perhaps Apple will begin to protect address book data as closely as they do location data, which would eliminate this problem for users on all apps in the future.

Update: Data nuked.

Recently a startup I know was heavily pressured by Apple to change their iOS app marketing material. The problem? The app was shown with a white iPhone image on their website.

That’s the first I’ve ever heard of Apple freaking out over the color of the iPhone skin in third party marketing materials. I asked a bunch of app developers if they’d ever heard about this, and none of these other developers had. And some prominent apps, like Flipboard and Path, use the white iPhone on their sites.

Apple has clear guidelines on the use of ios device images. There’s no specific rule about using only black device images, but there is a requirement that only approved images can be used. All of those approved images are black.

The private written communications I’ve seen from Apple, though, are quite clear on the restriction. In verbal communications they’ve said that they’re reserving use of the white iPhone for their own marketing materials.

Any other app developers out there that have been pressured by Apple to only use black device images? Dalton Caldwell, the CEO of App.net, works with thousands of developers to help them market their apps. He says he hasn’t heard a word about this. They may, soon.