Path, the excellent mobile social network for iPhone and Android, has a self-inflicted problem on its hands. Developer Arun Thampi noticed that the iPhone version of Path’s app uploaded his address book–unencrypted, in its entirety, without permission–to the company’s servers. He wrote about it, and an interesting conversation is going on in his comments, including responses from Path cofounder Dave Morin.

It turns out that Path has already made the uploads opt-in for the Android app, and has submitted an iOS update that does the same to Apple’s App Store. Little by little, Morin is addressing the company’s actions–it uses the address-book info to find your friends on Path–and expressing regret for grabbing personal information off phone without permission. But he hasn’t explained himself to the satisfaction of all of Thampi’s commenters, and the Path Blog doesn’t yet cover the kerfuffle. It’s not clear that Path thinks this a particularly big deal.

Continue reading this story…

I’ve said it before and I’m sure I’ll say it again: The best approach to Facebook privacy is to behave as if there isn’t any. As Zack Whittaker of ZDNet reports:

Facebook acknowledged there was a glitch in the system, which allowed users to access off-limit photos of other users, but claimed that only a limited number of users were affected. Facebook did not disclose how many people were affected.

Many users have their Facebook profile locked down. Only profile picture data is often available to display on some profiles. Users who took advantage of this flaw were able to ‘report’ a profile picture as ‘nudity or pornography’, which then led to the ‘reporting’ tool to display the images.

However, images of Facebook chief executive and founder Mark Zuckerberg were uploaded to image-sharing sites after his own profile was exploited.

With U.S. Senators getting involved in the issue about whether or not Americans’ cell activity is being monitored and recorded without their permission, it’s worth asking the most obvious question: How did the offending Carrier IQ software get onto the mobile devices in the first place?

Despite being initially identified as manufacturing devices using Carrier IQ, both Nokia and RIM have since denied any responsibility, with Nokia calling such claims “inaccurate” and uncategorically saying that “these reports are wrong,” while Research in Motion issued a statement saying that the company “does not pre-install the CarrierIQ application on BlackBerry smartphones and has never done so,” adding that it also “does not authorize its carrier partners to install the CarrierIQ application on BlackBerry smartphones before sales or distribution and has never done so.”

Continue reading this story…

Spotify is giving users an option to turn off automatic Facebook sharing, for all those times you want to jam out to Kenny G without everyone knowing.

As Business Insider reports, “Private Listening” disables Facebook’s new “Add to Timeline” feature, which automatically shares users’ listening habits with their Facebook friends. Private listening does nothing for people who haven’t opted into sharing with Add to Timeline, but for users who usually want to share, this option allows them to temporarily go dark.

Continue reading this story…

As this week’s E3 games conference and debut of Nintendo’s Wii successor looms, Nintendo’s admitting that Sony’s not the only victim of hacktivist ne’er-do-wells—yep, Nintendo was hacked, too.

Nintendo acknowledged a security breach in a statement yesterday, explaining that its U.S. servers came under cyber-fire a few weeks ago, but stressed that no personal user data was in breach. By comparison, Sony’s seen troves of sensitive personal data repeatedly stolen (and reportedly distributed) as hackers took turns assaulting the electronics conglomerate’s many corporate facets.

Continue reading this story…

Don’t worry about hidin’ yo kids, Mark Zuckerberg isn’t after them. Several news outlets made a lot of hay out of the Facebook CEO’s comments at an education conference last week, seemingly suggesting that the company was ready to remove its requirement that users be over the age of 13.

Not that it matters: a recent study indicated that a third of those under 18 were below that minimum age, and often using Facebook without any parental supervision. That’s a problem, since estimates say that about a million children were cyberbullied on Facebook in the past year.

Zuckerberg argued that the press had taken his comments out of context, and rather he meant that bringing children online on Facebook was not a priority for the company. The site may consider doing so in the future, but not now. It may not really matter in the end anyway, given parents are already allowing their kids on the site regardless of its rules.

In the end, it’s the parents’ responsibility to know what their kids are doing online. Facebook’s not meant to be a babysitter.

When Apple sneezes, the world takes interest in ear-nose-throat medicine. So upon learning that their iPhones have been building a bloated file of location data, consumers started wondering if mobile service also means mobile surveillance.

Add the unrelated but scary hacking of Sony’s PlayStation and Online Entertainment networks, and suddenly people are thinking about the data they are shedding and who’s picking it up.

Location is the bonanza of 2011. Companies are chasing hundreds of billions of dollars in potential revenue by trying to learn where consumers are, where they’ve been and even where they may be going.

“Through mobile we are getting data which as marketers we haven’t had access to before,” said Michael Collins, CEO of mobile marketing firm Joule at a recent conference. “We’re beginning to see the full life patterns of the consumer.”

Is this creepy (they know all about you), or great (marketers offer you stuff you actually want, rather than things you couldn’t care less about)? It depends on what you value, what you understand, and how much control you end up having.

Continue reading this story…

A consumer advocacy group is giving Nintendo a hard time over the Nintendo 3DS’s terms of service, which allow the company to disable modded consoles and claims a license to all user-generated content.

Defective By Design, a campaign run by the Free Software Foundation, seeks donations in exchange for sending Nintendo a brick — symbolic of Nintendo’s ability to render devices useless.

I suppose the campaign has done its job, because I wasn’t aware of Nintendo’s 3DS terms of service until I read the coverage on BoingBoing and PC World. But while several sites reported on Nintendo’s anti-modding policy back in March, not much attention’s been given to the rights Nintendo claims on users’ activities, personal information and content.

Continue reading this story…

How could Facebook (a smart company) and Burson Marsteller (a smart PR agency) not have figured out that attempting to plant anti-Google stories in the media–without disclosing Facebook’s involvement–was a lousy idea?

For the past few days, a mystery has been unfolding in Silicon Valley. Somebody, it seems, hired Burson-Marsteller, a top public-relations firm, to pitch anti-Google stories to newspapers, urging them to investigate claims that Google was invading people’s privacy. Burson even offered to help an influential blogger write a Google-bashing op-ed, which it promised it could place in outlets like The Washington Post, Politico, and The Huffington Post.

The plot backfired when the blogger turned down Burson’s offer and posted the emails that Burson had sent him. It got worse when USA Today broke a story accusing Burson of spreading a “whisper campaign” about Google “on behalf of an unnamed client.”

But who was the mysterious unnamed client? While fingers pointed at Apple and Microsoft, The Daily Beast discovered that it’s a company nobody suspected—Facebook.

If I have this straight, Sony says that “Anonymous” isn’t behind the PlayStation Network security breach–but by launching a denial-of-service attack on the company, it helped set the stage for the breach.

I’ve been getting a lot of urgent messages from major companies I do business with lately. Urgent messages telling me that information I gave them has been stolen by unknown parties.

Yup, I’m not only a PlayStation Network member–and therefore a victim of the current Sony security breach–but also a customer of at least three companies (Marriott, TiVo, and 1-800-Flowers) who were involved in the recent data theft from marketing company Epsilon. I wrote about this for my new TIME.com Technologizer column, But after reading all this correspondence, I have some advice for the corporate entities who send these e-mails. (I care about this stuff in part because I have the uneasy feeling I’m going to be getting a lot more of these messages in the future.)

Continue reading this story…

My new TIME.com Technologizer column is on the PlayStation Network and Epsilon leaks, and a few things we consumers can do to help defend ourselves from anything too nasty happening as a result of this kind of stuff.

All Things Digital’s Ina Fried got a scoop: an interview with an Apple representative about the iOS location-logging issue. The interviewee was Steve Jobs…

It took a week, but Apple has published questions and answers about the discovery that iOS devices keep an unencrypted file with months of data that can be used to figure out where the device has been. It does a good job of explaining what the data is (a subset of a database of Wi-Fi hotspots, some of which may be up to a hundred miles from where the device is), what it’s used for (pinpointing the device’s location more quickly than can be done with GPS alone), and why it stores so much data and does so even if you shut off location services (because it’s buggy). It also confirms that Apple can’t use the data to track you–it sees it only in anonymous, encrypted form. And it says it’s collecting anonymous traffic data for a service–built-in turn-by-turn navigation?–which it plans to release eventually.

Apple says that it’ll release an update in the next few weeks that collects less data and none at all if location services are turned off, and doesn’t back it up to iTunes. And in the next major iOS revision, it’ll encrypt the data on the device.

Was reaction to all this overblown? Yes, since some of it suggested that Apple had access to data it could use to track individual consumers, a scenario that the evidence didn’t support. But it’s important that we know what our phones know about us. The researchers who wrote about this did Apple customers a favor–and they seem to have done Apple a favor, too, by finding bugs in iOS.

Here’s a good, clear story by Brian X. Chen of Wired on the facts about Apple’s CONSOLIDATED.DB file, which contains information on where iPhone and iPad users have been. It’s not a conspiracy or a terrifying security hole–but it is worth being concerned about.

In light of the news that iOS4 likes to track your every move, Nielsen’s poll results released Thursday appear especially prescient. The firm found that a majority of both women and men have privacy concerns when it comes to check-ins and location-based apps on their smartphones.

Women appear a bit more concerned about the issue, with 59 percent saying so versus 52 percent of men. Concerns about big brother watching you seemed to build with age: those 25-34 showed the least concern (half of all respondents), which increased to 63 percent of those 55 and older.

Continue reading this story…