These Web ventures have both taken heat in the last day or so because they were doing things with their users' data or activity that those users didn't sign up for. I mean that literally. Implicitly, it's a different story.
Path (before today's update), they didn't see a disclosure statement to the effect of, "We read your phone's address book and correlate it with other users' address books that we've read in order to connect Path users together." Moreover, there was no opt-out, at least on the iPhone version of the app.
Should Path have provided a disclosure? Or made an opt-out part of the sign-up process?
Of course it should have. And now it has.
But will anyone read it? Would you, if this wasn't a news item? Do you need Richard Dreyfuss to read you a EULA before you'll pay attention? Be honest. What most people do when they're all hot to use a new service is to blast past the terms of service page, if there is one, or any authorizations that pop up when an app asks for access to pieces of the user's account from a connecting technology like Facebook, Twitter, Android, or iOS.
The whole idea of a thing like Path is to connect your account to your friends' accounts, and the easiest, most hands-off, most Apple-like way to do that is to entrust Path with certain data. In this case, your address book.
I'm not saying that what Path did was right. In fact, it may have busted Apple's own terms of service for apps. CEO Dave Morin apologized, and Path is erasing the data it got without disclosure. He learned his lesson.
But I think users learned a lesson as well: If you're using a social network, your data is being shared. Because that's the point.
Affiliate arrangements are standard on the Web. Alicia Navarro, the CEO of Skimlinks, which provides the affiliate linking technology to Pinterest, told me she has 20,000 customers. She (naturally) sees nothing wrong with the affiliate link model.
Sites need to make money. And making money directly from links that users put up for free? Genius.
Now, in the interest of openness, Pinterest definitely should have told its users that it will make money from their activity, and specifically how. Had the company done this, it is unlikely it would have made much difference to Pinterest's early success.
So when it comes to how networked consumer services work, how much should be disclosed? In these recent cases, both Path and Pinterest clearly under-disclosed. But when you over-disclose you end up with the same effect. Nobody reads about what you're doing when they sign up, and they're surprised when they find out. The big difference: The developer's butt is covered.
What should users expect? Developers are going to continue to push things, socially and economically, because they need to, to get traction. But it's the platform vendors who end up as the final safeguards of our data. Apple has its rules (which I bet will change when it comes to sharing address book data), and Google already makes it a little harder to slip a sharing function past a user who's installing a new Android app. Facebook also enforces a disclosure step when users add a new app or use Facebook Connect.
The platform guys have the tough job of enforcing data sandboxing while at the same time encouraging cross-app and cross-network connections, because that's where the value is for the app developers.
And users really need to get this: You don't get something for nothing. Even companies that really have their users' best interests at heart, and I include both Path and Pinterest in this category, can't give you great free services for nothing. In a highly competitive, fast-moving tech economy, they're likely to get a little sloppy. With your data.