Last week, the web exploded with the news that social iOS app Path was uploading your entire address book to its servers, and then keeping it there. Worse, it was sending and storing them in plain text (although the connection was at least SSL-encrypted). Clearly, having Path notify you when your friends join the service is handy, but is there a way to do this without compromising your privacy? According to Edinburgh iOS supremo Matt Gemmell, there is.
Gemmell explains the procedure in great (and interesting) depth. In short, it’s all done with hashes. No, not the tasty breakfast dish, but the mathematical kind which you may be familiar with from downloading open-source software. Hashes are numbers generated from the attributes of a file or, say, e-mail address. They are pretty much unique, while remaining anonymous. Hashing a file or e-mail address always gives the same result, but cannot (without a lot of work) be reversed.
Thus, Path could hash all of the emails in your address book, upload them and have an anonymous list of your contacts. When a new person joins, their e-mail is hashed, and if the string matches one of yours, congratulations! You have a new friend.
Hashes work like this: Multiply 6×7 and you get 42. The answer is the same whoever does the math. But if I give you the number 42 and ask you what numbers I used to get it, you have many options. Add in algorithms instead of straight multiplication, and much bigger numbers than six and seven, and you get the idea. Yes, you can hack your phone to protect you, but that can have annoying consequences.
There’s more to it in practice (and tasty-sounding salted hashes play a part), but it looks like a great compromise. After all, I like it when Instagram tells me a new friend joined the service. I just don’t like it having all the addresses, phone numbers and possibly even notes from my contacts. Path has, as we reported already, made the upload optional, but if you hit yes, then it should be hashing your precious info.
- Via @mattgemmel