Your Address Book Isn't Yours
When this whole Address Book uploading fiasco blew up right in the middle of my post-TechCrunch time off, I figured things would have mostly blown over by the time I returned to my desk. Seems that's not the case.
While there's been a lot of talk over the last few days about how developers could/should inform users that their address book will be uploaded, there's one point that has gone mostly overlooked: your address book isn't really yours to upload to begin with.
If that sounds crazy, think about what your address book actually is. Unlike, say, your photo album, it's not a collection of things you've made (and thereby own.) It's a collection of information — often non-public — that others have trusted you with.
Before I dive in, I'll make it clear: this isn't an attack on Path, or Instagram, or any of the other companies who are finding themselves under fire for peeking into the address book. Yeah, it was a bad idea — but it was one that many in the developer community agreed was just fine (though Apple's terms forbade it) until someone very publicly said "Wait, wait, wait. This isn't fine at all." This is about looking forward, and discussing how we look at user data in the future.
Now, where were we?
When one gives their contact information to a friend or colleague, there's an unspoken agreement — a license, if you will.
With some, it's freeware. The "Give this away as you please, I give it away right on my homepage!" type.
With others, it's shareware. As in, "I'd prefer you didn't give this to everyone with blatant disregard, but feel free to share some of it with close friends so we can all benefit."
With most, however, that information is premium, proprietary goods, with an agreement that reads "I'm giving this to you because you've earned it and I trust you. I'm not giving it to others, because they haven't and I don't. Let's keep it that way."
When you agree to upload an address book en masse, you ignore this mish-mosh collection of agreements and are treating that data as if it's yours, when it absolutely isn't.
So, what do we do? We're not going to come up with some magical replacement for good ol' contact cards — it's been tried before, and always falls to simplicity.
We also can't ever really trust 100% of users (with the "users" here being everyone you've ever given your phone number) to be responsible with the data. People... just don't care that much.
In the end, it all comes back to the app developers. Developers, recognize that this data isn't your user's data for you to request. If you must (in that it's absolutely crucial to the user experience in ways that can't be handled client-side), you have to treat that data like it's gold. Gold covered in platinum, wrapped in coupons for free puppies.
Oh, and don't store it. If it's not the user's data to upload, it sure as hell isn't yours to keep.