Unit Structures: Facebook API Data Sharing

Facebook API Data Sharing
Posted 2/07/2008 02:53:00 PM |

Via Slashdot, news that the Facebook Platform is falling under increased scrutiny for questionable privacy practices. The issue at hand is developer access to profile information as shared via the API. I'll see if I can provide a high-level overview.

When you add a Facebook application, you allow the application developers access to your profile. Your profile information is queryable via the Facebook platform API. This means that the data in your profile is passed to application developers via structured methods. An example of such a method is Users.getinfo. If you've added an application, the developer can make a Users.getinfo call with your Facebook ID. In response to that call Facebook sends the developer the information from your profile - your name, networks, favorite books and movies, etc. Other calls such as photos.get and friends.get make your photos or friends lists queryable by application developers.

Just so we're clear, Facebook sends your information only to third parties that you've approved (you read the terms of service, right?). It is as if the third party was able to view and save your profile, photos or friends lists. To prevent problems, Facebook regulates third-party behavior through its developer terms of service. The terms of service states that only certain types of your profile data are storable; if the developer possesses (i.e. downloads) data that is not explicitly storable, they agree to delete this information within 24 hours. That is, the company must, under the terms of service agreement, expunge the data that is not storable within a day of collecting it.

Notably, the storable data is very limited. You may store a user ID, or a photo ID, but you may not store a name, favorite book or picture. The only mechanism that regulates this is the terms of service agreement; if a company decides to store the data longer than 24 hours, there's no technical or DRM-type mechanisms that will enforce data destruction. The privacy equation relies only on good faith between Facebook and the third party.

Facebook has relied on this storage agreement since the beginning of the API. The reason we're hearing of it today is due to a recent study that found that Facebook applications don't need as much information as they're being given. There are clearly larger questions, especially when one considers the scale of Facebook applications. The largest applications have over 2 million daily users. They almost certainly have install bases in the tens of millions. This means that theoretically, tens of millions of profiles could have been downloaded and stored, in violation of the terms of service.

What are the incentives for storing profile information? As a researcher, I can think of hundreds of reasons. Using a small set of 100,000 profiles from across the US (a small application), one could build a valuable marketing database. Even if personally identifiable data was removed from the set, I'd still be able to get great value from the set using probabilistic techniques.

The reality? Likely, most of the applications you've added haven't stored your profile data in violation of the terms of service. Certainly, an app storing your data couldn't do anything above-board with it (Facebook would quickly and successfully sue). But in reality? With backup tapes, less-than-ethical application developers, or even those who just fail to read the terms of service - yes, it's likely that some data is stored somewhere. Just as your profile is probably in a browser cache somewhere, it's likely an app or two has stored your info. Will it be used against you? Will you become part of a black-market database? Who knows.

Now that people are taking a look at the privacy assumptions of the Facebook platform, perhaps its time to start a dialogue around how to solve the problems of SNS API's. OAuth is one heckuva step forward. However, with the power application developers exert in the Facebook ecosystem, I won't hold my breath that the all-you-can-eat data stream is going to be turned off any time soon.

Permalink | | to this post
View blog reactions | Post to

3 Comments: (Post a Comment)

At February 08, 2008 1:47 PM, Pascal Van Hecke said...: Hi Fred,

Your quote:

"Facebook sends your information only to third parties that you've approved (you read the terms of service, right?)"

One particular issue is that applications that you have _not_ installed but are installed by one of your friends, have access to names, networks and list of friends as well as most of the rest of your user profile. You can selectively switch off access for that "most of the rest of your profile", but the default setting is _on_.

Source: http://www.cnet.com/8301-13739_1-9854409-46.html
The Facebook settings discussed:
http://www.facebook.com/privacy.php?view=platform&tab=all

(I haven't looked into or tried the Facebook API - if the article's assumptions are wrong, please correct me so)
At February 08, 2008 3:09 PM, fred said...: Pascal - You're absolutely right. I built a social recommender app on the Facebook API that illustrates this.

http://www.ibiblio.org/fred/stuff/yts/

With it, one can query the profile of one's friends. Thanks for this important clarification.
At February 15, 2008 4:04 PM, ooglek said...: I haven't dug into it, but can I access information in the profile under the "Contact" tab, such as Mobile, Land Phone, and email address? I haven't been able to determine yay or nay.