word of warning to anyone who wants to integrate with facebook. although their blog posts say they are only removing select endpoints, as the comments in the link above indicate, they have basically shut off access to core endpoints well beyond what they listed. instead of errors, the endpoint returns empty data.
this is extremely disappointing. our app was reviewed by FB (including source code), we have thousands of impacted users, and FB gave no indication that they would start doing this (and the issue was silent).
is a walled garden better than an API that lets users share their data? should we shut down the entire graph because of a few bad actors? is this how FB treats developers?
The cynical side of me says that Facebook realized awhile ago that the API was NOT helping them making any more money.
If anything, it was preventing advertisers from spending more money, or using their own tools like Facebook Insights.
Now that Cambridge happened, they're using this golden opportunity to shutdown the other API endpoints, so that they can keep more of the data, and advertisers will have to spend more money.
If I'm being emphathetic, I'll say I'd even do the same thing if I was in Facebook's position right now.
> The cynical side of me says that Facebook realized awhile ago that the API was NOT helping them making any more money.
This is so hard to quantify. A developer ecosystem around your product helps build engagement and lock-in. It provides free testing ground for experiments with your data (for better or worse).
A lot of people look at this as a "gift" to the developer community, but the relationship is symbiotic.
Now, given where Facebook is, am I surprised? Hell no. Billions of investors' dollars went away (temporarily, surely) almost overnight[1]. Their reputation took a hit. They needed to do ... something, anything. I get that.
But they didn't take a smart approach, likely because of the time constraint. The smart approach is lock down the parts of the graph that have the largest vectors for privacy invasion. Instead, they just hit the STOP button and are apparently calling it a day. In fact, there are some conflicting reports on some endpoints that officially will be up for review but privately have been discussed as permanently deprecated. I expect a walled garden.
We saw this with Twitter for different reasons. The lesson - as a developer/entrepreneur - should be: never make another company a mission critical component of your own. If there's a rug to be pulled out from under you, one day it will be.
The developer ecosystem served its purpose for FB. It accelerated their growth to the mass market. It is probably a net negative nowadays. They have an ad business not a platform business.
> The developer ecosystem served its purpose for FB
Maybe, maybe not.
Let's say tomorrow InstaFaceSpace launches and gets a bunch of hype. You know, it's got shiny fonts and your mom's not a user yet.
There's a migration, just as there was from Friendster->MySpace->Facebook. InstaFaceSpace is open for developers, giving them the tools they need to make and monetize applications on top of their platform. Stop me if you've heard this one before ...
Let's say this is embraced and there's some tangible migration. Apps are being built on InstaFaceSpace - cool apps, fun apps, secure and privacy-ensured apps.
Now Facebook realizes they need to have the platform they threw away and its ecosystem to retain users. Now what? Can they say "hey come back we've got all this new stuff and these hot new endpoints?" Developers won't go back.
It leaves Facebook vulnerable. Perhaps not as vulnerable as the PR nightmare they're going through, but there are scenarios where it comes close.
Were apps really the reason for the growth FB experienced in the past decade?
I'd argue it was the apps (and the publishers) that led to the decrease of organic posting in Facebook. Instead of seeing posts from your friends, now you see viral articles, and app-related statuses.
It was one of the reasons and an inflection point. I remember the rush of activity with the release of the platform. People were poking each other and sending game requests. These were all FB apps. It was one in of a string of hits by FB, creating a lot of goodwill. They quickly released FB to many languages, often crowdsourcing them.
They've fracked with their developers so many times already. What's one more time going to do? I think many developers remember what FB has done in the past. They've changed virality, forced the use of FB credits, limited access to newsfeed, released really broken APIs, etc...
I agree, I think opening the platform up to app developers added value faster than Facebook could have added it themselves and increased their user base. With the network advantage Facebook now has it's likely that if they cull all of those apps they won't shed too much of their user base.
I think that early on that API was definitely making them more money, but the balance has shifted. I suspect they kept the API around as long as they did to avoid a sudden PR disaster when they removed it (like twitter). The congressional hearing and all the recent news has served to lessen that cost and may actually end up being a boon for them.
Look, I hate to be "I told you so", but this shouldn't be a surprise: this is how Facebook has treated partners all along.
Remember when the big thing that drove engagement on Facebook was games? Zynga was making a mint on that. Until one day Facebook's metrics showed that the constant "Help my farm!" updates were pissing people off; they flipped a switch and games disappeared, and Zynga got kneecapped. I think it still technically exists, but it's a shell of what it was.
Then it was all about sharing as many news articles as possible, and Facebook built all these relationships with news publishers. That lasted until fake news and Facebook deciding people want more status updates from friends, and the publishers all got their traffic slashed with naught but a "I am altering the deal. Pray I don't alter it further."
When your business lives on Facebook's platform, you exist at their whim. As soon as they decide you're no longer useful, you're cut off. You really should've had a plan for this.
Not to mention the fact that that we've lived through all of this before with Twitter. Entire businesses were built on their API and then were obliterated in one fell swoop.
On the other hand, there's been a decent number of people who have made lots of money because they were the first to build an useful product on a platform.
Sure but then you're in the boat where you have some n finite period of time to slingshot from needing API Service to having a viable enough business to live without it.
Yeah that is absolutely true. Facebook used the platform as a way to keep people busy while they were focusing on growing the network to include everyone and their dog. After that they used the platform as an accessory and testing ground for new platforms (mobile / news sites / chatbots etc) .
Add to that the constant nightmare of rearranging chairs in the APIs for no reason. Still, facebook provides virality, but you can have that with minimal data usage from their platform if you ask your users to enter the data you need manually.
we do have a plan. but we also expected facebook to at least tell us when and if they cut off access — not put up a blog post that says they are removing some endpoints, and then just cut them all off regardless without warning.
this simply doesn't seem like the way to treat people who have invested time in a platform.
And the financial question has different answers for different entities - Developers who make money creating Facebook apps, Facebook who makes money from people who send data to and spend time on Facebook and on the Facebook apps developed by those developers, and advertisers.
You should be working on trying to take back ownership of your relationship with your users from Facebook, and remove the API from any future business plans. Implement your services off of Facebook, and email your app users telling them your services have migrated to your website or mobile app. If it wasn’t obvious already, the API is being ground into dust, and it will only further deteriorate after GDPR takes effect.
Social service API's have a rich history of treating developers poorly. Anyone building and relying on social API's should be prepared for and plan for when they start flipping switches with little or no warning. That's been my experience over the last eight years, anyway.
Some argue that the recent FB and Instagram API neuterings are in response to the Cambridge Analytica scandal. However, last September, Facebook silently neutered the ability for people to gather posts from public Facebook pages via the Graph API, which was damaging for FB Page research: https://developers.facebook.com/bugs/1838195226492053/
The events API had already been pretty crippled some time ago, looks like it's been made close to entirely useless now.
This is interesting to me, cause while I think their motivation was mostly about PR (although who knows, it's just kremlinological speculation), events are the main thing that keep many people I know from abandoning facebook -- it's the only way to find out about what's going on in many social circles. I contemplated trying to make something that used API to keep you in the loop on events on FB without having to actually use FB; it already wasn't really possible, now _really_ not possible.
Although wait, there is still iCal feeds for at least some read-only access.... okay, back to the my own research on the matter. :)
For reference, this is a temporary pause to review policies and make necessary adjustments as per this status.
> Description
We are pausing all new messaging experiences (including new authentications on approved apps) on the platform while we review our policies and make necessary adjustments.
Learn more here: https://messenger.fb.com/newsroom/messenger-platform-changes....
I've tried to tell companies time and time again that building the core foundation of the business on an external service like Facebook, Instagram, Twitter is doomed in the end. This happened 10 years ago when Twitter locked down a lot of their API access more, and is happening again now.
The CEOs and CTOs of those companies never listen, thinking "this time will be different", and yet it isn't. People in those positions don't like hearing truth that conflicts with their deeply held belief that they are different and their product/service (or mining of user data) is special and will make it through some loophole.
I wish I could monetize saving companies and investors millions of dollars with this advice, but I haven't figured that out. No one likes to hear 'no'
I don't think that's the whole story. "Don't build your core business around that API" ignores the opportunity that's there now. Your advice to build a business around something that can't be removed is sound if you care about the long term, which is sensible, but it ignores the short term immediate gain. You don't have to build a business that starts up and continues doing the same thing forever; for some businesses adapting to things like an API being removed is just another challenge to be met.
You're clearly quite cautious and like to plan far ahead. Other people don't do that. That doesn't make them wrong.
What if you are downstream from these changes, relying on a product that uses these APIs, and now you are negatively affected? You wouldn't be thinking that that their lack of planning or caution is a reasonable way of doing business.
Perhaps your due diligence should have caught this issue ahead of time, but it's far from unreasonable for people to apply research or experience when it's available.
What if you are downstream from these changes, relying on a product that uses these APIs, and now you are negatively affected?
You resolve the problem and carry on. Every business will have challenges like that. You can't mitigate them all ahead of time, at least not without missing a bunch of opportunities right now.
As a developer I find it hard to build things I know will break in the future. I find it hard to build things that might break in the future. Sometimes the opportunity in front of you makes it worthwhile regardless.
Basically a variation on the “we saved enough money on storing just two digits for year instead of four that the Y2K work was more than paid for“. The opportunity might be more than worth the refactoring cost later.
It doesn't make them wrong but it does make them careless. If you build something on a weak foundation, knowing it will all come tumbling down sooner or later you'd better make sure beforehand where to go when the floor gets pulled from under you. With that I do not mean 'the Bahamas' but rather an alternative for the external dependency which can take over its role with as limited an impact for customers as possible. Doing so is not just good stewardship but it might also reveal new opportunities which otherwise would have been overlooked. By making things like Facebook optional you both reduce your own dependency on their antics as well as Facebook's power. The former is good for your own personal well-being, the latter is good for everyone else.
Your advice make sense in some fields. In others like social media marketing SaaS products, there is literally no alternative to facebook(whether its publishing to facebook or analytics for facebook)
There is only diversified income streams (products). Not alternatives
> It doesn't make them wrong but it does make them careless.
No, it doesn’t necessarily make them careless. It could simply make them agile and adaptable. A bird can perch on a dying limb, grow, and fly away when it breaks off.
This is a meme that isn't 100% true. There are many many companies out there that have, yes depended on a 3rd party API, but also built something incredibly valuable, profitable, and even reaped financially from it (see Buffer, Hootsuite, Radian6, AppAnnie, etc)
No, it probably isn't going to last forever (then again, what company is?), but the alternative is... not building a business and waiting forever until they discover an idea that has no 3rd party dependencies AND has lots of demand (ie probably never).
This supposes that there's a viable alternative. If there isn't, the companies need to build that risk into their plans so they don't make investments which don't achieve returns soon enough.
I learned my lesson with Twitter. I never rely on anything external anymore and if I use something, I make sure I have a replacement available. Never again.
Time to circle the wagons and protect the core business. Collecting information and selling ads is their bread and butter. Giving third parties access to that data in order to build things gave them great marginal gains on their way to the top (sort of like Twitter), but in the current political climate the risks far outweigh whatever incremental gains they could realize going forward.
This is a fundamental misunderstanding of what Palantir does. It builds tools for data analysis, it doesn't gather data themselves. Anyone who has done the most basic research on the company (like watching the youtube demos) would know that.
Palantir clients maybe could still have access, if they pay for it; I probably can't convince you that we don't build tools that interact with Facebook.
Will this stop me from seeing Facebook friends that also use an application/service from within that application/service? For example, getting friend suggestions in Blizzard's or Epic Games launcher for Facebook friends.
Initially friends list matchers like that were an opt-in voluntary thing, but more recently applications have been more insistent on getting FB information to gather network data.
I'd love to see that sort of an offering die off, it's not like you can't post "Hey world, really into Overwatch right now, anyone want to join up?" on your feed yourself.
> it's not like you can't post "Hey world, really into Overwatch right now, anyone want to join up?" on your feed yourself
My main problem with that is method that I can't guarantee that friends that play Overwatch will see my post. The timeline algorithm is too inconsistent.
Holy shit, I'm not even using the Facebook API at the moment but this was infuriating to read. Please, someone make an FB alternative with wide open APIs where users can monetize their own data. If someone's already working on this, I'd love to know.
I will officially never try to use any Facebook API in the future.
There's Mastodon, but last time I was there it was only really big with a slightly creepy Japanese anime crowd. There just wasn't that much interesting English content to read.
Mastodon's API's are mostly open source standards which means they tend to be messy and inconsistent.
As far as user monetization the main strategy was predictable pleas for Patreon donations and some people constantly begging for money with a new crisis/excuse each day or various forms of victim hood.
I still like Twitter because it has high signal to noise ratio news feeds and power users, once you find them. Not sure how usable its going to be once they gut their Stream API in a month though.
To be honest, all social networks look like they are in various stages of epic FAIL and the perennial search for the new one that is going make it all better is probably in vain.
There are a slew of inherent structural problems in social networks many of which arise out of the fact that crowds, tribes, herds tend to bring out and amplify the worst in human nature. Its recommended you read up on mimetic theory before you play:
Either you allow largely unconstrained free speech and your network turns in to an abusive cess pool, or you constantly police and suppress it and it turns in to China. There isn't really an easily identified middle road.
I haven’t been able to find a ton on Mastodon yet but I saw enough tech posts to not think it’s just anime stuff. Others here who cheer on Mastodon have found similar results. When’s the last time you used or tried Mastodon?
> Facebook continues to make real-time improvements to its platform to protect people's data. We are making the following changes to maintain trust with people who use our products.
"real-time* is probably not the best buzzword to use when trying to spin the rapid changes as a positive thing.
Much of this data can still be obtained through scraping without the API. Depending on official APIs for data collection has never been a great idea, as they are often governed by very low rate limits etc. The Facebook API has been useless for social apps since the 2014 changes anyway, so they have made something that was already useless even more useless. Hopefully everyone here saw the writing on the wall in 2014 and isn’t relying on the Facebook API for business processes or revenue in 2018.
They shut down what was used by the company which I forgot the name to harvest the data that was used by Cambridge Analytica.
I don't have the details, but it was mainly around app having access to a lot of your friends data as soon as you would give the app access to your Facebook account, without any concent from your friends
A lot of the changes FB made were breaking changes that occured overnight a few weeks back that they didn't warn any developers about... That's a pretty good indication of how much they care about their developer ecosystem.
I wonder if this will hurt them more than they gambited for though. They've clearly thrown a lot of resources at the messenger API to encourage third parties to make bots. It also seems like WhatsApp's strategy to monetize is increasly focused on businesses somehow integrating with the platform.
As a developer, though I know WhatsApp still operates as a separate entity it's still ultimately owned by FB. And even though FB and WhatsApp still have incredibly dominant market share, stuff like this makes them look like very flaky foundations for third parties to build anything over... GDPR is going to hit FBs bottom line in europe and all their growth is coming from developing markets where user ARPUs are tiny... Long story short, I don't think times are going to be sweetness and light for FB in the near term, and so this is a time where they'll want as many friends as possible. But stunts like this won't win them any friends in developers!
If your app depended on getting user data from facebook, you should have moved away from that anyway, they made so many pointless changes and limitations over the years that the fuss was not worth it. you can still use the feed dialogs for viral engagement.
I’m curious if all the privacy zealots on here see the irony in someone asking others to publicly share content that is only supposed to be accessed by a private group of people (Facebook users, in this case). Does this not violate the privacy of the person or organization that made these posts, who intended it for a specific audience?
Whether you have an account or not, Facebook is collecting information about you. They should at least tell everyone what they are allowing developers to do with the data
Developers aren’t allowed to do anything with data that Facebook collects while you are not logged in. They never have. The information in those private posts intended for a private audience is only relevant to people that have Facebook profiles and are either developers or have a Facebook account.
Further, even if they did allow developers to use this data, it’s still a private discussion behind an authentication wall. I have seen it argued that taking such posts and publicly posting them is a violation of GDPR, and it may well be because of how broadly this law is written.
Live by the sword, die by the sword. It isn’t OK to ask people to violate the GDPR just because it suits you in a given situation.
It is a post that was directed to a private group - that group in this case is Facebook account holders. So by taking that information and posting it here, it may run afoul of the GDPR. I have seen arguments that even forwarding a group email to someone not on the original recipient list is a violation, so this wouldn’t be any different. It’s a communication that is behind an authentication wall for a reason.
The GDPR deals with processing[0] of personal data[1], not data about anything else any entity wants to remain somehow restricted. Other legal regimes may deal with disclosures of that kind, but not the GDPR.
[0] ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
[1] ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Facebook continues to make real-time improvements to its platform to protect people's data. We are making the following changes to maintain trust with people who use our products. These changes are never easy, but by focusing our efforts, we can put stronger protections in place to combat potential abuse. Please find a quick summary of these changes below:
Facebook Login:
App review required to ask users to share checkins, likes, photos, videos, events, and groups
Following fields are now deprecated and will return empty data: relationship_status, religion, political, friendlists, education, work, about, website, interested_in
Following Open Graph permissions are also deprecated and will return empty data: books, fitness, games, music, news, video
Taggable friends and mutual friends APIs are now deprecated
Pages API:
App review required
Page conversations will receive a new thread identifier
Require a Page access token with a matching Page for specific endpoints: /agencies, /canvases, /instagram_accounts, /leadgen_forms, /page_backed_instagram_accounts, /promotable_posts, /page/userpermissions
Deprecated /checkin_posts API and webhook
Remove social context elements: /friends_who_like, /friends_tagged_at, /video_watch_friends, /music_listen_friends
App review required to use the following edges: GET /page/events and GET /me/events
Events API:
App review required
Deprecated content edges on all events: /feed, /posts, /comments, /pictures, /videos, /live_videos, /photos
Deprecated user edges on all events: /attending, /interested, /declined, /maybe, /noreply
See User Node and Page API sections for details of /events edges on these nodes
Groups API:
App review required; API use must meet a specific group admin need
Removed some fields returned by edges on groups: to, from, likes, reactions, name_tags, message_tags, with_tags, tags, admin_creator
Deprecated APIs that share data about people in groups, including /members, /admins, /owner and a number of undocumented endpoints: /member_requests, /moderators, /former_members, /insights, /links, /tagged
Search API:
Deprecated Search API for pages, groups, events, and users
Games:
Updated Instant Games context_fetchPlayers API to limit users returned to those who have played in the specified context
Deprecated Scores API, Achievements API, /taggable_friends, and /invitable_friends
Deprecated /{app-id}/staticresources
App Insights API:
Removed age, gender and country information from the app_event metric
Instagram API Platform:
Instagram is accelerating the previously announced deprecation of the Instagram API Platform and has lowered rate limits
User Node
The following User node fields will no longer return information: about, education, friendlists, interested_in, political, relationship_status, religion, website, work.
GET /user/groups and GET /me/groups - This edge no longer returns any fields that contain User identifying information. This applies to all app Users, even app Admins querying their own User ID.
App review required to use the following edges: GET /user/events and GET /me/events (apps with user_events permission granted will still require re-review)
this is extremely disappointing. our app was reviewed by FB (including source code), we have thousands of impacted users, and FB gave no indication that they would start doing this (and the issue was silent).
is a walled garden better than an API that lets users share their data? should we shut down the entire graph because of a few bad actors? is this how FB treats developers?