or "facebook won't let you liberate your facebook data to alternate providers".
i don't understand why people tolerate facebook. they don't seem deserving of the trust people give them. first opt-in/opt-out privacy issues, now this... plus it doesn't seem like they're really trying to make money yet. i suppose this is what the initial "exclusivity" of the facebook brand got them: loyalty without needing trust.
People tollerate them because they won they social space. The winners always get free passes on things that only matter to a few people. Most people dont think about getting their data out. Where would they put it?
I'm starting to understand why my Linux and Android-using friends abhor my Apple preference. I'm still willing to make excuses for the one I like, however.
Most non-technical average users (read: the majority of their users ) just don't really understand / care about the privacy issues.
They just love the experience they can find at and pretty much only at the facebook site.
The tech press and media make an initial fuss about all of it but by the time they figure out a way to bring it down to a level the masses can understand facebook has put a notification on the top of the News Feed to explain.
I'm not agreeing with the practices merely attempting to explain why in the minds of the lion share of facebook users mind it just does not matter
Users are circumventing Facebook to protect their privacy, using email and self-censoring (this is further along in the presentation). There is also anecdotal evidence presented at the beginning of when they are presented with the not-so obvious consequence of general sharing they are actually quite horrified.
urm, that slidedeck is from google employee, so fairly obviously bias plus the "proof" it provides is one slide with an anecdotal quote.
I cant provide any stronger proof aside from their 500+ million users, but anecdotally, outside this hacker news / techcrunch esque commmunity, nobody cares about the facebook privacy issues. At the very least its in question enough to not be "completely and utterly wrong"
A lot of teens/young adults self censor on Facebook, not because of privacy issues with relation to the rest of the world, but because of privacy issues concerning their parents/relatives. 'Oh shit my mom is on Facebook', was an SNL sketch a few months ago. It is definitely an issue that people think about.
The problem is that 'us nerds' try to explain it based on technical merits rather than giving practical examples in which privacy concerns are at issue. (I don't want everything that is said to my best friend Billy to go to my mom; I sometimes use language that my grandma would find inappropriate; I don't want my girlfriends to find out about each other, etc.)
I've found the complete opposite. that most of my non-technical friends care about facebook privacy a lot, many of them delete their accounts as soon as they feel like people are knowing too much about them. As a technical-user, I don't care much about the privacy issues, mostly because I just gave up and realize that privacy really doesn't exist on Facebook.
This is a good point. A search engine like duckduckgo can choose to make much less by not tracking so much user data...and its still "enough". There are other vectors to bootstrap a friends/family sharing system that values privacy. Such a system can make a lot less than FB and still be "enough".
That would depend on how the costs of running servers scale with the number of users. If they scale faster, duck duck go would need to increase its income somehow.
Facebook has undeniably value. Connecting with other people is a pretty universal trait so it's no wonder Facebook has those half a billion people. That's what I use it for, too.
However, unlike some of those half a billion people, I do care about protecting my private life somewhat. Yet I'm willing to give up something for the value I find in the connectivity that Facebook provides. Depending on what personal information is at the stake, on how Facebook acts, and on your privacy expectations that something clearly varies.
For me, keeping any of Facebook's potential negative impacts to the minimum comes down to sanitizing the privacy settings and rechecking them every other month or so (or following any of the facebook privacy news articles) for new changes.
Uh, exporting your address book from Google and uploading it to Facebook is perfectly within any user's rights - it's a textbook example of data liberation. Now if only I could export my facebook pictures and easily import them into Picasa, or sync my facebook wall with my Buzz stream...
Your photos are easily accessible using the Graph API[1]. I wrote a python script which downloads all your photos and saves them to your computer[2]. However, I agree that Facebook doesn't make it easy for other web services to access stored data.
genuine question (this sounds a little smarmy but I know nothing about Graph API or web dev at all really): How is it not easy for other web services to access this stored data when a random guy can easily throw a script on GitHub to do it?
Not sure if this is the right answer, but a guess: it's easy for other web services to access this stored data if the user provides them with their Facebook login and password, which no self-respecting service would ever ask for. Even if Google did at one point get users to give up their facebook credentials, the API's they access will probably block IP's that try to access multiple users' data in a short amount of time.
The best solution, IMO, is to use the browser as a platform: a Chrome extension can allow users to seamlessly sync data between services, because Chrome already has access both to your Facebook account and your Picasa account.
With the Facebook API, the user doesn't have to provide any third party his credentials to allow the third party to access his data. Facebook uses OAuth to securely pass an access token to the third party while protecting the user's credentials. See http://developers.facebook.com/docs/authentication/ for more info.
Ah, but if I remember correctly, the terms of that OAuth usage explicitly state that while data may be accessed and used, it can't be stored indefinitely (with good reason, sometimes I don't want some app toy to indefinitely store all the information I trust Facebook with). So if a third party uses that API as an export mechanism, their API access should be (rightfully) shut down.
BUT - what if I actually want to export all of my photos into SomeApp.com, and I want to give SomeApp the right to store my photos indefinitely? Is there an API they can use to pull it from Facebook directly?
It used to be the case that apps could only store your data for 24 hours, but we removed this restriction in the last f8 conference.
You can definitely export all your photos into SomeApp.com using the graph API and they can store your photos indefinitely. These APIs are documented at http://developers.facebook.com/docs/api.
It is perfectly easy for other web services to access the data of a logged-in Facebook user, provided that the user has granted permission via Facebook Connect. This is how Facebook's "Download your Data" product[1] works; it is entirely implemented through publicly available graph APIs.
What Google is insisting on is "download my friends' data." This is where Facebook currently draws the line; we make it easy to retrieve your own data programmatically, while retrieving your friends' data programmatically is harder.
And, whatever Google says, Facebook is right to draw the line somewhere, and probably at friends' contact info. Consider an immediate consequence of doing what Google is insisting on: Zynga (e.g.) will spam all of their users' friends' emails. Because now they can retrieve them in bulk via a Facebook API. If you use Facebook, and tomorrow you started getting reams of email from applications you do not use, would you think, "How wonderful that Facebook has finally liberated my data!"? Or would you, maybe, be annoyed, and wonder why Facebook would ever consider making such a boneheaded decision?
Ridiculous. Facebook could whitelist only the user, not any proxy, to download whatever data friends already make available to users inside the boundaries of privacy controls. This is only sensible since it's already exposed to the user. If the user dedicated human time to archiving a bunch of web pages, they could reconstruct their contacts. But it's much simpler for the computer to do it.
The user could sell out their friends to a third party if they chose to (opt in). But Zynga would only get access if the user said so.
The reason Facebook won't do it is that it would commoditize the social graph and allow straight head to head competition on features. I think no one, even Facebook, knows how that would turn out...
Except for Google, who clearly decided to make it happen.
The Facebook API allows 3rd party applications to access most of the user's data, including the user's email, if the user grants the application the required permissions. More details are at http://developers.facebook.com/docs/authentication/permissio....
Beyond the script from derferman, you can download a copy of all of your photos (and videos, wall posts, etc) as a zip file directly off of Facebook from the bottom of your Account Settings page.
Google could easily fix this w/o impacting other services: block Facebook's referrer. And then present them with an opt-in page for Google.me... BOOM! Instant win? High five.
Google could also block any facebook links from appearing as google search results if things become more tenuous. I highly doubt this would ever happen since they might face a heavy duty backlashing, but the thought is intriguing.
I do agree.
Some people have referrer turned off, but afaik, they are the minority and this should do the trick. Google surely though about it.
This also works the other way. If you rely on FB assets (images, ...), they can shut your access down immediately the very same way. Can't say I like it.
Google could also make an API requiring an API key to access it (for services/tools that depend on it). Refuse to give Facebook an API key, and allow apps that depend on the current method to transition. Within 30 days or so, shut down access to it via the predictable URL and make it some crazy URL when they request it.
You do know the referer header is optional don't you, I mean, you'd look pretty dumb relying on it for any web service because, you know, some crazy people turn them off altogether, perhaps with the Firefox add-on RefControl.
You're missing the point. It's not about disallowing importing the address book from Gmail to Facebook, it's about making it more difficult in order to force Facebook to offer reciprocity.
You will always be able to export the CSV version of your Gmail address book yourself and feed it wherever you like. It's just slightly less convenient and the experience is not so smooth anymore.
Some points that are getting lost in the discussion below. I work at Facebook.
1. Facebook lets you export your data. It has been possible to do so ever since the graph API debuted in April '10. Since the market wasn't filling the gap, we even built a "download your information" product (https://register.facebook.com/editaccount.php -> Download Your Information). It gives you a zip file with all your contact info, photos, video, status updates, wall posts, etc. If somebody would like to write an importer for Diaspora, or Google Me, or even a non-vaporware competitor, they are well within Facebook's ToS, imho.
2. Facebook allows other sites programmatic access to the social graph. Yes, the supposed "crown jewels." That's exactly what Facebook Connect is for. You can see it in the wild on Pandora, Netflix, Yelp, Quora, and literally millions of other websites that are already doing what Google claims it wants to do: identify your Facebook friends.
3. Most importantly, what Google is insisting on is completely insane.
The ability to export my friends' email sounds good, but as with so many social product ideas (e.g., themed backgrounds for profiles), it stops sounding so good when you realize everybody has the same power. Think of it instead as: all of your Facebook friends can export your email to anybody who writes a Facebook app. Those spam quizzes? Every farm simulation knock-off flash game? The day Facebook does this, every Facebook user will wake up with their inbox crammed solid with spam from random Facebook applications that they do not even use.
What Google has not explained is why they need friends' email addresses, per se. Why couldn't whatever message they want to transmit be transmitted via Facebook messages, or wall posts, which send email notifications to almost all users anyway, and are already available via third-party APIs? This entire "not open enough!" straw man is a set of moving goalposts that Google will use to justify whatever competitive maneuvering they find convenient.
Facebook is in the right here, people. The product decision Google is asking Facebook to take would be a disaster for Facebook users. Meanwhile, the lever Google is using to attack Facebook comes entirely at the expense of GMail's users, who before this episode were voting with their feet by the millions to import their contact data to Facebook, and no longer have that option. Google is making its users' lives worse, in an attempt to make Facebook make its users lives worse.
1) FB only recently added this export data ability - before then, all they did was consume and never gave back. They are lucky no one called them out before.
2) You do want to export friends' emails because they are my friends and I should be able to maintain their emails regardless. I want to leave facebook, export the data, and import it elsewhere. It's fine that they are refusing to give an API for it (although they can make the application request for permission for it first) but if I am exporting all my data into a zip file, I expect that information to be there. I am sure Google wouldn't be complaining if FB did just this. If a user is stupid enough to import all their contact info back into a random FB application manually and gets spammed, then let them be.
3) Stop spinning this like Google is making their users' lives worse. Google allows this and FB doesn't because FB wants to trap all their information inside of their ecosystem. They are not right. They are one of the worse companies that try to spin automatic opt-in (confuse users and hope they never opt-out) to make them release more information.
4) Explain to me why FB blocking Twitter, blocking iTunes, blocking Google is GOOD for any of their users.
A quibble about the "download your information" feature:
This is not data export. It's a nice offline look at some of the data I have on facebook, but not all the dt I've added, nor complete data of what it claims to have.
The archive of messages does not contain all the messages that are in my inbox, let alone the deleted ones that should be produced. Not enough information about profile changes, picture changes, etc. is included.
An export of data from facebook should include information on all interactions interact with anyone on facebook. That's the information I put in, that's what I expect out.
What you do have is a token effort to appease the people who don't really care, but are scared into demanding it by their friends who do care. It doesn't solve our problem, only yours.
If you agree it's wrong to allow a friend to export my e-mail address, why should Google allow it either? It seems like Facebook wants to have its cake and eat it too.
You added your friends email addresses in your Gmail address book. On Facebook, your friends put in their own email addresses into their profile and set the privacy settings around it. It is a subtle but important difference.
My point is that data portability should be transitive. If by manually entering a friend's email address I 'own' that data, and it is thus valid for me to export, any service that imports that data should also allow exporting it. Otherwise it's lossy if I want to move on to another service.
In the FB case it's perfectly reasonable to prevent me from exporting data that I didn't provide, especially if another user provided it and has set privacy controls around it.
They are different services. Facebook is a third-party platform in a way that GMail has never been. If your email address becomes your friends' Facebook data, your email address will be distributed to many companies that you have no direct relationship with. Who knows what those companies will choose to do with it; we choose not to find out.
GMail simply does not have this problem: there are essentially no "GMail apps", and users realize that their email addresses are exposed to their contacts when they use the service. There are no fly-by-night "GMail games" that will sell anything they can get their hands on to RapLeaf. This has its ups and downs, but one of its consequences is that "transitive trust" must have its limits.
Google is specifically demanding an API, and further making demands about performance, uptime, availability, etc. of the API. They're being perfectly clear that exporting the emails to .csv file that then gets uploaded is unacceptable.
And again, it's their service, and their servers, and I'm libertarian enough to say that they should be free to do what they want with them. However, I'm also free to question their "Love is Hate, War is Peace, Closed is Open" syllogism with respect to Facebook, and I find it preposterous.
Google is, imho, perfectly within its rights to provide an email service that doesn't allow you to download your contacts easily, or doesn't allow it for certain services, or whatever. What I don't appreciate is the hypocritical Monday-morning-quarterbacking of how a very different service chooses to protect its users data.
All Google is saying is if you don't allow us to do it, we won't allow you. So if FB wants to "protect its users data" then they should too. End of story. They didn't really do anything more other than news sites picking up the story and running headlines with it.
>It gives you a zip file with all your contact info, photos, video, status updates, wall posts, etc. If somebody would like to write an importer for Diaspora, or Google Me, or even a non-vaporware competitor, they are well within Facebook's ToS, imho.
If I'm trying to write an importer for this Facebook data, how can I differentiate John Smith (my friend) from the thousand other John Smiths? It's easy to do if I have John's email.
>3. Most importantly, what Google is insisting on is completely insane.
Facebook can figure out who people know. They don't need to use facebook. Their friends' contact list is enough to construct a semblance of their social circle.
So the repercussions isn't limited to that person. They are implicating their friends' privacy (no matter how minor) to the very anti-consumer-privacy fronted company Facebook.
> The ability to export my friends' email sounds good, but as with so many social product ideas (e.g., themed backgrounds for profiles), it stops sounding so good when you realize everybody has the same power.
Then why does Facebook allow this very feature to yahoo mail users??
Google should just get in contact with Hacker News - they are great at preventing their precious data from getting out. I've never seen a big data set go up on bit torrent and have all traces vanish so rapidly!
I would never give my gmail password to any third party proxy. So this is how I imported my gmail email addresses to facebook a few years ago in the first place. I took the export from Gmail in CSV format, cleaned out anything but email addresses, and fed them in Facebook.
What really upsets me about Facebook is I refuse to start an account there but they already know everything about me because they tricked all my AOL/gmail-using friends into giving them full access to their contact lists.
So I constantly get spam from Facebook personalized with my name, location and list of friends, based on all the stupid data they have sucked up. It's borderline stalking.
Joining and locking down the account by disabling all the notifications would make them stop spamming you. Dunno what's more important to you, getting rid of the spam, or the principle of not having an account there?
Sounds to me like the "spam" you are complaining about is a communications service for your friends. No lawsuit there, unless every email you get from your friends but didn't ask for is also considered spam.
Would an invite to gmail by a friend be considered spam?
Nor is this "data scrapping[sic]" you mention anything of the sort if your friends deliberately requested, or passively acquiesced, to Facebook reading their address books.
Wonder if there will be statistics released on how many google users export data using this method. That would signal an interesting trend. Of course anything coming from Facebook HQ would have to taken with a pinch of salt.
I don't think the Nazis ever claimed to be liberating France. It was actually the Brits who wanted to "liberate" France but General de Gaulle kind of interfered with that by talking on the radio. But I know what you mean.
i don't understand why people tolerate facebook. they don't seem deserving of the trust people give them. first opt-in/opt-out privacy issues, now this... plus it doesn't seem like they're really trying to make money yet. i suppose this is what the initial "exclusivity" of the facebook brand got them: loyalty without needing trust.