Facebook API – Applications, Data Mining, and Cornucopia of Useless?
Posted by aonomus on December 24, 2007
Well I’ve been meaning to talk about this for a while, for the many Facebook users who are reading this post, they will understand. Through a recent addition to the facilities that Facebook offers, the API now provided (application programming interface) gives us a multitude of applications. Those actually interested in the technical details can look here.
The API system allows 3rd party developers to query information about users that add said application from the Facebook servers revealing a multitude of information. Facebook actually provides a developers test console which allows you to test queries, with a simple query being users.getInfo on your own UID (user ID) with fields such as [first_name, last_name, music, tv, movies], try it. The Facebook query language (FQL) is used by and likely stored on 3rd party web servers to associate UID information to names, and further information relevant to the application.
Knowing that all the publicly posted information is accessible in such a manner, one could quite easily add ‘behind the scenes’ a system where user information is stored on a 3rd party server allowing for companies to develop, push and advertise a well developed application while simultaneously compiling demographics using age, geographic location, and current interests using all the available information ready to sell to ad companies. Fortunately emails are inaccessible via query (for now at least).
Due to the recent Beacon controversy the media have been covering privacy concerns with Facebook, however the Wiki page outlines it best.
Another clause that some users are critical of reserves the right to sell users’ data to private companies, stating “We may share your information with third parties, including responsible companies with which we have a relationship.” This concern has also been addressed by spokesman Chris Hughes who said “Simply put, we have never provided our users’ information to third party companies, nor do we intend to.” It is unclear if Facebook plans to remove that clause as well.
Recently serious privacy concerns have been raised over the security of 3rd party applications that users may install on Facebook (for example vampires, super poke etc). Third party applications have access to almost all user information and “Facebook does not screen or approve Platform Developers and cannot control how such Platform Developers use any personal information.” 
Filtering past all the legalese, it means that while Facebook says it won’t share personal information to 3rd parties, it says nothing about the user allowing 3rd parties to view said information. A fairly shocking example is a research project which automatically downloaded 70k profiles by simply iterating through all possible user ID’s numberically and processing publically available profiles  (76 page PDF warning).
Last but not least, who doesn’t hate having someones Facebook profile distended with 20+ applications so that the vertical scroll bar shrinks down to the size of a grain of rice on a 19″ screen? One should not have to scroll the length of 20 pages to see a simple message.
However in a strictly academic sense one could use the query system to prove the 6 degrees of separation theory, which I’d like to see….
- Criticism of Facebook [Wikipedia]
- Facebook Query Language Documentation [Facebook Developers]
- Jones, Harvey, & José Hiram Soltren (2005). “Facebook: Threats to Privacy“. (PDF)
This entry was posted on December 24, 2007 at 5:29 am and is filed under Facebook, Social Networking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.