On the heels of the Twitter privacy flaw, where users’ “protected” data streams are automatically accessible to third parties via their API, Facebook has now been criticized for automatically enrolling all of its users (including me, apparently) in their new data-sharing API infrastructure. From Threat Level:
Popular social networking site Facebook announced, to great fanfair, a system that lets developers build new applications using Facebook user profile data, but one privacy advocate charges that the site failed to give users enough notice about how their personal data can end upon new websites without ever choosing to let that happen.
Thanks to the new system, Facebook users could find themselves having their looks publicly voted on at the Facebook extension site CampusRank.com, if anyone in their circle of friends nominates them. In fact, they could end up on that site or others and never know about it, since these sites can get data about you from anyone with the right to see your page on FaceBook.
Guilherme Roschke, a staff attorney at the Electronic Privacy Informaion Center and a Facebook user, says that FaceBook should have learned its privacy lesson from an earlier gaffe, when it unilaterally decided to push out information on users’ activities to their friends.
“Facebook hasn’t told people they are now being exposed to third party applications,” Roschke said. “They have made the general announcement, but there was no notice to me as to whether I wanted these settings. I didn’t have an oppurtunity to say no and I have to go in to the privacy page and opt out.
“Privacy is about control, and Facebook should have recognized from the last revolt that people want fine-grained control over their data,” Roschke said.Facebook is opening its community to outside companies using an set of hooks known as a Application Programming Interface, a set of protocols that let outside developers send structured requests to Facebook and automatically get information back. For instance, a Facebook user can log into a site that tracks political affiliations and that site can then send a request for user profile information about all of that person’s friends in Facebook. FaceBook hopes that opening up its data will make the site into a platform that will be widely used and keep it popular.
Its main rival, MySpace, has no API.
APIs have emerged as one of the defining features of this sexy Web 2.0 thing we’re slogging through at the moment – they allow all those nifty mashups and what not. Apparently, however, there is a need for scrutiny of the flow of personal information across API frameworks, whether users are consenting to these flows, and how they might impact existing informational norms (one of many future projects).