Facebook’s God complex: No data for the “wicked”

I was quoted recently in a TechCrunch article about the ongoing battle between Google and Facebook to draw users to their respective social networking services. In the article, The Only Backdoor Left To Sneak Your Facebook Friends Into Google+ Is Yahoo, Erick Schonfeld writes:

‘Over the weekend, Facebook blocked a Google Chrome extension called the Facebook Friend Exporter. And in fact, Facebook changed its OAuth 2.0 API in such a way that it “suddenly removed email addresses from the queries without warning,” says Owen Mundy, creator of Give Me My Data. Other data can still be exported, just not your friends’ email addresses.’ [1]

I wanted to clarify something about the above because my contribution is slightly vague. I also wanted to elaborate for other developers and people interested in how to get their data, specifically the email addresses *out* of Facebook.

Getting your data our of Facebook is a hot issue right now with the emergence of Google+. It’s important to be able to preserve your data, especially in the event you want to exit Facebook, or prepare for its possible demise. I think most people don’t care which social networking software they use, as long as they can stay in touch with their friends. Many depend on Facebook to keep their friends’ contact information up to date. Their friends’ phone numbers, emails, and physical addresses may have changed, but they can still be found on Facebook.

This is one great benefit of Facebook, but I think they’ve come to take a higher-than-thou approach to user data. For example, if I use a single software on my computer to manage contact data for my friends, send them messages with pictures, etc., I am not locked-into a contract with the machine nor the software. I physically have the device that stores this data in my possession, and therefore can do whatever I like with it—assuming I can wrangle my data out of it.

One of the great benefits of the cloud is access, right? Wrong. Facebook has a god’s eye view regarding the matter of our data. The view from on high is that they can do whatever benefits Facebook, not necessarily the user. So they continue profiting from our activity while protecting it’s evidence from any company/person/software which could compromise their lead in social networking. Unfortunately this includes us, so we are ultimately at their mercy.

But Facebook is not a merciless God. They don’t charge to use their service or store my data. This is the tradeoff. We sacrifice privacy—our right to not be tracked, advertised to, or sniffed by governments—in order to play games, have stupid political debates, and post pictures of our kids. So, they have the right to allow or prevent access to this information, regardless of whether it is right.

Regarding getting email addresses of your contacts, as far as I know, there are three ways to mass export your friends’ contact data, only one of which is currently allowed by Facebook.

Hacking

The Facebook Friend Exporter, created by Mohamed Mansour, is a browser extension that works independent of the Facebook API. It scrapes your friends’ contact data from the Facebook pages you visit and exports them as CSV. First, Facebook’s rules here for reusing this type of data are not exactly clear. While they don’t explicitly ban saving the contact info of your friends, the have a catch-all statement that tries to set guidelines for doing so. One could argue by accepting your friend request a user has already consented to sharing with you.

“If you collect information from users, you will: obtain their consent, make it clear you (and not Facebook) are the one collecting their information, and post a privacy policy explaining what information you collect and how you will use it.” [2]

One thing that is clear is the method the Facebook Friend Exporter extension uses is banned according to Facebook’s Statement of Rights and Responsibilities:

“You will not collect users’ content or information, or otherwise access Facebook, using automated means (such as harvesting bots, robots, spiders, or scrapers) without our permission.” [2]

And as expected, Facebook has taken measures to prevent Mansour’s app from working.

“Mansour says that Facebook removed emails from their mobile site, which were critical to the original design of his extension. He told me that the company had implemented a throttling mechanism: if you visit any friend page five times in a short period of time, the email field is removed.” [3]

This is not the first time Facebook has referenced their Statement of Rights and Responsibilities to take measures to keep user data from hackers, artists, or competitors. In 2010 they served moddr and other makers of the Web 2.0 Suicide Machine with a cease and desist letter to prevent them from providing a service for Facebook users to delete their accounts. The letter, which claimed the project was guilty of “Soliciting users’ Facebook login information; Accessing a Facebook account belonging to someone else; Collecting Facebook users’ content or information using automated means such as scripts or scrapers without Facebook’s permission” was possibly effective. Currently only users of MySpace, LinkedIn and Twitter can commit “virtual suicide.”

The Face to Facebook (see image on left) project by Paolo Cirio and Alessandro Ludovico stole one-million Facebook profiles, filtered them with face-recognition software, and then posted them on a fake dating website sorted by facial characteristics. From a statement by the makers:

“Everybody can steal personal data and re-contextualize it in a completely unexpected context. And that shows, once more, how fragile and potentially manipulable the online environment actually is.”

I agree, and I like the project. But in a public work such as this it’s hard to argue, in my opinion, that this project will help the average web user. While many may reconsider the type of information they post, more than likely they will think this project is another example of the “bad guys” (a.k.a. hackers) doing bad things. While it critiques, in a very amusing and relevant way, the issue of online privacy, it leaves the user feeling violated, not necessarily thoughtful. As a work of protest it encounters the same problem that holding a giant sign in someone’s face that says “go to hell”—It makes it hard for the other person to see your perspective when you do that.

While I appreciated the fun jab and reference to FaceMash, Facebook did not see the humor in the project. The creators received cease and desist letters and were threatened with multiple lawsuits from Facebook’s lawyers. And in a final spiteful measure, Facebook deleted their profiles [4]. Apparently the rule is, what happens on Facebook, stays on Facebook.

Using the API

While I was sure that in the past my app, Give Me My Data, was able to retrieve a user’s friend’s email address, when I tested it after the Facebook Friend Exporter news broke I found no emails. Looking around the web I can’t find any evidence that Facebook ever allowed this data to be accessed. While you can still export all other data from your Facebook profile using Give Me My Data, this tiny and important string of characters with an ‘@’ is one essential component Facebook won’t allow. Likely, the policy was spurred by spam prevention, but given the above, it has the added bonus of blocking an exodus of users from Facebook.

In any case when you run the following FQL (Facebook Query Language) against their API it doesn’t error. This means the field exists, but they have written a custom script to remove it from the results.

SELECT first_name, middle_name, last_name, email
FROM user
WHERE uid IN (SELECT uid2 FROM friend WHERE uid1 = me())

Becoming a Preferred Developer

In the article above, Schonfeld also explains how users can access their Facebook friend’s contact info by first importing it into a Yahoo! account and then exporting a CSV which can be imported into Google+ (or anything for that matter). I believe that Yahoo! belongs to the Facebook Preferred Developer Consultant Program which gives them access above and beyond regular developers:

“Facebook provides PDCs with increased access to its employees and training. PDCs are expected to abide by program expectations around policy compliance, integration quality, and high-level cooperation with Facebook.” [6]

Whatever kind of cooperation it is that Facebook is giving these preferred developers, one can be sure it includes access to data Facebook considers sensitive, like email addresses. While Yahoo! is not listed as a preferred developer on the Facebook page above, they have access to the emails so they clearly have some kind of arrangement.

Google, on the other hand, most definitely does not. This is not the first time Google and Facebook have gotten into a scuffle over sharing (or lack of) data. Late in 2010 Google stated they would no longer allow Facebook and other services access to their users’ data unless Facebook or the other service allowed data to be accessed by Google. [7]

In closing, we already know everyone wants our data. All the clicks, likes, comments, photos, and video we incur or upload are tracked, analyzed, and ultimately compiled and sold to advertisers or others in the business of molding consumer (or political) behavior. We’ve come a long way since Gutenberg, but just like when he was alive, it seems there will always be powerful groups in control of the media of the day. And, even with the utopian promise of a democratic internet, information continues to be manipulated or hidden in order to keep them powerful.

Notes

  1. Schonfeld, Erick, “The Only Backdoor Left To Sneak Your Facebook Friends Into Google+ Is Yahoo,” Jul 5, 2011, http://techcrunch.com/2011/07/05/google-facebook-friends-yahoo/
  2. “Statement of Rights and Responsibilities,” Facebook, last revised April 26, 2011, http://www.facebook.com/terms.php
  3. Protalinski, Emil, “Facebook blocks Google Chrome extension for exporting friends,” July 5, 2011 http://www.zdnet.com/blog/facebook/facebook-blocks-google-chrome-extension-for-exporting-friends/1935
  4. “Angry Victims and Eager Business Partners React to the “Face to Facebook” Art Stunt,” ARTINFO, February 11, 2011 http://www.artinfo.com/news/story/36963/status-update-angry-victims-and-eager-business-partners-react-to-the-face-to-facebook-art-stunt/
  5. Gayathri, Amrutha, “Why Facebook’s Acts of Desperation Are Not Enough to Stop Google+,” International Business Times, July 6, 2011, http://www.ibtimes.com/articles/174946/20110706/google-plus-facebook-chrome-extension-block-facebook-friends-exporter-disable-social-network-yahoo-b.htm
  6. “Facebook Preferred Developer Consultant Program FAQ,” http://developers.facebook.com/preferreddevelopers/#FAQ
  7. Oreskovic, Alexei, “Google bars data from Facebook as rivalry heats up,” Reuters, Nov 5, 2010, http://www.reuters.com/article/2010/11/05/us-google-facebook-idUSTRE6A455420101105
-->