Becoming Professional: A Blog

by Sean MacEntee on Flickr

Privacy is a big concern, particularly on Facebook. And for absolutely good reason, too. After all, I’m sure we all have those ex-friends we not only never want to see again, but would like to never see us again, too. Keeping who you want close, close and who you want far away as far away as possible is only natural.

That includes companies. These days there is a barter system going on with our private information. We like a brand’s page and allow them to see our demographics in exchange for potentially fun posts and, even better, free stuff. Sounds like a deal, as long as I’m the one who gets to okay it. This same barter is seen on Amazon, where the site learns what you like and makes, sometimes very astute, recommendations. But only when you’re signed in.

But, what about those cases when you’re not signed in. When you didn’t sign up for something and they’ve scraped your data from your Facebook profile? You didn’t sign up for it. I didn’t sign up for it. How can we avoid this danger?

But, is there really a privacy threat?

I mean, no doubt Facebook has privacy issues. Otherwise people wouldn’t be complaining left and right. I do not doubt this, and will not argue against it.

But I will point out that it’s incredibly difficult to get at your public data on Facebook by using the legal Open Graph API. I know because I tried to access my own public data  and that of my friends through that API while not signed in. Here’s what I found:

Go ahead and try it on your own account. All you need is your account ID number, which you can find here:

Then just type in https://graph.facebook.com/ followed by that number into your browsers URL bar and – tadaa! You can see what is available publicly about you.

I don’t know about you, but I really don’t care if people know I’m female, speak American English, and thus assume I’m an American female. As far as my name goes, I use a pseudonym online, so have fun!

Notice that even if my privacy settings were to make everything public, they still wouldn’t show up with this public Open Graph API search. That’s because Facebook doesn’t use the word public here the same way that we do. The information displayed above is “public information.” But in order to get at the information I’ve shared with the world on my Facebook Profile, any application developer needs an “access token.”

To get an access token, Facebook’s developer website explains that an app must go through three stages: user authentication, app authorization, app authentication. User authentication is just verifying that the user is who he says he is, same for app authentication. App authorization, however, is that bit where we’re asked to allow the app access to various bits of our data.

See that bit up at the top, by my profile pic? “Access my basic information” really means “access all the public stuff I’m too silly enough not to set as private on my profile security settings.”

“Public” does not mean “public”

Let’s back up a second. “Public” in the eyes of Facebook app developers is basic demographic information. “Public” in the eyes of you, me, and most consumers is the stuff we set as available for strangers to see on our profiles. Companies and other systematic organizations cannot even see what we allow complete and total strangers to see. At least through this API.

I’m actually a bit reassured by that.

Of course, I’m sure there are work-arounds, particularly for the less than legal. However, at least when it comes to companies trying to spy into my life using the Open Graph API, I can rest assured that it’s a bit more complicated than just searching my name with this tool and that if they want to legally pry into my life, I have to give them permission.

*Note: I am not a Privacy Expert. I just tweedled around with the Open Graph API and this is what I found. As I said, I’m sure that there are other ways to spy on us. I just don’t think this is one of them. So you should always set your privacy settings as high as possible!