Re: today's change in integrated facebook apps from Marcos Caceres on 2010-07-31 (public-privacy@w3.org from July to September 2010)

From: Marcos Caceres <marcosc@opera.com>
Date: Sun, 01 Aug 2010 01:05:40 +0200
To: Kristin Tigart <ktigart@tessituranetwork.com>
CC: public-privacy@w3.org
Message-ID: <4C54AC44.1070105@opera.com>

On 7/30/10 3:52 PM, Kristin Tigart wrote:
> Hello all:
> If you hadn’t already seen… today is the day Facebook changes the degree
> and manner in which integrated apps can surface profile data. >From
> their site… http://developers.facebook.com/docs/guides/upgrade#permissions
>
> As documented in the authentication guide
> <http://developers.facebook.com/docs/authentication/>, we are updating
> the way data read permissions are granted in the platform. Previously,
> when a user installed your application, your application would
> automatically get access to all of the data that user had permission to
> read on Facebook.com. Starting *June 30, 2010*, your application will
> only be able to read the publically available information
> <http://www.facebook.com/help/?faq=16374> of a user's profile by default.
>
> To get access to other parts of the user's profile, your application
> must explicitly request all of the data it needs to function. For
> example, if you want to incorporate a user's photos into your
> application, you would request the |user_photos| extended permission
> <http://developers.facebook.com/docs/authentication/permissions>. During
> the authentication process, the user is presented with a UI in which the
> user can authorize your application to access that specific part of her
> profile:
>
> Authentication dialog
> http://developers.facebook.com/images/devsite/auth-dialog-example.png
> <http://developers.facebook.com/images/devsite/auth-dialog-example..png>
>
> To protect the privacy of users who have not explicitly authorized your
> application, your application will only be able to access the basic
> profile information about a user's friends, like their names and profile
> pictures. If your application needs to access other data about a user's
> friends, you will need to request additional, special extended
> permissions. For example, if you want to enable a user of your
> application to browse her friends' photos in addition to their own
> photos, you would request the |friends_photos| permission in addition to
> the |user_photos| permission. You can request extended permissions in
> the initial authentication dialog or elsewhere in your application or
> website when appropriate.
>
> Also, as part of these changes, we will no longer support the automatic
> authentication feature available for some users of canvas applications.
>

About time!:) It still dumps the responsibility on the user so I hope 
Facebook make it clear what the potential impact of allowing 
applications certain permissions. Regardless, I think it is really good 
to have apps expose what data they will need access to up front.


-- 
Marcos Caceres
Opera Software

Received on Saturday, 31 July 2010 23:06:22 UTC