I had a few complaints that I wasn’t posting anything new and useful lately. It’s true. I could blame it on the fact that I had been on a little road trip for the past couple weeks, hitting Washington D.C., NYC and soaking in heat all up and down the east coast. The truth is that I’ve had tons of things I want to blog about, but I’ve been preoccupied with some new functionality for Massive Impressions’ web analytics software: MI360. This has practically made me “blog-off” for a month or two.
Some of the stuff I’ve been working on involves creating facebook apps. First of all, lets just say that it’s totally cool to create apps for facebook. Most people who use facebook don’t understand what a facebook app is and how it works. Here’s my ten second explanation:
Outside facebook, on any webserver, you create a webpage. Then within facebook, the developer creates an “app” by pointing to the web page. When someone views the app, it’s served inside the facebook shell – just like any other app, for example Zynga’s games Farmville and Mafia Wars. Even though it looks like those games are being served from facebook’s servers – they’re not – you’re just interacting with Zynga’s servers through your facebook account.
If you’ve designed facebook pages, you’ve probably experienced the “moving target phenomenon” – things change so often it’s difficult to expect anything to remain the same for long. And if you think it’s a moving target design-wise, you should see how difficult it is to obtain accurate coding documentation and examples. What worked yesterday isn’t necessarily working any more. This target is a super-mover.
Whining aside, there’s a treasure trove of stuff you can grab from facebook without explicit user permission. To get to the personal information that most facebook users believe is hidden through their privacy configuration, an app needs to be allowed permission. There are several levels of permission a facebook user can allow an app – but most people don’t know the difference.
I’ve allowed many apps permission to access “whatever” without looking too closely. Now that I know what these apps can do, it was probably a bad idea not to pay attention.
So how much access to your profile info do apps have? Next post I’ll detail the different types of access that each app can ask for – and what you can do if you’re paranoid about sketchy apps.