
Facebook Now Shares Phone Number & Address With Third-Party Apps - rwwmike
http://www.readwriteweb.com/archives/facebook_now_shares_phone_number_address_with_thir.php?sms_ss=hackernews&at_xt=4d3346d0e7608241%2C0
======
joe_the_user
As I recall, Facebook still won't let the app/script that I run myself save
the email addresses of my friends that they choose to share with me (I can
manually save each shared email-address of each friend of my hundred friends
but the terms of service prohibit any bulk downloading of this information).

So the assumption is that I, as a user, am naturally more willing to share my
contact information with anonymous application X than I am with my friends.

Naturally, this is indeed a transparent effort at lock-in.

------
ssclafani
Less sensational headline: Facebook Now Allows _You_ to Share _Your_ Phone
Number & Address With Third-Party Apps

~~~
nhangen
If this is true, then why was it announced to developers and not users?

~~~
jschuur
It's announced to users where it matters: when they are asked for permission
to share their data.

~~~
nhangen
Ok, so tell me -

1\. Does this apply to current developer/client connections? 2\. Will the
connection request specify that you are giving consent to address & phone #?
3\. Will you be given the option to specify which data you give to
applications or will it continue to be all or nothing?

I'm not a user advocate, but I can tell you this - I'm tired of FB constantly
glossing over the details.

------
motters
I seem to remember that not so long ago it was standard advice not to give out
your address or phone number to people you don't know on the internet.

~~~
WillyF
Most people also didn't use their real name online. Facebook played a huge
role in changing that.

------
beoba
Where's the option to choose which items get sent? Looks like all or nothing.

~~~
chapel
I have been wondering that for a while; why isn't there a conditional
permissions system that you can choose what gets shared or not. It wouldn't be
that hard for app developers to sanity check for what is available or not, and
tell the user if it is an issue.

The all of nothing mentality is flawed, much like most of Facebook's decisions
it seems. (imo)

~~~
JanezStupar
It is not flawed by any means - from Facebook POV.

------
FirstHopSystems
With a multi-billion dollar valuation, I'm sure that the majority of
Facebook's value is in all information it gathers about you. Is this any
surprise to anyone? One way or another Facebook is trying to monetize your
info. Maybe it's just me but there always seem to be some kind of news fading
away about Facebook privacy. I'm my theory that's why they are worth so much.
Don't think they are going to stop doing this anytime soon.

Opt-out..hahaha maybe opt-out of only the really obvious ways Facebook is
selling your info.

------
EGreg
I've been developing Facebook Connect applications for a long time, and I'm
wondering - hasn't facebook had this feature already for email addresses?

One of the permissions read: "Send me email" (optional: send through a
facebook proxy)

So now, you can also let the apps know phone number through the graph? I don't
find that too big of a step. CAN-SPAM still applies. Perhaps they should set
up proxies for the phone number, though.

What I find more funny is that ReadWriteWeb writes:

"Thankfully, this sort of information cannot be shared via your friends'
careless actions, unlike other profile information."

which is in direct opposition to the attitude that blogs had on the same issue
when Google complained that facebook was "trapping your contacts" by not
letting you export them. Now they are thankful facebook doesn't do this :)

~~~
rwwmike
Who owns your online identity is a completely different thing than letting
this sort of contact information leak through the carelessness of your
friends. Other profile information of yours, if you don't correct FB's
settings, can be given to third-parties by way of your _friend_ saying okay.

That is, thankfully your friend can't decide they want to share there contact
information with some app and vicariously share yours too.

Big difference.

------
andysinclair
But how many people have added their full address and phone number to their
Facebook profiles anyway? I would bet that the majority of people have their
city/town set and not their full address and won't have specified their phone
number at all.

However, this really could be quite useful if used legitimately, i.e. Facebook
commerce, having shipping address available; location aware apps etc.

~~~
estel
Anecdotally, something like 30% of my friends list (not particularly tech-
savvy skewed) probably share their phone numbers.

It's also one of the most useful features of the whole site, if I'm out
somewhere and realise I suddenly need to call someone whose number I can grab
from Facebook.

------
pasbesoin
I commented on this already in another thread that I saw first. My apology for
bending the rules, just this once, by posting the same comment a second time
in this active thread to make the point:

I'm sure my relative would appreciate her abusive ex getting his hands on her
phone number. (And given past problems with third parties, I have to think
this information -- speaking generally if not specifically -- is going to
leak.)

You use the cell phone number as part of password recovery / identity
verification (as I understand it). And then you do this?

------
ChipsAndSalsa
The idea of allowing users to control what individual permissions they have is
good in theory, very hard in practice. It faces two main challenges that I can
think of:

1) There are UI issues that have been raised elsewhere in this thread -
mainly, that users get confused when shown a set of complex options. Having
watched usability studies where users are given a lot of relatively complex
options, I'd suspect that a model where users have to pick among the
permissions to give an app is going to fail massively (ie, user turns on
everything without actually understanding anything, turns off everything by
default or just cancels out of the app install altogether.) A model where apps
request permissions right when it's needed will be annoying users with all the
dialogs needed.

2) Some apps don't work if they don't get all the permissions they need
(imagine an address book app for an email program - if you don't get email
address it just doesn't work.) Adding a lot of conditionals to change how your
app works based on what permissions they get can be expensive and adds a lot
of unnecessary test cases.

In my opinion, Facebook's decision give more granular permissions, but to make
it an all or nothing proposition allows them to protect their users by
removing spammy/malicious apps, and simplifies the applications built on their
platform . This puts responsibility on them to actively remove malicious
applications, and on developers to pick only the permissions they need. Given
that users tend to make bad decisions given a set of complex options that they
don't understand, it seems like they made a rational choice. AppStores on the
various phone platforms have a similar decision to make as to how to best
protect users from apps, and there isn't consensus as to the best model in
that arena either.

They do need to step up their activity to remove malicious apps in light of
giving regular applications this option.

~~~
gergles
"Remove malicious apps" doesn't undo the damage they caused. A reactionary
approach only works until the first gigantic breach occurs, at which point
people will finally start to ask "why do I have to give ShittyGame every
permission under the sun?"

It's the same on Android. Why do I have to give any app that wants to display
ads in my face permission to read my phone number and device serial number?
Hell, on some carriers that's all you need to clone the phone and steal
service from it. What possible reason could there be for that? It's poor
design, and there's no reason I need to give "Bob's Fun Game" my telephone
number just so it can have a unique ID to datamine later. Generate one on
startup and use that.

The problems are similar and the solutions are similar - line-item veto for
permissions, period. If your app can't handle it, crash - I'd rather have a
broken app than risk my privacy for it.

------
itsnotvalid
So from now on, we need to remove two more items from our profile.

Well, as long as we are not allowed to partially denie permission requests
(which of course would make certain apps not able to share our information to
other third parties)

------
rwwmike
Here's the follow-up story...

[http://www.readwriteweb.com/archives/facebook_identity_the_c...](http://www.readwriteweb.com/archives/facebook_identity_the_continued_push_toward_becomi.php)

------
JasonPunyon
Just in case anyone else is wondering...

[http://webapps.stackexchange.com/questions/1/how-do-i-
delete...](http://webapps.stackexchange.com/questions/1/how-do-i-delete-my-
facebook-account)

------
tlack
I wonder if Facebook developed this functionality to aide companies bringing
their ecommerce efforts directly onto Facebook (as Amazon and hundreds of
others are now doing).

------
celticjames
You know who else shares my phone number and address? The phone book!

~~~
Flenser
_You know who else shares my phone number and address? The phone book!_

but the phone book doesn't call up the websites you visit to tell them that
it's you that's visiting them. It's not about the specific information being
available; it's about the context it's available in and what other information
it could be connected to.

------
mobileed
No, Facebook doesn't share this information - you do! Let's be clear here.
Those who are dumb enough to put their PII data on Facebook and the alike are
sharing their information. My God, can we stop blaming someone else for our
stupidity?

~~~
jarek
Facebook is in a weird middle spot between totally public and totally private.
You log in, and you primarily interact with friends, but then a friend can
allow an application to programmatically access your data... People have
problems parsing the situation. Further, Facebook used to be much more
private, and the constant adjustment of goalposts doesn't help.

------
shankx
When somebody knocks at your door, peep through the peephole first. It might
be some stalker who got your address from an app.

------
samic
there is always a problem with facebook! I can't trust them ever!

------
beaumartinez
ReadWriteWeb-sponsered submission? Check the URL, it has a tracking string
(for want of a better word) with "hackernews".

~~~
code_duck
If you look at the bio of the submitter, he writes for ReadWriteWeb and, I
believe, wrote the article. Nothing wrong with that; people often submit their
own work here.

~~~
rwwmike
You are correct. I write for ReadWriteWeb, wrote the article and I _think_
that the URL has that code in it because I clicked on the Hacker News button
on the article to share it.

:)

~~~
beaumartinez
Perfectly good! I have no issue with it, I just thought it was worth pointing
out as I had seen the same URL tweeted.

