

Facebook Finds A New Way To Liberate Your Gmail Contact Data - stevederico
http://techcrunch.com/2010/11/08/facebook-finds-a-new-way-to-liberate-your-gmail-contact-data/

======
kmavm
Some points that are getting lost in the discussion below. I work at Facebook.

1\. Facebook lets you export your data. It has been possible to do so ever
since the graph API debuted in April '10. Since the market wasn't filling the
gap, we even built a "download your information" product
(<https://register.facebook.com/editaccount.php> -> Download Your
Information). It gives you a zip file with all your contact info, photos,
video, status updates, wall posts, etc. If somebody would like to write an
importer for Diaspora, or Google Me, or even a non-vaporware competitor, they
are well within Facebook's ToS, imho.

2\. Facebook allows other sites programmatic access to the social graph. Yes,
the supposed "crown jewels." That's exactly what Facebook Connect is for. You
can see it in the wild on Pandora, Netflix, Yelp, Quora, and literally
millions of other websites that are already doing what Google claims it wants
to do: identify your Facebook friends.

3\. Most importantly, what Google is insisting on is completely insane.

The ability to _export my friends' email_ sounds good, but as with so many
social product ideas (e.g., themed backgrounds for profiles), it stops
sounding so good when you realize everybody has the same power. Think of it
instead as: all of your Facebook friends can export your email to anybody who
writes a Facebook app. Those spam quizzes? Every farm simulation knock-off
flash game? The day Facebook does this, every Facebook user will wake up with
their inbox crammed solid with spam from random Facebook applications that
they do not even use.

What Google has not explained is why they need _friends' email addresses_ ,
per se. Why couldn't whatever message they want to transmit be transmitted via
Facebook messages, or wall posts, which send email notifications to almost all
users anyway, and are already available via third-party APIs? This entire "not
open enough!" straw man is a set of moving goalposts that Google will use to
justify whatever competitive maneuvering they find convenient.

 _Facebook is in the right here,_ people. The product decision Google is
asking Facebook to take would be a disaster for Facebook users. Meanwhile, the
lever Google is using to attack Facebook comes entirely at the expense of
GMail's users, who before this episode were voting with their feet by the
millions to import their contact data to Facebook, and no longer have that
option. Google is making its users' lives worse, in an attempt to make
Facebook make _its_ users lives worse.

~~~
mikebo
If you agree it's wrong to allow a friend to export my e-mail address, why
should Google allow it either? It seems like Facebook wants to have its cake
and eat it too.

~~~
kmavm
They are _different services_. Facebook is a third-party platform in a way
that GMail has never been. If _your_ email address becomes _your friends'_
Facebook data, your email address will be distributed to many companies that
you have no direct relationship with. Who knows what those companies will
choose to do with it; we choose not to find out.

GMail simply does not have this problem: there are essentially no "GMail
apps", and users realize that their email addresses are exposed to their
contacts when they use the service. There are no fly-by-night "GMail games"
that will sell anything they can get their hands on to RapLeaf. This has its
ups and downs, but one of its consequences is that "transitive trust" must
have its limits.

~~~
justinchen
Isn't there a distinction between letting a single user export the emails of
his/her friends and having an API method for this?

~~~
kmavm
Google is specifically demanding an _API_ , and further making demands about
performance, uptime, availability, etc. of the API. They're being perfectly
clear that exporting the emails to .csv file that then gets uploaded is
unacceptable.

And again, it's their service, and their servers, and I'm libertarian enough
to say that they should be free to do what they want with them. However, I'm
also free to question their "Love is Hate, War is Peace, Closed is Open"
syllogism with respect to Facebook, and I find it preposterous.

------
dododo
or "facebook won't let you liberate your facebook data to alternate
providers".

i don't understand why people tolerate facebook. they don't seem deserving of
the trust people give them. first opt-in/opt-out privacy issues, now this...
plus it doesn't seem like they're really trying to make money yet. i suppose
this is what the initial "exclusivity" of the facebook brand got them: loyalty
without needing trust.

~~~
wh-uws
Most non-technical average users (read: the majority of their users ) just
don't really understand / care about the privacy issues.

They just love the experience they can find at and pretty much only at the
facebook site.

The tech press and media make an initial fuss about all of it but by the time
they figure out a way to bring it down to a level the masses can understand
facebook has put a notification on the top of the News Feed to explain.

I'm not agreeing with the practices merely attempting to explain why in the
minds of the lion share of facebook users mind it just does not matter

~~~
mattmanser
_Most users...don't really understand / care about the privacy issues_

You are completely and utterly wrong.

I was surprised too, but check out the slides that were posted by the Google
UX guy the other day showing their research.

[http://www.slideshare.net/padday/bridging-the-gap-between-
ou...](http://www.slideshare.net/padday/bridging-the-gap-between-our-online-
and-offline-social-network)

Users are circumventing Facebook to protect their privacy, using email and
self-censoring (this is further along in the presentation). There is also
anecdotal evidence presented at the beginning of when they are presented with
the not-so obvious consequence of general sharing they are actually quite
horrified.

~~~
daleharvey
urm, that slidedeck is from google employee, so fairly obviously bias plus the
"proof" it provides is one slide with an anecdotal quote.

I cant provide any stronger proof aside from their 500+ million users, but
anecdotally, outside this hacker news / techcrunch esque commmunity, nobody
cares about the facebook privacy issues. At the very least its in question
enough to not be "completely and utterly wrong"

------
ck2
What really upsets me about Facebook is I refuse to start an account there but
they already know everything about me because they tricked all my AOL/gmail-
using friends into giving them full access to their contact lists.

So I constantly get spam from Facebook personalized with my name, location and
list of friends, based on all the stupid data they have sucked up. It's
borderline stalking.

~~~
henrikschroder
Joining and locking down the account by disabling all the notifications would
make them stop spamming you. Dunno what's more important to you, getting rid
of the spam, or the principle of not having an account there?

~~~
ck2
Wait, cave-in to their bullying that I join their nonsense is a solution? Was
that a joke?

How about a class action lawsuit for unsolicited spam and data scrapping?

Much longer to wait for results but much more satisfying.

~~~
theclay
Sounds to me like the "spam" you are complaining about is a communications
service for your friends. No lawsuit there, unless every email you get from
your friends but didn't ask for is also considered spam.

Would an invite to gmail by a friend be considered spam?

Nor is this "data scrapping[sic]" you mention anything of the sort if your
friends deliberately requested, or passively acquiesced, to Facebook reading
their address books.

------
andreyf
Uh, exporting your address book from Google and uploading it to Facebook is
perfectly within any user's rights - it's a textbook example of data
liberation. Now if only I could export my facebook pictures and easily import
them into Picasa, or sync my facebook wall with my Buzz stream...

~~~
Derferman
Your photos are easily accessible using the Graph API[1]. I wrote a python
script which downloads all your photos and saves them to your computer[2].
However, I agree that Facebook doesn't make it easy for other web services to
access stored data.

[1]: <http://developers.facebook.com/docs/reference/api/photo>

[2]: <https://github.com/derferman/scrapebook>

~~~
refulgentis
genuine question (this sounds a little smarmy but I know nothing about Graph
API or web dev at all really): How is it not easy for other web services to
access this stored data when a random guy can easily throw a script on GitHub
to do it?

~~~
andreyf
Not sure if this is the right answer, but a guess: it's easy for other web
services to access this stored data if the user provides them with their
Facebook login and password, which no self-respecting service would ever ask
for. Even if Google did at one point get users to give up their facebook
credentials, the API's they access will probably block IP's that try to access
multiple users' data in a short amount of time.

The best solution, IMO, is to use the browser as a platform: a Chrome
extension can allow users to seamlessly sync data between services, because
Chrome already has access both to your Facebook account and your Picasa
account.

~~~
yariv
With the Facebook API, the user doesn't have to provide any third party his
credentials to allow the third party to access his data. Facebook uses OAuth
to securely pass an access token to the third party while protecting the
user's credentials. See <http://developers.facebook.com/docs/authentication/>
for more info.

(I work on the Facebook platform.)

~~~
andreyf
Ah, but if I remember correctly, the terms of that OAuth usage explicitly
state that while data may be _accessed_ and _used_ , it can't be stored
indefinitely (with good reason, sometimes I don't want some app toy to
indefinitely store all the information I trust Facebook with). So if a third
party uses that API as an export mechanism, their API access should be
(rightfully) shut down.

BUT - what if I actually want to export all of my photos into SomeApp.com, and
I want to give SomeApp the right to store my photos indefinitely? Is there an
API they can use to pull it from Facebook directly?

~~~
yariv
It used to be the case that apps could only store your data for 24 hours, but
we removed this restriction in the last f8 conference.

You can definitely export all your photos into SomeApp.com using the graph API
and they can store your photos indefinitely. These APIs are documented at
<http://developers.facebook.com/docs/api>.

~~~
andreyf
Oh, cool! Big misconception on my part, thanks for clearing it up :)

------
michaelhart
Google could easily fix this w/o impacting other services: block Facebook's
referrer. And then present them with an opt-in page for Google.me... BOOM!
Instant win? High five.

~~~
konad
You do know the referer header is optional don't you, I mean, you'd look
pretty dumb relying on it for _any_ web service because, you know, some crazy
people turn them off altogether, perhaps with the Firefox add-on RefControl.

~~~
adambyrtek
You're missing the point. It's not about disallowing importing the address
book from Gmail to Facebook, it's about making it more difficult in order to
force Facebook to offer reciprocity.

You will always be able to export the CSV version of your Gmail address book
yourself and feed it wherever you like. It's just slightly less convenient and
the experience is not so smooth anymore.

~~~
michaelhart
I'm so glad someone understands.

------
mrspeaker
Google should just get in contact with Hacker News - they are great at
preventing their precious data from getting out. I've never seen a big data
set go up on bit torrent and have all traces vanish so rapidly!

------
yason
I would never give my gmail password to any third party proxy. So this is how
I imported my gmail email addresses to facebook a few years ago in the first
place. I took the export from Gmail in CSV format, cleaned out anything but
email addresses, and fed them in Facebook.

~~~
krosaen
google contacts supports oauth so you don't have to provide your password. I'm
not sure whether facebook uses this support though

------
atamyrat
Google added private API to Android to make contact data imported through
Facebook sync adapter in-accessible/invisible to other applications!

Maybe Google should respond by removing that restriction.

This API was implemented specially for Facebook and only used by them.

------
codyguy
Wonder if there will be statistics released on how many google users export
data using this method. That would signal an interesting trend. Of course
anything coming from Facebook HQ would have to taken with a pinch of salt.

------
bhavin
Facebook 'Liberating' you gmail contact data?

Sounds like Nazis 'liberating' France in WW2.

~~~
dawgr
I don't think the Nazis ever claimed to be liberating France. It was actually
the Brits who wanted to "liberate" France but General de Gaulle kind of
interfered with that by talking on the radio. But I know what you mean.

------
noahkagan
and by liberate they mean spam.

------
RtodaAV
Kinda off topic but does anybody know the status of ''Google Me''?

------
RtodaAV
The ball's in your court google

