
Why in the world does Facebook let me do this? - iamelgringo
https://graph.facebook.com/search?q=rectal%20surgery&type=post
======
iamelgringo
Just to clarify. I don't have an app. I don't have anyone's permission to do
anything. I'm just messing around with URL's in their search API:
<http://developers.facebook.com/docs/api>

This is also what prompted my to try and start a discussion about privacy over
here: <http://news.ycombinator.com/item?id=1341227>

From the search api docs:

 _You can search over all public objects in the social graph
with<https://graph.facebook.com/search>. The format is:

[https://graph.facebook.com/search?q=QUERY&type=OBJECT_TY...](https://graph.facebook.com/search?q=QUERY&type=OBJECT_TYPE)
We support search for the following types of objects:

All public posts:
[https://graph.facebook.com/search?q=watermelon&type=post](https://graph.facebook.com/search?q=watermelon&type=post)
People:
[https://graph.facebook.com/search?q=mark&type=user](https://graph.facebook.com/search?q=mark&type=user)
Pages:
[https://graph.facebook.com/search?q=platform&type=page](https://graph.facebook.com/search?q=platform&type=page)
Events:
[https://graph.facebook.com/search?q=conference&type=even...](https://graph.facebook.com/search?q=conference&type=event)
Groups:
[https://graph.facebook.com/search?q=programming&type=gro...](https://graph.facebook.com/search?q=programming&type=group)
You can also search an individual user's News Feed, restricted to that user's
friends, by adding a q argument to the home connection URL:

News Feed: <https://graph.facebook.com/me/home?q=facebook> _

~~~
bcl
To be clear, this is only searching public posts. Its just that a large number
of FB users either don't know, or don't care, what they are now broadcasting
to the world.

~~~
natrius
There's a little lock button under the status box that lets you set your
privacy settings for each post. They should expand it to put the actual label
of your privacy setting on the button, so people would see "Everyone" on the
button when talking about their rectal surgery. I honestly think most people
don't mind posting their thoughts for everyone to see (cf. Twitter), but there
is definitely a minority that is doing so accidentally, and that's easy to
fix.

~~~
27182818284
The lock is especially powerful if you combine it with lists. For the longest
time I didn't know about lists because I didn't use FB's chat or any similar
features that revealed lists to me. Being able to quickly block just "Family"
or "Old Bosses" via lists and locks is one security change FB made that really
works for me.

(one big problem, though, is that I don't think there is a way from Facebook
mobile to use the lock's functionality.)

------
subwindow
The correct question is "Why is the default wall post set to 'Everyone'?"

Searching public posts is just fine. I just think that people should be more
made aware of who exactly they're broadcasting to.

~~~
axod
Surely if you write on someones wall, then all of _their_ friends can see it.
Trying to keep any sort of privacy there seems problematic.

It's called a wall for a reason :/

~~~
jkincaid
This is the same kind of logic Facebook is using to justify their moves to
make everything public, and it's flawed. These are different kinds of public.

For example, with Facebook fan pages there used to be an option to hide which
pages/groups you were a fan of. Now you can't do that — all of these are
public. There is now no way to hide them without 'unfanning' them.

Yes, before the change if someone started looking through the many thousands
(millions?) of fan pages they could have found you listed on one. But now it's
just sitting on your profile page.

~~~
glhaynes
It's hard for me to see what the problem is there - it's like me putting a
bumper sticker on my car then being worried that everybody might see it,
right? Do many people really 'Like' fan pages that they don't want other
people to know they like? If so, what's the point? If I like something that I
don't really want people to know I like, I just don't 'Like' it on Facebook.

It's obviously very inappropriate to change the privacy settings in ways that
deceive people or change privacy settings without users knowing (clearly, and
well in advance) that they're going to be changed. But it's hard for me to
foresee a coming Facebook diaspora over privacy when I don't think most people
think of Facebook as being private... the incredibly vast majority of people
that I know don't see privacy as a hierarchical set of access control lists
that they're going to tweak to their contentedness: I think they see a
particular site as either private (say, gmail) or public (Facebook) and treat
their interactions on the site along that binary divide.

~~~
Qz
A bumper sticker on your car can only be seen by people who actually see your
car (small subset of the world). A public post on facebook can be found by
anyone who wants to search for it (potentially large subset of the world). I
have no way of knowing if you have some crazy bumper sticker on your car, but
if you posted something on FB then I can find it via search.

~~~
glhaynes
Indeed. But what bumper sticker am I gonna have that I don't mind the 3.5
million people in my city's vicinity potentially seeing but I'm worried about
somebody on the other side of the world seeing? I'm sure some such items can
be hypothesized (though I'd still ask the person why they're putting a bumper
sticker on in the first place if there's _anybody_ they don't want seeing it),
but my point is that in practice this just doesn't concern most people and
it's hard for me to see why it should.

edit: I think there's perhaps a distinction here between things like personal
profile information (one might not one's psycho ex to see their phone number
or even wall posts, while not minding sharing them with friends) and things
like fan page liking. The former certainly needs privacy controls, and they
should be clearer than they currently are; the latter is hard for me to get
upset about, and I think it dilutes the message of privacy advocates to
mention it.

~~~
Qz
The idea that some kinds of information are more or less suitable for privacy
controls is nonsensical. Say some college kid Bob is gay, but he hasn't told
his parents. Bob goes to some fan page for a local GLBT organization etc, and
'becomes a fan', because previously that didn't show up on his profile where
his parents might see it, and his parents wouldn't be visiting that fan page
anyway. Well, now FaceBook goes and makes fan pages visible on your profile,
and suddenly Bob's parents have a lot of questions for him.

You may not find yourself in that kind of situation often, but it is a very
real possibility -- there was even a study done where a computer could make a
highly accurate guess of whether you were gay just by looking at who is in
your friends list (also public), without any information from your profile.
Everything on facebook is information.

I could give you an example where the bumper sticker is also relevant, but I
think the example above is enough to prove my point.

~~~
axod
It doesn't prove anything.

His parents could be fans of that page. His teacher could be.

Becoming a fan of a page, but wanting that to remain private seems
contradictory to me.

~~~
Qz
If you've got an opinion that's fine, but if you post it on here, the least I
expect is for you to back it up with reasoning rather than just 'seems
contradictory to me'.

~~~
axod
My point is, that people become a 'fan' of something, in part, if not often
solely to announce to other people that they're a fan. It's inherently social.

Maybe if you're a fan of something deeply unpopular - Java for example, then
you'd want to keep that as private as possible.

I think it'd probably just be best for facebook to make the leap and say "OK
you privacy nerds, SHUT UP. From now on, everything is public apart from
private messages. Now quit your incessant whining."

~~~
Qz
That's exactly what they _have_ said, in not so many words. And yet people are
still whining incessantly.

As for 'becoming a fan' being inherently social, that's true. The issue is
whether something that's inherently _social_ is also _inherently_ public.
Going on a date with your girlfriend is social, but you may not want it
inherently public (and keep in mind there's a difference between _internet
public_ and _people seeing you together at a restaurant public_.

------
jasonkester

      {
         "error": {
            "type": "OAuthException",
            "message": "Error processing access token."
         }
      }
    

Is that what everybody else sees?

~~~
natrius
I think the access tokens expire after a while.

EDIT: Apparently the access token isn't necessary, but it can break things if
it's there. The URL of this submission should be changed to omit the access
token parameter. If that still doesn't work, the instructions below will give
you a URL with a Facebook-generated access token that will eventually expire
as well.

1) Go here: <http://developers.facebook.com/docs/api#search>

2) Click on the link to search all public posts for "watermelon".

3) Alter the URL to say "rectal surgery" instead of "watermelon".

~~~
eru
Looks like you need to be registered at facebook to make 1) work.

------
ErrantX
Samre reason Twitter lets you do this:

<http://twitter.com/#search?q=rectal%20surgery>

(there is a difference, I guess, in that on Twitter it is "common knowledge"
that everything is public by default - whereas on Facebook it is reasonable
for an individual to realise how public their data might be on their current
privacy settings)

~~~
sajid
At the very least, FB should make a distinction between 'Everyone' and
'Public'. Where the former means everyone on Facebook and the latter means
everyone on the internet.

~~~
ryanwaggoner
In practice, is there really a difference? Facebook has hundreds of millions
of users and it's fast and free to sign up, so I'm not sure I see the
distinction, other than maybe search engines...

------
sp332
Cool example, but you really shouldn't publish your access token like that.

~~~
ErrantX
<humor> Facebook will be publishing it anyway next week :) </humor>

~~~
ElbertF
To bad you closed the humor element, otherwise all the comments below yours
would have been funny as well.

------
crad
I thought this was a rather humorous thing to search on:
<https://graph.facebook.com/search?q=facebook%20privacy>

Mainly people warning about the privacy changes, yet have public status
updates.

~~~
TallGuyShort
Nobody's complaining about the existence of public status updates - that's all
twitter is. People are complaining about the subtlety of it and the general
lack of knowledge about it.

------
aw3c2
Why in the world would you post about your rectal surgery on the internet
using your real name or an easily traceable identity if you did not want the
internet to know about it. Missing privacy education maybe?

~~~
nfnaaron
Because you think, through no longer valid experience or through
misunderstanding, that you're only communicating with your friends.

Email is a good example. You carry on a conversation about rectal surgery with
email correspondents (maybe your doctor). You may have a vague idea that
system administrators or men in the middle may be able to read those emails,
but you have the conversation anyway because you assume (with some
justification) those are unlikely circumstances. You have just posted about
your rectal surgery on the internet (over which email travels).

If you were to find your emails publicly searchable you'd be rightly upset.

I originally thought my posts on facebook were only visible (using the English
definition of visible, not facebook's co-opted definition) to my specific
friends. Many people probably still think so, and it's not an unreasonable
leap.

~~~
megablast
Or maybe, after having to go through something like that, privacy is not the
first, or last thing on your mind.

After surgery, you are happy to hear the good news that things went well, you
are on your way to feeling a lot better, and want to share that with
everybody.

------
sajid
These people must have their privacy set to 'Everyone'.

Facebook's Privacy Guide states that such information may be visible to
everyone on the internet.

~~~
alanstorm
I believe you meant to say "These people must have __had __their privacy set
to 'Everyone'.

------
CoryMathews
Because they couldn't care less about privacy.

------
nfriedly
Link that doesn't expire:
[https://graph.facebook.com/search?q=rectal%20surgery&typ...](https://graph.facebook.com/search?q=rectal%20surgery&type=post)

------
goodside
Fixed link:
[https://graph.facebook.com/search?q=rectal%20surgery&typ...](https://graph.facebook.com/search?q=rectal%20surgery&type=post)

------
kwamenum86
This is...undesirable. People don't really understand privacy on the Internet
very well to begin with, it isn't that they don't care about it. Facebook had
the opportunity to set an example for how to handle privacy but they f'ed it
up because they want to be more like Twitter. This is not the way to do it
guys.

------
rit
It used to be that your posts were set to private.

So of course everyone still assumes that when they post about their rectal
surgery it's a private matter only their friends can see.

This is why changing your privacy policies and defaults is obnoxious.

------
sjsivak
Wait, these are the messages that are sent between two users? Does just one of
them need to put their settings on "Everyone" to display both sides of the
conversation?

Please tell me this is a bug/hack/exploit/mistake/error.

~~~
sajid
These are wall posts.

~~~
sjsivak
That makes more sense. Wall posts are meant to be public and apparently these
people love to over-share.

What do the settings need to be in this situation? The recipient needs to have
their wall set to "Everyone" and the poster needs to have their wall postings
set to "Everyone"?

~~~
sajid
I would hope so ... I've not tested it though.

------
vinhboy
I would find this way more interesting if I could narrow this down to just
people in my network. Knowing what everyone on the internet is doing is not
all that interesting.

~~~
iamelgringo
_You can also search an individual user's News Feed, restricted to that user's
friends, by adding a q argument to the home connection URL:

News Feed: <https://graph.facebook.com/me/home?q=facebook> _

------
gilbertl
You're searching the public timeline, much like <http://www.kurrently.com>

------
0nly1ife
Did those people grant your app permission to read their stream? This would be
really messed up if they did.

~~~
djb_hackernews
It's public posts, you don't even need an app to make that query.

------
noelchurchill
It's weird getting a glimpse of people's lives, and the things they share
opening with status updates to their friends!

------
rythie
I don't even know why people would tell half of their friends that.

