"In order for you to write a message to a Facebook friend from within Spotify, for instance, we needed to give Spotify “write access.” For you to be able to read messages back, we needed Spotify to have “read access.” “Delete access” meant that if you deleted a message from within Spotify, it would also delete from Facebook. No third party was reading your private messages, or writing messages to your friends without your permission. Many news stories imply we were shipping over private messages to partners, which is not correct."
It's become clear from engaging in this discussion that people aren't interested in facts or context, but have a chip on their shoulder about Facebook. Others have also been misinformed by inaccurate news stories.
I don't even use Facebook, yet it's pretty easy to understand the facts if you're actually interested in them.
The claim wasn't that they opened a TCP connection to the partners and forced private data over the line. The claim was that they gave away access to partners that didn't need it, or even know about it.
"These partnerships were agreed via extensive negotiations and documentation, detailing how the third party would use the API, and what data they could and couldn’t access."
That's not how you treat people's private data. Allow the app to send messages, maybe allow the app to read replies to what it sent (did Netflix even need this at all?), don't give it full read access that relies on a pinky swear to keep data safe.
And at your earlier comment, sending a message does not inherently require that the sender be able to read anything.
The linked Facebook article includes a screenshot of the feature in Spotify allowing people to send and receive Facebook messages.
"In order for you to write a message to a Facebook friend from within Spotify, for instance, we needed to give Spotify “write access.” For you to be able to read messages back, we needed Spotify to have “read access.” “Delete access” meant that if you deleted a message from within Spotify, it would also delete from Facebook."
You've got an axe to grind and its tiring me out. Whatever.
Spotify still has a feature to share music through facebook, and that current feature doesn't require the ability to read messages. So that screenshot that only shows a "send recommendation" feature doesn't prove anything at all. No non-recommendation text is displayed on that screenshot.
Both Spotify and Netflix claim they only used access to send messages, and were unaware of broader powers. Netflix: “At no time did we access people’s private messages on Facebook, or ask for the ability to do so” Spotify: “Spotify’s integration with Facebook has always been about sharing and discovering music and podcasts. Spotify cannot read users’ private Facebook inbox messages across any of our current integrations. Previously, when users shared music from Spotify, they could add on text that was visible to Spotify. This has since been discontinued. We have no evidence that Spotify ever accessed users’ private Facebook messages.”
Note that even in the facebook statement, they don't say that the companies couldn't have accessed unrelated data. They claim that the permissions were appropriate (which they did not justify) and that none of the companies did access unrelated data.
I don't have an axe to grind, I'm pointing out that the spotify and netflix statements are pretty condemning and in a contradiction between them and facebook I trust the company saying "we did nothing wrong" less.
What are you trying to refute, exactly?