Hacker News new | past | comments | ask | show | jobs | submit login

Tacky, cynical, nasty, and inevitable.



My thoughts exactly. It's terrible, but completely expected in an age when sites like RottenTomatoes and TripAdvisor already know who I am, which of my friends are on their site etc when I haven't even signed up - all from deep Facebook Connect integration.


When I worked at The Washington Post we were among the first group of companies to integrate the then new Social Graph. I immediately deleted my Facebook account.

I was appalled when I saw that we could identify, not only visitor's names, but their friends, access public photos, and all of their profile information. All of this without any action on the user's part and before there were any privacy controls.

This is just the next logical step-federating data collection across multiple sites, not just FB.

I'm obviously in the minority since FB has grown tremendously in the past 2 years but I've not looked back. I dread the forthcoming lack of privacy and anonymity our world is heading toward.


While you can see this data from Facebook--and yes, that's jarring-- what you're allowed to do with it is something different. You can't sell it, you can't sell it to an ad network/exchange, you can't retain it after the user revokes permission; you can't even sell derivatives of the data.

Facebook Connect is the most benign of these sorts of things there are-- it's access to data, and the implementors of its widgets and API-- have an onus to protect it.

Now, of course, there's plenty of bad actors out there, and I'm sure it's sold and exchanged, but technically and legally speaking, you're forbidden from doing so.


Both RottenTomatoes and TripAdvisor require me to authorize them on Facebook before they show me any social data. Are you sure you didn't authorize them in the past and forgot?


I'm almost certain that RottenTomatoes will display your name if you're logged in to Facebook, regardless of whether you've given them permission.

I remember being disturbed when I saw that recently, and immediately sought out and installed a social widget blocker.


If that's happening the widget is most likely an iframe loaded from facebook, and not accessible to the RottenTomatoes server


Not 100% certain, but nearly.

They were just two examples I could think of off the top of my head though. As the other commenter said about TWP, the practice is common. I see my name and other social data displayed on sites I've never signed up to regularly.


I see that too, but in that case the social data is served from Facebook and doesn't go through their server unless you authorize it. Unless there are exceptions I'm not aware of.


So when I see a Like button on a site I've never visited before, that displays my name, FB avatar + social data - you're saying that the site I'm on has no way to know that I've visited it unless I click the Like button? Only Facebook knows that and is displaying it in a way that is undetectable to the owner of the site?

This is a bit over my head programmatically but that doesn't seem possible. If Facebook is serving something to visitors on my site, surely there must be a way for me to capture that data?


Nope, that's how iframes work, you can see it, but they can't get at its contents. Cross domain scripting isn't allowed in an iframe.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: