Hacker News new | past | comments | ask | show | jobs | submit login
Thinking about using Facebook Connect on your site? Step one: Abandon your will to live. (mushpot.net)
72 points by travism on Feb 23, 2009 | hide | past | web | favorite | 44 comments

The small portion of time I spend maintaining a Facebook app that my company supports is without doubt the most unenjoyable, tedious, soul destroying time I spend on anything.

What isn't outright broken is ugly, poorly documented, highly fragile (works one minute then fails, then works again for no reason), unreliable (occasionally major parts of the API just break during upgrades with no notice), full of arbitrary and unexplained constraints (how many invites / notifications / emails etc. you can send all have built in limits per day after which they just stop working) and if nothing else, it's just ugly as all hell. Layering FBML on top of HTML and then trying to work with FBJS is a hellish way to construct a UI.

APIs aside, I'm really struck by the lack of professionalism on behalf of the Facebook employee the author mentioned.

I'm friends with several Facebook employees and several times I've seen this type of behavior (mostly through notes that the employees share to gripe about what they perceive to be an obnoxious userbase). One of the more inappropriate exchanges I remember was where a user sent an admittedly hostile complaint to Facebook and the employee sent back an even more hostile response - in which he mentioned that he had checked out the user's profile, noticed he was a Christian, and then proceeded to mock him for it.

Here's the note in question. I wrote it, and I think your comment mischaracterizes its true nature. http://www.facebook.com/note.php?note_id=27551539159&id=...

The purpose of both my note and my personal replies to the hate-mail I received was not to express hostility. Rather, both were attempts to call attention to how the veil of anonymity provided by the Internet changes the way people treat each other, often for the worse. Not too different from the Hacker News Guidelines: "Be civil. Don't say things you wouldn't say in a face to face conversation."

My intent in calling out Christianity was not to mock, but rather to make people reconsider their own behavior by viewing it through the lens of a belief system they feel strongly enough about to post on their Facebook profiles.

Happy to discuss further if you still feel my post was inflammatory.

You have the wrong attitude if you feel that you need to tell customers to "reconsider their own behavior." From this reply, it sounds like you're insulting your customer by pretending to know more about their religion than them. That's not cool.

It is very unprofessional to comment on irrelevant personal information you have stored about a customer.

If you send someone a message on Facebook, the recipient can view your profile. There was no breach of privacy here.

Thanks for responding to this. It seems I don't have permission to view this note (probably due to a change in networks on my side) and I believe the incident was a few months ago, so I may not have perfect recollection of the note. I hope I didn't mischaracterize your note.

I recall the logic of the note being along the lines of: "You're saying nasty things to me. I see that you're a Christian. How can you do this when being hateful is against your religion?" It read to me like a snarky response calling him a hypocrite (even if you didn't explicitly label him as such).

I have serious problems with this for a few reasons:

First, as a business owner, I don't think an employee should be anything less than the pinnacle of politeness when dealing with customers (which is what FB's users amount to - even if they're only paying you with eyeball time). Implicitly labeling him as a hypocrite was impolite. The note damaged my opinion of how FB is run as a business.

The second, larger, issue is related to privacy. Personally, I'm not comfortable with you treating my profile information as anything more than raw data - as neutral and uninteresting as a set of ones and zeros. Just as I wouldn't want my doctor to tell people things he knew about me, I don't think you should reveal information about this guy - either his religion or the impolite way in which he communicated with you. I seem to recall that information from his profile not being available to the general public.

Finally, when it comes down to it, his religion just had nothing to do with whatever feature request / bug report he was making. Just as I wouldn't expect a waitress to call attention to me having orange hair when I order a burger, I don't expect you to bring up my personal information when I give you feedback on your service.

Shortly thereafter, I quit using FB on a regular basis. I did so for several reasons, but that incident was certainly somewhere in my mind when I quit.

I've re-posted the note so that anyone can access it: http://eff-yeah.com/fb_note.html

I admit that my responses were mildly snarky, and I acknowledged in the note the blurry distinction between my behavior as an individual vs. employee of Facebook. But I maintain that my responses could all have been comfortably delivered in person, as an individual.

A few important points/questions:

- Was I acting as an individual or as an employee of Facebook? This is a very difficult question. We set up and publicized numerous official channels for user feedback on the new profile. Of course, we would never respond in this manner through those channels. These individuals all elected not to use those channels and instead sent personal messages to my individual Facebook account. I understand that this will still largely be viewed as acting on behalf of the company, but I think the question of context is a very important one. Where do we draw the line between personal use of Facebook, and use as an employee? Was I interacting with customers or individuals?

- I didn't violate any data privacy. These people sent personal messages to my Facebook account, which granted me permission to view their profiles (as natrius correctly pointed out).

- In the note I posted, I removed the last names of everyone who messaged me. David, Carissa, and Derek are hardly unique identifiers.

- These were all blatant cases of hate mail. I'm not a lawyer, but some of these would likely have held up in court as charges of assault. Characterizing any of these as a "feature request / bug report" is honestly quite a stretch.

You are _always_ a representative of Facebook. You can't get away from it, and every thing you do reflects back upon Facebook, just like everything that guy does represents Christianity. This is important to know.

That said, there's no contextual distinction here; using a personal account isn't enough to dissociate your professional responsibilities. Especially not when you're replying to a Facebook user's inquiry directed to you specifically because of your employment at Facebook. Any response to that is obviously going to directly reflect upon your employer, and responding to customer inquiries is obviously a part in line with your duties as a Facebook employee. There is no contextual distinction simply because your response was posted on your personal page and not an official company-sponsored page.

That depends on what you consider feedback. In this case, the "feedback" was:

'you are a faggot. this facebook sucks. the one should come back. i want to kill you. go fuck a man'.

I kid you not. Do you think people (any people, nevermind those who build products that are given away for free) deserve such abuse?

no one deserves that abuse.

what does that have to do with dignifying such a message with a response? be professional. drop it or respond with the upmost respect and civility. getting off topic is a waste of your time.

These people deserve to be treated with the same courtesy, dignity, and respect as everyone else. You would be surprised to see how people change when they get a nice response from a human.

Why are you so eager to jump to their defense, but so reluctant to ask that they treat me with courtesy, dignity, and respect?

I do, however, agree with you. As I mentioned in the note, I did spend a lot of time responding courteously to a great deal of personal user feedback. Having invested significant time doing so, I know and fully appreciate the difference it makes. I am also personally appreciative when I am on the receiving end -- I enjoy the thoughtful personal feedback people take the time to send me, even if it is critical.

I only responded in this manner to the most intensely offensive and bigoted messages received. I was sent thousands of personal messages in the span of a few days, a pretty good portion of which suggested I should die.

I also agree with diN0bot. The professional decision is to simply ignore personal attacks in a professional context. In this case I can ask forgiveness for a momentary lapse, call attention to the tricky distinction between personal and professional contexts on Facebook, and chalk some of this behavior up to stress relief during a period of highly intense work.

This isn't so bad. I've been at parties with Facebook people who brag about the celebrity accounts they've been spying on.

That pretty much sums up my experience with FB's APIs thus far. Very little documentation, even to the point where it's hard to figure out what the APIs even do. Little to no support for languages other than PHP.

It's sad too. If they could put out a working (not even decent, good or usable, but working as in compilable) C# wrapper for any of their APIs, I'd have all of my apps using FB to some extent. As it is, it's just a time sink.

My thoughts on Facebook Connect in code: http://dwadwa.com/connect/test.html

Actually, I like the comment box, took all of a minute to get it to work. But like the author, I worry about the monoculture.

I've also had some pretty terrible times working with the FB api.

To find the silver lining, it made my app better. Being forced to deal with frequent errors and service interruptions caused me to think carefully about error handling, and that work benefited every piece of my app.

I was cursing facebook's name though, every step of the way.

So I find this interesting in that it flies in the face of a couple common thoughts.

The common mantra is to release early, release often. Now I admittedly don't know how often FB is releasing, it seems like the crux of the complaint that they released too early... and the fix isn't to release more often (at least at the author's implication.)

Would he honestly rather they hadn't released anything at all? How would you feel if this were your app? I mean, the critiques seem well-formed, I just don't know if it's symptomatic of having waited for fixes that aren't coming or not.

I think the rules are different when you're creating an API that's supposed to be used by thousands of developers and millions of people right off the bat. FB is no longer a startup and developers are depending on them not just for the apps to 'work', but for their very livelihoods.

The app I'm working on for a living was brought down recently because FB changed the name of a method in their javascript library.

Once the origin of the bug was discovered it was easy to fix, but that's still a pretty unreasonable thing to do when, as was the case, a major library that is linked to from the very front of the wiki (the FB/AS3 bridge) is broken by an update.

It's also pretty painful when the median call to a certain specific API method is about a second or two, but the peak is literally ten seconds.

Facebook has a dev feed where they announce platform changes and they have a staging platform for you to test the new changes. And do not assume the api call is 2 seconds, now that you know this is not the case take measures(ajax) to minimize impact.

They did not announce the change that I mentioned. In addition, the app broke on a Monday night, which is NOT when platform updates get rolled out.

Someone was editing the code on the live site and made an undocumented change.

The call I'm talking about is a javascript call made through a Flash app. The problem isn't that a page is timing out, the problem is that we have to wait for this call for the app to allow the user to continue.

You're depending on a facebook app for a living? How is that working? I thought after they moved apps to the Boxes Tab ghetto it would have pretty much killed off anything like that?

Well done if it's working for you though, hope it continues to.

Release early, release often is great when products released under that philosophy are labeled correctly.

Facebook's API does not have the typical warning labels about shifting API calls, development releases, or technology previews; these are the final, real versions, and they're expecting people to just roll with it when they whimsically decide to rename an API call or database field. If you expect people to just roll with that kind of thing, that's cool, but you have to provide fair warning -- you can't just recruit tens of thousands of corporations to use your software and then go making API-breaking changes willy-nilly.

The open-source community, where _all_ development at every stage usually occurs out in the open, takes stability, etc., very seriously. It's good and important that early versions of software are available, but they're tagged as such; ext4 had been in a stabilized "experimental" mode for the last two years or so, and it was relatively stable during that. Very early work on Firefox is available, but it's not pushed out until it has a year or so to mature, and it's billed as alpha and beta, despite the fact that the Fx 3 betas were rock solid, as are the 3.1s. When KDE released 4.0, they gave everyone fair warning: despite the name, it was still an experimental platform and release.

This is serious business. There's nothing wrong with releasing early and releasing often and sharing your contributions and collaborating -- that's good, and would probably help Facebook a lot if they would take it to heart. The bad thing here is that Facebook is actively promoting and encouraging new users to adopt this platform for incorporation into live, production-level applications, and then breaking the API and engaging in other assorted mischief without notice. That's horrible. :(

What the hate on OpenId in that article?

Perhaps it is because many less savvy users fail to grasp the concept of a URL serving as their identity, and find the whole OpenID system to be extremely confusing. This may result in lots of support tickets / complaints, complaints lead to hate and hate leads to suffering.

...leads to the Dark Side?

Sorry to be a hater. I was gung ho OpenID for a while...simple for users, decentralized. But then I tried to get my wife and my mom to log into my site with it and they were baffled. "Login with Facebook" they can sort of get. And then I found that the openid consumer I wrote (I used some library, I don't remember which) didn't work with yahoo and a bunch of other providers, which really got my goat.

But when I said I was happy OpenID was gone, it was more because I think we're one step closer to whatever will be a better, widely-accepted, and more polished solution, not because of any particular disdain for openid. I'm fascinated that Facebook would join OpenID. http://blog.wired.com/business/2009/02/facebook-throws.html. Sounds like a fox in the henhouse to me.

People still care about Facebook? Why?

For about 175,000,000 reasons.

The fact of the matter is that numbers speak. Facebook is my identity on the web, and I bet it is yours too. It is too late to turn back. Unless they do something 10x worse than Beacon, I'm not leaving, and I doubt you will either.

I'm afraid they control your web identity. You know what though, I'm okay with it. It makes my life easier.

I bet it is yours too.

I do have a Facebook profile... but I visit the site maybe once every three months, and all the data is the fake data I put in 4 years ago. My real identity is this thing called a "web page" that is the first Google result for my name.

I've a friend who is paranoid about his online identity and always gives fake data to websites. Recently he was ranting that some online car insurance thing gave him an awful quote, much worse than his present deal. Hmm, could that be because his fake identity had no credit history...?

The benefits of a coherent identity on and offline are only going to get more compelling.

I don't think you get credit history by putting correct data into your Facebook account.

The detriments of a coherent identity on and offline are only going to get more compelling, too.

And yet there are times where you'd like to remain anonymous.

No way is it too late to turn back. There is definitely a positive feedback loop involved, but I think we have an ecosystem too tuned to potential monopolies to allow this to happen without a fight.

Instead, I think we'll see social networking layer across websites generally: imagine using opensocial/oauth over multiple sites that you use, as if you could bolt Ning.com over the top of you blog or forum or startup site.

I tested out adding Google's friend connect on my wordpress personal blog. Fairly simple, but they still collect the data :( I guess a duopoly is better than a monopoly, but there's still room for web identity to develop outside of Facebook.

> I bet it is yours too.

You lose, so what do I win? Seriously, you overestimate the value or accuracy of a facebook profile.

This is true. Regardless of our opinions of Facebook, it has been able to find its way into the daily workflow of the lives of an exponential number of people. This makes it a huge asset to many parties.

175M people that don't click ads, and have no money.

They're still valuable, only not in a advertising-driven model. As a platform though, it has a ton of value; when the majority of a company's employees are connected on a system they use personally on a daily basis, there's a lot of potential. When an entire city is connected, you open the door to interaction that haven't been possible until now.

Facebook could replace dating, restaurant review, business productivity, classified sites, and expand into things we haven't thought of yet, but that requires a substantial user base. The company is still growing out of its college foundation, but judging by its growing acceptance among the 25+ age group, it could start gaining value fast.

Funny how everyone seems to totally overlook that simple fact.

yeeeeep, welcome to the platform.

I should probably clarify. I've worked with the Facebook Platform since it was launched at F8 in 2007. I definitely agree with and appreciate the idea. I also understand that the company is pretty inundated with response that they've had.

However, I can personally keep up with the number of bug reports. Most of them go unnoticed. Unfortunately, it seems like only the absolute giants (the entire platform being down, for instance) and a few random ones get attention at all. For example, two major incomplete parts of the platform: support for the Info tab, which was planned, seems like it was just abandoned. How long has the "new" Facebook been out? Another major recent one -- businesses can sign up for accounts without creating a profile. This special business account can manage a business Page, but that's it. Unfortunately, _no_ applications work with these new "business accounts" because the platform basically doesn't validate this type of user. I get messages about this on a daily basis, and I run just one application. I've been in touch with the Senior Platform Manager and the Platform Program Manager, but nothing has changed.

I can also say, more importantly, that there are regularly problems with it in general. Like what has been mentioned here already, things break at random, unannounced times. I've noticed that other, announced changes have been given too little notice for developers to keep up. And most frustratingly, when you start building on a buggy and incomplete platform, you can often spend copious amounts of time trying to find a bug in your code, only to find out that the bug is in fact Facebook's. I'm sure that any of the active developers in the community will tell you the best piece of advice -- when there's a problem with your app, always assume it's Facebook's fault first.

And it's tough dealing with a problem when it's out of your hands. When you get that rush of messages from your users about something breaking, it's embarrassing telling them that it's something you can't fix. It happens regularly. The users assume it's your fault, and your application is penalized for it (users remove it, give it bad reviews).

Anyway, this is enough ranting. I'm not sure if it's a staffing problem or what, but hopefully these APIs will receive more attention one day.

Horrible writing style. Made me stop reading after the first two paragraphs.

Looks like you created an account just to leave this comment...ouch.

But seriously, thanks for the feedback. I was trying capture my feelings about FB before I lost them, and I'd be surprised if you were the only one who found the tone obnoxious.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact