From that article: "Paper is the first product from Facebook Creative Labs, where we’re crafting new apps to support the diverse ways people want to connect and share." -> Put things a bit in perspective for me.
The friend list issue seems to be an always "won't fix". I'm pretty sure every few or so security researchers, testers reach this "vulnerability" in one method or another. I've gotten a similar response from the Security Team for trying to dig up friend lists. Maybe it helps maybe it doesn't. I've learned to accept the stance and move on with other security holes.
"A friend connection is two-way - you friend someone, then they approve the friend request. In essence, a friend connection means both "Philippe considers John a friend" and "John considers Philippe a friend". In other words, both people involved have some ownership over this claim - which means the privacy isn't always as simple as with other content."
"Let me use the third example in your screenshots to illustrate. Mark Zuckerberg's friend list is not public. But Greg Golkin's friend list is public - meaning if you pull up Greg's friends, you can see Mark in the list. You can also see Kevin Scott is in the list. Kevin's friend list isn't public... but Stuart Gillette's is, so you can see Kevin show up there. Consequently, using fb:degrees hasn't shown you any information you couldn't theoretically figure out by looking at public friend lists - it's just made it easier to find that info."
"Now I that at first glance this might appear to be inconsistent or a privacy violation. But remember what I said earlier about the two parties involved in a friendship connection. Essentially, you're free to hide the fact that you consider John a friend, but it's also John's choice to publicize that he counts you as a friend - and hiding connections he's publicized would essentially override his privacy wishes. In some cases, such as with fb:degrees, we show connections if they're visible to you on at least one side of the friendship."
"Now, if Mark's list is private and all of his friends set their lists to private too, you should never get a result using fb:degrees. In that case, any final link in the chain connecting you to Mark would involve a friendship that was hidden to you from both sides of the connection, so we wouldn't display it to you."
"A common case where we get similar reports is the "friendship page" between two people - we show mutual friends of the two people if each of the two friend connections is visible to you on at least one side, but we hide any mutual friends where one of the connections is hidden on both sides. To help clarify some of these situations, we added this description to the friend list privacy setting: "Remember: Your friends control who can see their friendships on their own timelines. If people can see your friendship on another timeline, they'll be able to see it in news feed, search and other places on Facebook. They'll also be able to see mutual friends on your timeline."
This is a case where privacy can get complicated, but we think the way we've chosen to operate is a good balance of the competing priorities involved. We've also chosen to focus more on privacy controls around your content and personal information, since trying to maintain privacy by limiting discoverability is often an illusion. Since Facebook is a network designed for social participation, it's nearly impossible for it to work properly and let people stay completely hidden - there are many ways to discover a profile or friendship beyond friend lists or searches. But even if someone discovers your profile, you have a great degree of control about what they can then access.
I hope that helps clarify what you were observing here. Emrakul was also correct that we have rate limiting to prevent brute-forcing at scale, and given the above controls, even building up a list through iterations would never allow you to know for sure if you'd acquired the entire hidden friend list. I think our current setup is working as intended here, but definitely let us know if you think the controls I described can be overridden somehow."
Obviously there will be a contention when you have an asset that is shared and they flag it in a different way... and on a certain level it makes sense that "public" wins when you have 1 public and 1 private because if one person chooses to share anything else then it's public, so why should connections be different?
But on another level, no.
If a person has decided their connections are private information, then the implication is pretty strong that they could expect that to be private completely. Otherwise I would expect a warning of some-kind on my "private" connections that are actually public because the other end is public. They are completely violating the user's expectation and the described functionality of that option.
Running off on a tangent, that's a really interesting analogy. I wonder how much could be done with the notion that privacy is the opposite of entropy: that is, privacy is about minimizing the arrangements of how your information is formed, and there's a universal, inevitable trend towards maximizing those arrangements. Differently, privacy as the predictability of how a piece of information moves: as entropy, or publicity, increases the predictability of the information becomes less as its possibility space increases.
This notion makes sense to me. The more public or quotidian your thoughts and behavior, the greater chance that people will be able to nail you down. And there are interesting feedback loops when you go public, then people expect you to continue to be public in similar situations.
There is an interesting tension between the benefits of collaboration and the benefits of individuality. John Lennon and Paul McCartney playing off each other, or Andrew Wiles working alone in obscurity.
Surprise and disruption are closely linked to privacy in my mind. Not necessarily by launch time. But the groundwork for originality to me is laid in the soil of a rich inner life.
I think this is a good insight, and it pertains to any connection between two parties for any service, Facebook or no. You may use a private email service, you may encrypt all your emails...but the moment you email something to another party, and they transmit/copy it in an unencrypted way, your email is no longer "private" and it's not the fault of your own email service either (replace "email" with "SnapChat" for more contemporary analogy).
In the same way, if you're trying to keep yourself incognito...well, don't use Facebook. And, if you must use Facebook, then make friends with great discretion. Just like it's a good policy to only create emails/nude-selfies sparingly, and only when the occasion demands it.
Wow, awesome discussion. Thanks for the original comment phwd. And for the add-ons pxtl & danso. All of your thoughts made me refine and further back my own.
However, lets look at the took cases 1) They actually care about this 'ownership' 2) They do not care.
In case 1), they are afraid to violate a person's privacy choice of having a friendship be public. There is essentially a tension between their privacy choices and their 'friends'. It seems to me that when two choices are odds like this, caution is the best route. For instance, when two people know a secret that relates to both of them, and one feels uncomfortable about revealing it, the general rule of thumb is that you do not reveal (unless its like murder 0.o). Overall, I guess it seems like if you do make it 'public' it makes someone uncomfortable. While if you do not, it makes someone not get something 'they want'. In this situation, just err towards caution and make it private. What does everyone else think?
In case 2), they just want more data. Well I understand it, but I do not really respect it. I think this is easy. Make it private.
What do other people think? I am open to any logically flaws you find with the above statements.
I think this is a "wontfix" because Facebook heavily relies on their "Suggest a Friend" feature as a core business asset.
I think it's actually a rather sophisticated algorithm. For example, if you own multiple Facebook accounts, it uses what is likely a combination of IP history and persistent cookies to suggest friends no matter what account you are logged into, or what computer you're accessing it from.
My guess is that Security brought this up with management, management consulted business analysts, analysts said fixing this will cripple the accuracy of "Suggest a Friend", and Security has no other recourse. So it stays.
Are you sure about the IP history? That doesn't make much sense to me. I work in a building with a shared internet collection with other offices. It may appear to Facebook that all traffic for that building comes from the same IP. Would Facebook then suggest every person that uses the building to me as a friend?
There is a possibility that if you have multiple Facebook accounts and use the same browser for each, a cookie could be used to link the two. Just because two people use the same computer and the same browser to login to Facebook does not mean they are friends. You might be using a public terminal.
Facebook could match a specific browser session with user visits to other sites that have Facebook features. Your digital fingerprint could be determined through your browsing habits. You don't need to be logged in for that. That would be pretty insidious of Facebook. I'm not a fan of 3rd party JS scripts in that respect.
I've seen friend suggestions that are linked to my email account that I've signed up with. I think this is an email address book leak. Perhaps it's possible to discover someone's work contacts say by just signing up with that someones email address (say a work address). I'm not sure if the email needs to be verified before this information is leaked.
This problem doesn't happen when links are one-way like on Twitter or G+. If you instead have two one-way links, then hiding one side means it looks like it's one-way, and you can't see which links Mark has reciprocated.
This is slightly incorrect, it's more how Facebook ranks for searching. Those numbers are for search bar ranking of objects (users,groups,etc) you recently and/or most interact with. You can check yourself by typing the first letter of any of those names and that name is probably the first selection in your Facebook search bar.
If you have the id or username, then you can check for yourself with a simple HTTP GET to https://graph.facebook.com/[Number/username]. Seeing that this app uses the Graph API to request accounts, I highly doubt it will be able to see any residual/soft delete data Facebook might hold for you.
> can you be both the place where people connect with their closest connections, and where public discourse goes on?
This remains to be seen. They have been working on it just in a really crash, burn and restart process way. Mark Zuckerberg once went through two options for public discourse
* create a Facebook fan page
* open his personal profile to public
The first attempt was silently killed (from what I can see, this is my assumption) and now redirects to his personal page (www.facebook.com/markzuckerberg -> www.facebook.com/zuck). The second attempt, well, as you can see from his profile, it is pretty much closed up now.
Private sharing, as least from the friends I have, has been going on pretty frequently, just not on the timeline
* private groups
* group messages
With messages, it seems Facebook is testing inline message (1) along the status composer (on the homepage) which aligns with the thinking that they are making private sharing less restrictive to action on while maintaining "privacy" (in quotes, as some may not agree to the level of privacy offered)
I have no data to back up how effective private sharing is though.
Good points, but how many people really use private groups? Aren't your friends more technically able than most people?
Personally, I connected to a lot of people of facebook for political discussions, and in the end that detracted a lot from the effectiveness of FB as a mean to stay connected with my family and closer friends...
This is pretty much the same method a user can use to provide a negative comment using the Like Button comment feature on a company, though actually a lot worse and a bit more annoying. This also appears in "X is posting about Y" which I wrote about a while back , grinds my gears really.
The ad push is more aggressive than I am comfortable with
On the flip side, because how these sponsored stories/posts work, if you are able to chain together an exploit with either click-jacking or otherwise you can get a pretty decent worm  going using their very own sponsored stories feature against them.
You can't dislike something on Facebook because users will feel discouraged. The whole point of Facebook is to share content with people you know and have content shared with you. By participating in the "negative" this goes counter to that idea.
Facebook is an identity/friend/family driven network, you wouldn't like seeing that John and Mary disliked your marriage. This works perfect in an HN/Reddit environment since you can dissociate yourself and provide pseudonymity.
As for Facebook Pages, maybe there is potential here. Though again unless you are a big brand, I don't know with certainty whether a post with 10 dislikes and faces attached to them is better than no likes at all.
The OP has an interesting way to look at it, though, I'm pretty sure this has been explained more than once by Facebook Engineers.
This is amazing, whoever feels comfortable about it should band together and see what files are in common, or domains. I want to delete this yet I don't. This contains all (most?) of the files I have ever downloaded, those I thought I lost when clearing browsing data from 2008.
I'm torn. On one side I really like it, it reminds me of the old People Search feature Facebook used to have. On the other side for third party developers especially those who try to make the Facebook experience better, I'm afraid this is reinforcing the point you should not build 100% on platforms.
I'm sure there are many who have had this idea or are building this currently. Facebook Heroku templates given for new developers to start with, hit on the four main areas that Graph Search seem to provide.
Another example would be a query like
movies liked by people who like movies I like
In FQL the closest I would have gotten was
SELECT name, page_id from page where page_id in (SELECT page_id from page_fan where uid in (SELECT uid2 FROM friend WHERE uid1 = me()) and profile_section='movies')
And even then FQL was unstable
So then you wonder, why use an app with an unstable query built on an API filled with bugs when I can faster get the result using facebook.com?
I would be torn too if people used my app, but I like this. Building your own app has it's limits. I built a facebook app to show mutual likes sorted by likes because facebook's pages browser only showed mutual likes sorted by friends. The FQL to do this is slow and unusable if someone has many hundreds of friends and likes. Plus, some friends don't allow apps to query their data, so the result is incomplete.
My feature request would be to allow us to create and share custom FQL and views computed and rendered by facebook. Then, friends don't have to give permission to apps to access their data and facebook runs the query faster.
in your example, look how difficult it is for a company like netflix that has just about every movie you've seen and rated along with everyone else's. Along with friends lists. Now take Facebook who is trying to apply this generalization along multiple categories. Its going to be very difficult to get right.