I started playing with this new api today. My room mate and I spent an hour with various privacy settings and it does not appear there is any way to prevent your account from being accessed via this.
That is because the info that is available at http://graph.facebook.com/name is <= the info that is available at http://facebook.com/name . What part of your account are you trying to stop from being accessed? This makes no sense.
I'm not seeing an issue here though -- that profile information was readily available in html (if you have a facebook cookie) and is now even more accessible via json.
In fact, the json api gives out less information than the html frontend (e.g. all 18 pages you currently follow).
Like he said, the discrepancy is when you are not logged in. I can see his info and his private profile pic although I don't even have a facebook account and the html version gives me a 404.
I don't like the fact that Facebook makes any of my data available and doesn't provide me options to make it private at will. I have my privacy settings turned all the way up for everything. Perhaps I, and others, simply would like to not have any of our data available in this manner.
My “graph” link is public, but my “public page” link is not. It might be because I don’t allow my profile to appear in public searches (non logged in), but still they made it visible to anyone in the graph API. I hope they add a privacy setting to change this.
So you're able to get someone's facebook id and name? How useful is that? It seems about as useful as scraping web pages for random names & numbers. Might as well go to classmates.com and get a list of names there.
So bots get some non-standard file for robots.txt.
Guess no one at facebook has noticed the vulnerability exposed with pretty usernames on facebook & ignoring "." in a different framework. (probably just following gmail usernames.)
http://graph.facebook.com/robot.stxt http://graph.facebook.com/r.o.b.o.t.s.t.x.t
This guy's actual short-URL is "robotstxt."