Apple's app sandboxing and privacy protection means that 'Facebook for iPad' will not be able to mine as much user data as Facebook would like.
I suspect that this was the main reason why Facebook wanted users to use the browser instead of a native app (and why the app is being launched more than 18 months after the iPad was first launched)
However, the proliferation of native 3rd party apps meant that users weren't using the browser to get to Facebook and that may have led Facebook to finally decide to release the app.
[edit1: To the downvoters - I didn't say that sandboxing provides 100% privacy protection. However, it does prevent Facebook from knowing which other sites you've visited, it prevents them from telling search engines who you are etc.]
[edit2: To Xuzz and others: login to facebook on your iPad browser, log into a website that collaborates with Facebook, you'll see that Facebook is aware your visit to the website. This won't happen when you're logged into the app (instead of being logged in on Safari)
Regardless of the downvotes, this is a matter of fact.(in fact, it was recently discovered that Facebook can track some of your web-browsing even if you had logged out)
Btw I made no assertions about "attacks" and I have no interest in debating emotional outburts such as "Please stop assuming everything Facebook does is out to personally attack you or your data".
> However, the proliferation of native 3rd party apps meant that users weren't using the browser to get to Facebook and that may have led Facebook to finally decide to release the app.
or it could just be that the Safari on the iPad doesn't let you upload photos to the largest photo sharing website out there (Facebook).
I suspect the reason it took 18 months is because Facebook was waiting to figure out where the iPad fits into the ecosystem.
The "main reason...the app is being launched more than 18 months after the iPad was first launched" is because we have a lot of things to do and few engineers to do them.
We've got about one engineer per million Facebook users, and as Hacker News demonstrates time and again, those users have a lot of items on their wishlist. For instance, the bugginess and instability of our iPhone app has been a top user complaint for a long time. Turns out the set of skills required to improve an iPhone app is the same as required to build an iPad app. Something's gotta give.
As for the "main reason why Facebook wanted users to use the browser instead of a native app," I've never heard that preference expressed at Facebook. Like the rest of you, we use iPads. And like the rest of you, we'd prefer a fast, sexy, native, custom-made experience to a website designed for your desktop monitor.
Occam's razor, pure and simple. For a community that prides itself on rational debate, I'm consistently surprised at the level of discourse on certain issues here.
I completely agree. I have been saying for a year that FB would never release an iPad app unless they had a deal with Apple to have the native app be able to set cookies in Safari.
The good news is that I was wrong.
I downloaded the app and promptly logged out of FB on Safari.
You make good points, but won't the vast majority of iPad users be logged into Facebook both on the app and in Safari? I know on my iPhone (where I primarily use the FB app), I'm also logged in Safari (for FB connect, when sent FB links, using features not on app, etc).
That makes no sense, the browser is sandboxed significantly more than any native app. Please stop assuming everything Facebook does is out to personally attack you or your data. It's demonstrably not the case.
Seems to me that you're making a blanket statement, here, that is contradicted by most of the available facts. How about some support?
Personally, I'd say you'd have to be an idiot to NOT assume that a large number of Facebook's actions are not intended to get more access to more kinds of user data. We've got about a half-decade of proof of this.
They just added very easy to understand privacy controls, for one. They're good enough that I'm considering merging my two "identities" into one Facebook account rather than my current two: I can now easily keep them separate.
The other point is that it's impossible to prove the negative. Any action can find an interpretation that it's an assault on privacy — if that's the interperetation that helps make your point — but it's difficult if not impossible to prove there was no malicious intent by anyone related to Facebook.
At least I, for one, find it hard to believe that Facebook really cares that much. But if you want to believe they are out to get you, I'm sure you can find and twist whatever you want to suit that opinion.
> Apple's app sandboxing and privacy protection means that 'Facebook for iPad' will not be able to mine as much user data as Facebook would like.
Sandboxing does prevent developers from accessing files that don't belong to their apps but developers still have unfettered access to users' calendars and address book. Facebook has already been known to grab users' address books from the iPhone version of the app.
> "Please make sure your friends are comfortable with any use you make of their information."
All 425 of my friends? And how, pray tell, did you expect people do go about doing this?
Simply putting up a simple click-through disclaimer is poor moral defense.
That message is incredibly disingenuous, and I do not believe whoever launched it believed for one fraction of a second that users will actually go out and seek their friends' permissions to activate the feature. Facebook expected people to just tap merrily through, and well, people did.
Of course, that warning is from the Facebook app. The above comment is correct that there is no fine-grained security in iOS for user data (except location info). If Apple approves an app and you install it, you are trusting it will much of the data on your phone.
I do not work at Facebook or even know a single person who does. I've never even talked to someone — including on the Internet — who works for Facebook.
Your personal attack was incredibly uncalled for. Just because I do not feel Facebook is evil does not mean that they are paying me to say so.
(As to your actual point: yes, it actually does. The claim I was refuting is that Facebook "steals" contact information on your device. Well, in fact, it doesn't. It makes you confirm that you are okay with sharing this information with Facebook.
What else could they do? The only other thing I could think of is Facebook not offering this feature. They are doing quite a good job here making it clear what happens to your information if you share it with them and you have to explicitly give your okay.)
> "What else could they do? The only other thing I could think of is Facebook not offering this feature."
"Your friend [Bob Smith] wants to use Facebook Mobile Sync on his phone. This would allow Facebook to see any information he has in his address book relating to you. You can [learn more about Facebook Mobile Sync here]."
> "They are doing quite a good job here making it clear what happens to your information if you share it with them and you have to explicitly give your okay."
There are two issues with this:
- There is a social contract (at least, in Western countries, I cannot speak for this as a universal rule) where your contact information is private. This is why people ask "is it ok if I give Bob your number?". Facebook violates this fundamental assumption by allowing Bob to unilaterally upload all this private data with a simple button push, without clearing it with anyone.
- The fact that we had viral outrage when people's private numbers started showing up on accounts seems to suggest that they have not explained the use of this information sufficiently. If people are quite clear about what happens to this information, there would have been little cause for outrage.
That prompt doesn't really make clear what information Facebook will roll into its databases, nor does it make clear in what way it is exposed. The only thing users are clear about when they click through that prompt is that it means their Facebook friends' numbers will show up in their contact list.
You do realize, on iOS, that most contact info on the device is synced with either Google, or (in iOS 5) iCloud? Facebook is not making this information public, neither are those services.
And how can they ask every person in your contacts if they approve: even incorrectly assuming all of them have an account on Facebook, you would still need to upload that information for those accounts to be linked and the request messages to be sent. And that's invading the privacy of the user's address book: they are now sharing that someone is in their address book, even if they didn't want that person to know.
Finally, it does say exactly what is uploaded (which is much better, even, than iCloud or Google's sync: seriously, how can you argue that Facebook's contact sync is so awful and ignore Apple and Google's services?): emails, phone numbers, and names (I may be forgetting some here).
> "And how can they ask every person in your contacts if they approve"
By prompting the user the next time they sign into Facebook. This really isn't that hard. You can even make this a blanket permission: "I allow all of my contacts to store my contact info with Facebook". It's still miles better than what's there right now.
> "And that's invading the privacy of the user's address book: they are now sharing that someone is in their address book, even if they didn't want that person to know."
That's not the only choice. Facebook can just as easily say "Hey, we have [X] information about you that [Bob Smith] uploaded. You may [opt out] and we will delete this data."
There are many, many, many ways to mitigate the privacy concerns of this. Facebook right now is doing none of it.
Again, let me ask: you have all these concerns about Facebook optionally letting you upload some data stored on your device to be shared with nobody. Exactly what Google's Contacts, Apple's iCloud, and Microsoft's Live let you do. Why is this any different? All of those companies have competing social networks, why do they get a free pass from you? Why don't you block them in your hosts files and not let them track you on the web with their +1 buttons or Bing results?
But, anyway, how would they ask the person that doesn't have a Facebook account. What if they get the match wrong, if you have two friends named "John Smith"? This is a non-trivial solution for an issue fabricated against Facebook when identical (or even worse, see Google's use of contact data with Buzz: Facebook has never made this info public or even shared the uploaded information with anyone but you) situations have occurred since the first online contact management solution? Why is this the only case where every person should have to agree to let someone else use the service to store information about you?
This is why people let Google Contacts and iCloud "have a free pass". Neither Google Contacts nor iCloud does anything with my data - it's on their servers for backup and sync purposes. Could they be doing anything nefarious in the background with my private information? Sure, but neither company have a strong history of this.
With Facebook this trust simply does not exist, and when coupled with a poorly explained, poorly documented feature that seemed to have very few privacy controls around it (many Facebook features with less privacy impact have more privacy visibility), people flip out. Rightly so.
We cannot trust Facebook not to mine the shit out of the information uploaded from our phonebooks (and in fact, Facebook has never ruled this out), and eventually expose it to other people, even indirectly. When your company has a long track record of taking a cavalier (if not outright dismissive) attitude towards user privacy, the onus is on you to show you're above-board. The phone sync feature hasn't done this due diligence.
The fact that the phonebook data I'd be uploading isn't exposed directly to my other friends is very, very small comfort.
[edit] I've seen this exchange way more times than I'd like to. It's just a total failure of communication on Facebook's part:
I suspect that this was the main reason why Facebook wanted users to use the browser instead of a native app (and why the app is being launched more than 18 months after the iPad was first launched)
However, the proliferation of native 3rd party apps meant that users weren't using the browser to get to Facebook and that may have led Facebook to finally decide to release the app.
[edit1: To the downvoters - I didn't say that sandboxing provides 100% privacy protection. However, it does prevent Facebook from knowing which other sites you've visited, it prevents them from telling search engines who you are etc.]
[edit2: To Xuzz and others: login to facebook on your iPad browser, log into a website that collaborates with Facebook, you'll see that Facebook is aware your visit to the website. This won't happen when you're logged into the app (instead of being logged in on Safari)
Regardless of the downvotes, this is a matter of fact.(in fact, it was recently discovered that Facebook can track some of your web-browsing even if you had logged out)
Btw I made no assertions about "attacks" and I have no interest in debating emotional outburts such as "Please stop assuming everything Facebook does is out to personally attack you or your data".