Finding my friends' old events crossed a moral boundary I honestly didn't expect to encounter.
What makes this all rather chilling...
Over-dramatic much? None of this is secret, or underhanded, or arguably even a violation of privacy. If you don't want your friends to see stuff, don't post it on Facebook. And if you don't want a particular person to see it, including some guy messing around with the API, don't be friends with that person.
It sounds like this guy is trying to make a mountain out of a molehill for the sake of attention, to be honest.
Well, I actually think the guy probably saw a lot of events he wasn't invited to, and/or some other things that made him realize that it was a violation of trust to see those things. I don't think the average hacker would get all choked-up about the principle of the matter quite so easily unless there was something meaty uncovered in his own life or circle of friends.
The moral boundary is that most users would assume that this information would not be public because they themselves cannot see other peoples' information through the web ui.
I don't write much info to facebook because I haven't taken the time to understand their security and application model. I can't figure out what the knobs do, or who can see what.
now I've got to weigh the utility of seeing all my past events (which is actually pretty cool) against the creepiness that friends can see the same info.
These would be juicy queries:
* which events for which I was not invited to, but that many other friends of mine were?
* when a friend declines events that I attend, which event did they accept/attend instead (bonus points for events that I throw)?
As mentioned elsewhere, this might result in some hurt feelings. Also, it would be creepy to the muggles to know that such magic back-doors exist.
Because, as others have pointed out, those events may not be things they wished to share.
Let's pretend you like activity X, and you'd like to keep that private. It could do with your sexual tastes. You may be a member of the Jarjar Binks fan-club. It doesn't matter, as long as it's something you'd prefer not everyone to know.
Let's say you also have a trusted friend who also likes X, and they invite you to an event. Except that event is marked as a public event (as determined by the event creator, not by you). You may decline the event, or not even respond to the invitation, and this may have even been years ago. However you're still in the event_member table, and that can still be retrieved by applications.
The end result is it's possible for friends to reveal your personal and private interests by inviting you to public events. Unless you take care to weed these out, those interests can then be found and inferred in the future.
The good news is that if you remove the event from your calendar entirely, then you're also removed from the event_member table, but I still have to test that fully.
As a general rule, sharing events information with your friends' applications is probably a bad idea, but luckily this can be turned off. I don't believe there's a way to prevent them being shared with applications you've voluntarily installed.
They may not want you to know. They may have had a reason for not telling you about the event (i.e. they're going to a party thrown by your ex-girlfriend). There's a number of social reasons people don't generally let people know everything they do.
If they don't want things published, they shouldn't be publishing them on Facebook. Nobody should be using Facebook as their personal calendar.
Also, if a detail of how Facebook handles event queries is enough to "keep you up at night", how the hell do you handle nuclear proliferation in the CIS states?
They should not be putting that stuff online anywhere. Even in 'private' services. If you put something online you might as well broadcast it on TV or radio, at least there the damage is limited to the moment of transmission.
Whatever you write or do on the internet will be there pretty much forever.
So, when in doubt, don't click 'submit', don't tweet, don't email and so on.
If they don't want things published, they shouldn't be publishing them on Facebook. Nobody should be using Facebook as their personal calendar.
Maybe, maybe not. With most people there's a definite disconnect between their expectation of privacy and their actual privacy, which makes even this overdramatized essay well worth a read.
Also, if a detail of how Facebook handles event queries is enough to "keep you up at night", how the hell do you handle nuclear proliferation in the CIS states?
This is not a point I would even attempt to rebut. :)
> If they don't want things published, they shouldn't be publishing them on Facebook. Nobody should be using Facebook as their personal calendar.
Most folks I know on facebook tend to use it to communicate with their friends. All of their friends are in one simple place, and they can arrange events easily.
They may not be aware of what they're doing until its too late or they read an article like the OP.
Its just ease of use that people have grown accustomed to.
If your friend goes to an S&M conference and posts that on Facebook under his own name, your friend is a public S&M conference attendee. If your friend swings, and posts that on Facebook under her own name, your friend is a public swinger. We are losing the forest for the trees here: Facebook is a publishing medium.
Assumption of anonymity/privacy. That's the ballgame.
Here's a model:
Friend A is a swinger. She's private about it, her facebook profile is hidden from searches, public, etc. She posts as attending a swinging event.
Friend A is connected to Friend B, another swinger (but semi public about it), someone she's met, trusts, etc.
Friend B sees Friend A's swinger party in his events-feed, and signs up to go to it too. Friend A 'likes' this. But that's OK, because Friend A trusts Friend B to know this information.
Here's where it breaks down:
Friend B is connected to Friend C, an ad-hoc internet friendship without the same level of trust between A and B (to hammer home the point).
What the poster of the article is saying, is that now Friend C can inspect Friend B's feeds and see what activity is going on by B's friends. So it's possible to determine that Friend A is interested in this lifestyle and what her name is.
Friend A expected her activities would be private and, through the website, it appears they are. But the API is permitting inspection that is not obvious and exposes information that would seemingly be private.
Yes, don't post stuff you don't want public (it's a good rule of thumb) but this is going a bit further than that and breaking the barrier of expected/perceived privacy and reality. That's not good.
When Friend A 'liked' an event on Facebook that arbitrary other people in (or even out) of her friend graph could also 'like', Friend A did something dumb no matter what Facebook does.
I wouldn't be arguing if Facebook betrayed A's private details to an anonymous search. But when you declare interests to Facebook, you concede your privacy.
You're suggesting a write implies a read too. I don't know I agree with that- just because i 'liked' something doesn't imply I get to know who else did.
The way I see it is that A's private details include her activities on the site (she's got her priv settings way high....) so presenting that information to people she's not connected with seems analogous to presenting it to anonymous users.
If you don't want people to see that you have declined an FB event, you should 'remove yourself from it' (I forget the exact terminology) rather than declining it.
Perhaps the fact that these are distinct actions is a problem with the FB event RSVP interface.
Once you put in in the public sector of the Internet it is always there. If people always operate under this assumption they will be fine (yes I realize in certain cases information may not be cached before it is removed.)
You shouldn't enter any information on a social networking site that you don't want everyone to see, no matter what the privacy settings tell you. Personally I am wary of sending sensitive information of any kind to a remote machine (of course I do it anyway ahem Gmail, ahem Amazon, ahem etc.) But to expect that you will be able to enter information on a social network and only have a subset of that site's users have access to it is much too high an expectation. No offense to Facebook but it is a difficult enough task to implement an efficient technical solution to this problem. But that is before you take into account the difficulty of explaining complex (or even simple) privacy controls to your users.
This is a really great demonstration of the privacy illusion but the illusion should not even exist. We should all lower our expectation of privacy on Facebook. Again, no offense to Facebook, but they can't meet the unreasonable standard set by some.
[Addendum]
* Facebook is not a private site. The term "privacy controls" is really misleading and should really be called something else that helps people understand how short they can fall of giving you true privacy.
* It is called a social network but our virtual societies have different rules than the real world. One notable issue is the Whiteboard Problem (yes I gave it a stupid name): The Facebook stream is like a whiteboard that you have given your friends access to but you can write comments on your whiteboard and they can write on yours. So whoever can see their whiteboard, whether they know you, can see what you wrote and learn of your existence.
* Another issue, the rules of information are completely different. Referencing the hypothetical swingers in other comments on this submission if I am a) invited to my "swinger conference", b) I accept the invitation, and c) we take lots of pictures only the diffusion of that information has strict constraints in the physical world. Once it is on Facebook a) non-swingers will likely have access to my swinger invite, b) non-swingers can see my response, maybe even in their stream and c) they may find my photos (last time I checked private Facebook photos are relatively easy to access.)
Once again, treat Facebook like a public whiteboard that represents you. For the most part only people you know wil see it but keep it blemish free just in case. So no "swinger conferences" on FB.
> "I didn't expect it to share info when people had declined those events."
Just to clarify, does this mean events you replied "No" to, or events where you clicked "Remove from My Events"? If an API call surfaces the the latter, that would indeed be worrying.
It would be an annoying bug. It would not be a breach of the public trust. For every time quantum that passed between you publishing the event and you removing it, any of your friends could have scraped your attendance.
Finding my friends' old events crossed a moral boundary I honestly didn't expect to encounter.
What makes this all rather chilling...
Over-dramatic much? None of this is secret, or underhanded, or arguably even a violation of privacy. If you don't want your friends to see stuff, don't post it on Facebook. And if you don't want a particular person to see it, including some guy messing around with the API, don't be friends with that person.
It sounds like this guy is trying to make a mountain out of a molehill for the sake of attention, to be honest.