Facebook has just announced at their Facebook’s Developer Garage that developers on their platform will be given access to their users email addresses.
The goal is to create a more ‘open’ Facebook and let developers feel their users/customers are actually their own, rather than just Facebook’s.
For developers, this will mean App-to-user notifications will eventually be disabled and developers will have to contact users via email to update them about application updates. For your average Facebook user, the consequences of such a move are significant.
Whenever a user ‘installs’ an application, the developer requests the users email address (similar to the various other requests you find when installing an application) and if accepted, the developer is handed their email address, along with first name and last name. This WILL be optional however there will no method of contact for the application developer should the request no be accepted. Therefore for full application functionality, developers will be able to store all these details for use for that specific application but potentially for alternative use as well.
If we consider for a moment the number of Facebook users who use applications (figures being researched but we can assume it’s huge), it’s a daunting prospect to consider that email accounts will be freely passed along to their developers who are then able to contact their users directly with no Facebook intersect.
When Ethan Beard, Lead of Platform at Facebook, was asked if users would be able to select whether or not to be contacted directly (by sharing email address with the developer) or via Facebook, Beard’s response after a moment’s silence was something along the lines of “that’s like asking someone to call you but not giving them your phone number”. Sadly, not quite, Facebook has (relatively well) acted as a solid intersect between applications and users inboxes. By removing an application, you could be comfortable in the knowledge that the application’s developer would not be able to contact you.
Now, that changes, and without an intersect, a developer’s users (no matter how silly an application may be) have an authenticated, up to date email address, first name and last name. All it takes for one mildly successful application from a seedy developer, and names, email addresses and potentially other private profile information is theirs to abuse.
On a very contrasting note, it might be fair to say that similar to the many web services we sign up with every day, we hand over our name and password, quite often birth date as well. Why shouldn’t Facebook applications be considered on equal footing and therefore have access to the same information when users sign up. I would argue that when most of us sign up with various other online services we’ll often decide to give a fake name, scrap email address and almost consistently the same fake birth date too. With Facebook, we’re handing over our real name, real email address and for most Facebook users their real birth date too. The moment you change your email address, application developers have the up to date new one. The only way round this is to give Facebook, a fake name, your scrap email address and yep, the made up birth date too.
If that happens, then it threatens one of Facebook’s greatest strengths, being an up to date, generally truthful telephone book of the people you care about.
Can you give us a source for this information?
“developers will be able to store all these details for use on that application as well as for future use.”
not correct. According to the Facebook TOS for applications it is not allowed to store anything excepts for the Facebook UID and a few other insignificant ids in terms of personal data (such as event ids). The only way you could do that is for the user to explicitly give permissions to the application for offline storage.
How do i feel about this? Disgusting. But, like Jack above, I gave them my catch-all email address.
Nonetheless this is disappointing: This is no sophisticated business model under operation – it’s the high-anxiety desperation move of high school tech hooligans selling off the privacy of their user asset base to keep the app developers from light speed migration. Undoubtedly the FB attourneys have checked the TOS that this snarky move is ….legally acceptable. As i said: Supremely Disappointed.
http://wiki.developers.facebook.com/index.php/Developer_Roadmap
“Developers will be able to ask users to share their primary email addresses (for example, firstname.lastname@domain.com).”
This is no different than any other FB Connect permission. The developer/application must ask for this permission.
So will the applications I already have authorized have access to my email? Or just ones I authorize since this announcement? I had originally used my “spammy” email to sign up on Facebook and then switched it to my personal one….guess I’m switching it back.
I think it is important to get to the bottom of this issue because you are correct: Smart people will give throw-away Email addresses to unknown entities and they will always fake their birth date – there is no reason why anyone needs to know the latter.
Why are people so protective of their email addresses? I post mine publicly, all the time, and don’t have any particular problems doing so.
A email address is not top-secret confidential information. It’s a way to contact you. That’s it. If you have problems with spam, then get a spam blocker and be done with it.
Ok wait, maybe I’m a little confused.
If I don’t allow access to any apps, then no apps have access to my email address or name.
What’s the problem?
@Pepperfire
http://www.intendmedia.ro harta floresti facebook
For developers, this will mean App-to-user notifications will eventually be disabled and developers will have to contact users via email
to update them about application updates. For your average Facebook user, the consequences of such a move are significant.
I would like to know more about facebook app developer e-mail. Can you share more links?
yeah because if face book developer hack the account . who are responsible of that?
I read your post. Its interesting and very nice to read. thanks.
This is a very interesting blog post.
Thanks for posting!!!!
Did you just watch the Facebook’s Developer Garage event? The question was asked and email addresses are definitely available to store offline – unless I completely misinterpreted the answer.
Let me correct my last statement: It is not possible to get permission for offline storage, but for offline usage of the API for the user who grant permission for it.
And for local storage I do not see these announced changes (http://developers.facebook.com/news.php?blog=1&story=326) stating anything about storing any personal data.
It wouldn’t go to your Facebook inbox. It would go to your actual e-mail address.