Who Deleted Me, an app that let you know which users may have removed you from their friends list on Facebook, has been shut down — by Facebook.
In a blog post, developer Anthony Kuske says “Who Deleted Me was intended to be a useful tool to enhance users’ Facebook experience, but Facebook did not see it the same way.” He goes on to note the incredible scale his app reached over the past week, noting he had server issues from the popularity. Heck, our coverage of it was one of our more popular posts for July!
When I spoke to Kuske, he told me the app simply scraped the info from your friends list on Facebook — something you could see anyway. All his service did was automate the process.
The dust-up seems to be around Facebook APIs — which Kuske was not using for Who Deleted Me. Facebook’s Terms of Service outline that any developer making an app that integrates with its platform must use an API. This is discussed specifically in rule 3.2:
You will not collect users’ content or information, or otherwise access Facebook, using automated means (such as harvesting bots, robots, spiders, or scrapers) without our prior permission.
Who Deleted Me, without question, violated that rule. Further, Facebook’s platform policy states developers must “respect the limits we’ve placed on Facebook functionality.” Again, no arguing Kuske messed up, there.
A takedown letter sent to Kuske specifically states “your app shouldn’t circumvent Facebook features or functionality. For example, your app shouldn’t notify people when someone unfriends them or show people who viewed their timelines.” The picture associated with rule 4.4 specifically addresses that no service should do what Who Deleted Me was doing.
But was Kuske doing anything illegal? Perkins Coie, a law firm claiming to represent Facebook, sent Kruse a letter regarding Who Deleted Me, writing the app “created a severely negative user experience.”
Further down, the law firm writes “In addition to breaching Facebook’s terms, your Facebook-targeted application may violate the federal and state laws. See Computer Fraud and Abuse Act, 18 U.S.C. § 1030 and the California Comprehensive Computer Data Access and Fraud Act, Cal. Penal Code § 502(c).”
That’s “may violate” the law — not ‘is definitely’ illegal.
Facebook also disabled Kuske’s personal account, along with a friend of his who had nothing to do with Who Deleted Me, according to Kuske. His friend was simply noted on the app page footer.
Update: Got my personal Facebook back. But it’s useless because I’m blocked from liking, commenting, tagging or receiving messages.
— Anthony Kuske (@nthonyk) July 16, 2015
Both have reactivated their accounts, but Facebook has permanently banned the two from using its APIs.
When I asked just how “illegal” violating its terms of service was in this instance, Facebook refused to offer comment on the letter sent by its legal representation. Facebook’s Terms of Service do a good job of absolving it from responsibility should an app or service violate its terms, but there’s no mention of a developer being sued for violating any rules.
In hindsight, Kuske says he felt as though he shut Who Deleted Me down too quickly. “As time goes on, I’m getting more certain that I was actually doing nothing wrong and Facebook just bullied me into shutting [Who Deleted Me] down” said Kuske. “It’s pretty scary when this huge company start threatening you with legal action.”
The California Comprehensive Computer Data Access and Fraud Act cited by Perkins Coie specifically states it “affords protection to individuals, businesses, and governmental agencies from tampering, interference, damage, and unauthorized access to lawfully created computer data and computer systems. It allows for civil action against any person convicted of violating the criminal provisions for compensatory damages.”
Facebook also seems to have traveled this legal road before — against a corporation sidestepping its rules to gather data.
Its tactics in engaging an independent developer doing something it didn’t like are questionable. Not only did Facebook squash his access to APIs forever, but it disabled his personal account as well. Facebook could have reached to let Kuske know the app violated its terms, and given him some time to throttle it down into extinction.
Facebook actively chose — through legal means as well as personal ones — to step on Kuske’s throat. Rather than reaching out to its legal representatives, Facebook should consider rethinking how it reaches out to developers.