With FriendCSV, Data Sneaks Out Facebook’s Back Door

At last.

I’m not sure if it uses the CSV or not, but Facebook Sync (http://fsbsoftware.com/) pulls contact data from Facebook, identifies anything that’s missing in Address Book (Mac only), and makes changes or additions as needed.

Should I be scared of the potential uses of these apps?

I hope Mobile Number isn’t on that list of things that can shared.

My Card (http://apps.facebook.com/wmmycard/) allows you to display your virtual business card on your Facebook Profile. You can export your friends’ business card data into a CSV file or through vCards and hCards.

Data can only be exported if your friends also use My Card, and My Card users are aware that their information can be extracted from the application.

Mike - I’ve been using a neat app. that syncs your facebook contacts directly to Outlook. profile images are carried across also.

It works as a desktop module and i run it every month. And my Blackberry syncs with my notebook everyday, so it’s completely seamless!

fonebook it’s called http://utoronto.facebook.com/a.....amp;ref=pd

Yeah, Mark! Writing for TC!

This app brings me back to the original facebook (it’s first year) when exporting your friends data to a CSV file was built-in.

Just what we need, a way for some “not so tech savvy” Facebook users making that data searchable. I’m sure we’ll see them take the data out of Facebook and somehow upload it to their website, getting it crawled by Google.

I assumed (hoped?) that this info was accessible to Facebook Apps. Doesn’t this potentially represent a kink in the “barrier to entry” of other social networks? (And that’s a good thing, in my book.)

The way I see it, a big barrier for social networks is the fact that I can’t pull that “social graph” (rolls eyes at term) out of the network (as referenced in the article). Sounds like a new social network could simply say “hey, install this app in Facebook then e-mail us the data it spits out.” Or, users could simply enter their Facebook username/password and a site could “screen scrape” all those details as well, even if Facebook closes this opening.

So, I guess the only remaining barrier is getting all of your friends on the same social network. This is where Google (or some “independent” party) should step in and establish a social network framework that’s distributed and vendor-agnostic. Like e-mail addresses. Facebook should just be once type of social network application that pulls from and feeds into the network (think RSS for people instead of websites, like Twitter/etc. distributed).

NOTE: If this data is stored for more than 24 hours, then it violates the Facebook TOS.

Theoretically, any Facebook app has the ability to store all sorts of user information. But this is disallowed by the ToS: http://developers.facebook.com.....p;doc=misc

However, apps can access data in real-time, so there’s a lot that can be used by outside applications - as evidenced by Facebook apps that operate on third-party web sites or desktop programs that interface with Facebook.

I think apps like FriendCSV and Facebook Sync may be allowed by the ToS in that the person using the application stores the data on their local computer, instead of the application developer storing information on the application server.

People keep criticizing Facebook for not letting data out, but I think they’re simply being very careful about how they let data out. We’re not talking about one user’s data - we’re talking about an aggregation of data from many people (your friends), each with various privacy settings applied. And if developers can store data (as opposed to real-time updates or users storing data locally), that opens up all sorts of identity theft and privacy issues.

And personally, I think people tend to be too free with giving applications access to their data - while I expect Facebook to shut down malicious apps quickly, there’s a lot of potential for abuse.

Hey all. I’m one of the developers behind this app. We did it because it was useful and also to show people how open the platform actually is. As Troy mentions, it is SO open that I could theoretically take my 600 friends (and their profile pictures and full data) and launch an entirely new social network of just my friends, with data already populated. All that is missing is the contact info to force verification.

That is one extreme. The more practical use is that existing companies and networks will likely start to use tools like this to populate content and facilitate new invitations. We certainly don’t plan on using the data for anything other than our own use, but it will be interesting to see how people use this. It looks like there have been about 120 full data dumps so far, so the data are getting out there!

btw, I can tell that Facebook has been very careful about security so far… in hacking some Facebook apps, I’ve found several times that developers wrote the applications pretty insecurely, but because of the way Facebook setup their platform, most potential problems were completely prevented.

Also if you all want to get a full view of exactly what data can be exported (we only allow 13 at the moment), check out the bottom of this page: http://developers.facebook.com.....rs.getInfo

Ironically, I’ve been looking for an application that did this so that I could keep track of who my friends are beyond the Friend Confirmation request (which I tend not to use due to limited scope). It’s very cool to be able to graph statistical information once you can easily retrieve the data. For awhile, I was using some applications that just didn’t do this well, so it’s great to see that there’s an application that exists exclusively for this purpose.

To Dan and others behind the app, thank you very much.

I think the ideal social networking app. is something that sits on top of a SIP like protocol, and allows end user desktops to become the user interface, allowing multiple protocols and microformats to be exchanged — VOIP, RSS, hcard, etc.

Very useful, but not easy to monetize. At some point, people might start doing this if they get sick of all the social networks making it difficult for people to access their own information.

Facebook is essentially a datawarehouse with a strong social network functionality. If programs like this, hCard, and others will jeopardize their newly discussed advertising system, they will pull the plug. When will the open web evangelists realize that they are in the minority with “portable data”. If users have no reason to take their data out of facebook (strong applications, strong networking ability, generally happy) — then they won’t. Consumer’s don’t care about open social networks versus walled gardens, they care about doing what’s popular.

I would think this may turn away some users who have privacy concerns.

Facebook can be a pioneer by recognizing and allowing the sharing of this information by the developers.

This is one idea , I would like to implement in our own social networking site.

Why not provide a JSON call to get the userinfo.

http://www.meetingflex.com
Custom Social Networks

This information (and more) is available by just going to your friends’ profile pages. How is this sneaking out data? It’s just an efficient way of doing it for all of your friends at once.

Here comes our cute lil’ facebookyyyyyyy….Missed news on it for a couple of days….I almost cried !

What is this website you mention, called Facebook, and why haven’t you covered it before?

Seriously, the concept of handing over my social network to SOMEONE ELSE to control is beyond my tolerance level. I took one look at one business network, and looked up one of my competitors, and got their full contact list, and that’s all I needed to see what a bad idea this is.

FriendCSV is just a step in that direction for Facebook.

hmm..possible biz opportunity for companies like PayPerPost to purchase these lists and pay FB users percentage of ad revenue for targeted sales?

deadpool within the week

People keep mentioning the Facebook TOS but this app won’t violate the TOS if you extract data which you put there in the first place. Facebook can’t own the fact that you like to eat your toast butter side down. Anyone could use this app to export their social graph without violating any sort of anything

great aritcle
thanks….

Finally a first small flower on the wall around a big garden

That excel screenshot looks very plain if you were trying to develop some type of database from the information provided.

I gave a new try to Orkut today, they allow to export CSV as well. What is funny is that they allow export but no import They are already more open than Facebook then !

Security is always going to be an issue. Whether it is MySpace or Facebook, the safety of social information will always be the defining issue between a successful start-up and a bust! In my opinion the company that masters and solves the security issue first will “win” the war. This article doesn’t look so great for Facebook but I still have faith that Facebook will solve this issue first.

read more of my thoughts if you like http://actionstalk.com

oh dear. I’ve just verified Justin’s experience (see comment 29 above) . I have 74 friends on FB and exported 144 records - i.e. poeple i don’t know… more here: http://alexbarnett.net/blog/ar.....t-wtf.aspx

what’s going on? FB needs to sort this out. rapido.

Justin and Alex, this very unfortunate glitch has been fixed. Here’s what happened: After valleywag, techmeme, digg, etc. all picked it up, the server got overwhelmed and we had around 25 dumps that were in queue. FB times out after a few minutes, so to speed up with the dump, we added some threading to the libraries, which pushed the exports through in an instant, but also misplaced some of the data in what we now know to be at least four separate csv dumps. When we were alerted to this, we removed the threading and all was right again; however, the error did occur and it was our fault. We’ll continue to test the app during the night just to make sure this doesn’t happen again.

PRIVACY implications? I think so!

@ #22
I agree with the first part of your statement.

………”What is this website you mention, called Facebook, and why haven’t you covered it before?”

This was great!

Another application that recently launched on Facebook is called Digitbook. Like this app, it pertains to your friend’s contact information. With this app, you simply fill out your contact information that you want to share, and then any of your friends can see your latest info.

You can get the app here:

http://apps.facebook.com/digitbook/

To: Mark Hendrickson

I almost forgot. Very well written story.

Hi,

through all this discussion, one factor I believe is overlooked.

If you don’t want your data out there - don’t put it there!

If that makes me a social networking ludite then so be it. If it is out there then it will be accessible, ask the banks who have way more stringent requirements on security.

Once it’s out there, then it should be yours to move around as you see fit. AS for the point of other peoples data…even your friends. Me think not. If they want to move it, excellent.

An extension to this for a commercial model is to “opt-in” to allow others to have some or all of YOUR data.

I think you will find without this the PRIVACY laws in many countries start to be violated. This isn’t a technical challenge in the end - but rather - an ethical and legal one.

Dan, thanks for the explanation. My reponse here: http://alexbarnett.net/blog/ar.....t-wtf.aspx

This is pretty funny. The developer who made it is trying to sell it on the Developer Discussion Board and is taking some heat (I guess you have to add the developer app and login to see this): http://forum.developers.facebo.....php?id=551

Once the MS - FaceBook deal is complete we will fix all of this!
FaceBook will work as well as any other MS app!

http://fakesteveballmer.blogspot.com

Pete - Bring the heat! We really just built this as a quick one day experiment, and I’d be happy to have someone take it off my hands. There’s not a single one of the flamethrowers there who has a full grasp on the ToS, as far as I can tell.

It’s not like this information isn’t available already to any of your friends on Facebook, this App just makes it easier to aggregate and import into another application.
The breach of privacy happens when this third-party application doesn’t have the same access controls as Facebook.

I you post you information so that only your friends can see it, and one of your friends uses this App to export to csv and then import to somewhere else… such as MySpace then you’ve lost control of your information. It could be argued that you lost control of your information when you posted it on Facebook.

As mentioned before, if you want your personal details kept private, don’t post them on a website.

This actually uncovers a huge loophole in Facebook’s developer TOS, which I was thinking about for a while. If nothing stops an app from exporting users’ Facebook data, then you could have one that provides programmatic access to such data to any other third-party service. That third-party service would then be free to store data for any period of time it deems necessary with no obligation to Facebook. In this case, such third-party service is just the user’s mail server, but it could be anything else.

Granted, the user would first have to add the proxy Facebook app, but that is not an insurmountable challenge given the potential benefits.

Thanks for the update, Dan. Just to clarify, I’m not looking to dog your app, in fact a couple of my pals have been noodling this same sort of thing for some time and I’m impressed that you’ve pulled it together. The “leakage” issue is a big concern and I’d echo a number of statements by other commenters regarding owning your own social graph etc; however, if you put it out there, be prepared to have it consumed by someone.

Congrats on the app and the notoriety you’ve no doubt achieved. This is a pretty poignant event in the social conversation.

Is Facebook aware of this? They might get mad that you are not increasing their page-views to get information about your friends.

Hey all - given that I’m also a commenter on Facebook (and the developer of ths app), I wanted to add some more items:

+ The app was covered or linked to on 1,130 blogs: http://www.google.com/search?q.....=firefox-a, but no mainstream media.

+ We’ve had a total of 1064 installs thus far, but hard to tell how many actual exports at the moment

+ 4 TOS complaints were sent in that were forwarded to us, though only one of them held any merit, and that was tied to the temporary leakage we had.

+ The app is still up and running, but there has been a major outage with the API since 9:42am in that apps that do big data calls are experiencing instant timeouts. The issue is here: http://forum.developers.facebo.....php?id=596.

+ We received about a 100% increase on traffic on bigsight.org from this coverage.

+ We received 60 new installs on our other app, Backstory.

We’ll likely add more data levels to the export tonight.

#42: “I you post you information so that only your friends can see it, and one of your friends uses this App to export to csv and then import to somewhere else… such as MySpace then you’ve lost control of your information. It could be argued that you lost control of your information when you posted it on Facebook.”

Indeed, in such instances the app is irrelevant - if your friends have permission to view that information on Facebook, there’s nothing to stop them copying and pasting it into MySpace “by hand.”

Of course if it allows your friends to access data they *don’t* usually have permission to view, then it’s a different story.

Doesn’t work.

Adrian - it’s working now. FB made a bunch of changes to the API that screwed us and a lot of other apps up yesterday and this morning. Give it another try.

A non facebook app which lets you extract your info back from facebook and into a TiddlyWiki. A very simple poc but you get the idea.

http://simonmcmanus.wordpress......iddlywiki/

Getting friends data is actually documented.
http://developers.facebook.com.....hp?doc=fql