Personal Data Flows and APIs
Personal Data Flows and APIs: "
On the heels of the Twitter privacy flaw, where users’ ‘protected’ data streams are automatically accessible to third parties via their API, Facebook has now been criticized for automatically enrolling all of its users (including me, apparently) in their new data-sharing API infrastructure. From Threat Level:
Popular social networking site Facebook announced, to great fanfair, a system that lets developers build new applications using Facebook user profile data, but one privacy advocate charges that the site failed to give users enough notice about how their personal data can end upon new websites without ever choosing to let that happen.
Thanks to the new system, Facebook users could find themselves having their looks publicly voted on at the Facebook extension site CampusRank.com, if anyone in their circle of friends nominates them. In fact, they could end up on that site or others and never know about it, since these sites can get data about you from anyone with the right to see your page on FaceBook.
Guilherme Roschke, a staff attorney at the Electronic Privacy Informaion Center and a Facebook user, says that FaceBook should have learned its privacy lesson from an earlier gaffe, when it unilaterally decided to push out information on users’ activities to their friends.
‘Facebook hasn’t told people they are now being exposed to third party applications,’ Roschke said. ‘They have made the general announcement, but there was no notice to me as to whether I wanted these settings. I didn’t have an oppurtunity to say no and I have to go in to the privacy page and opt out.
‘Privacy is about control, and Facebook should have recognized from the last revolt that people want fine-grained control over their data,’ Roschke said.Facebook is opening its community to outside companies using an set of hooks known as a Application Programming Interface, a set of protocols that let outside developers send structured requests to Facebook and automatically get information back. For instance, a Facebook user can log into a site that tracks political affiliations and that site can then send a request for user profile information about all of that person’s friends in Facebook. FaceBook hopes that opening up its data will make the site into a platform that will be widely used and keep it popular.
Its main rival, MySpace, has no API.
APIs have emerged as one of the defining features of this sexy Web 2.0 thing we’re slogging through at the moment - they allow all those nifty mashups and what not. Apparently, however, there is a need for scrutiny of the flow of personal information across API frameworks, whether users are consenting to these flows, and how they might impact existing informational norms (one of many future projects).
"
(Read Original Article - Via michaelzimmer.org.)
Delicious
Digg
Reddit
Google
Yahoo
TechnoratiRecent blog posts
- Apple patching serious SMS vulnerability on iPhone
- Enter the Advertisers - self-regulatory principles ?
- Out of business, Clear may sell customer data
- TSA asked to ensure safety of customer data after Clear closing
- Several Facts about Google and HTTPS
- China thinks twice – and its 300m internet users scent a rare victory
- Did the Sanford E-Mail Tipster or the Newspaper Break the Law?
- Supreme Court Serves Up Remote-Recording Victory
- Deep-Packet Inspection in U.S. Scrutinized Following Iran Surveillance
- ATM Vendor Halts Researcher’s Talk on Vulnerability
