We are creating an application that will ask the user for permission to their friends, and then will store their friends_ids in our database, does this violate the terms of service? If so, where can we find this violation cause I couldnt seem to find it.
See the Platform Policy, section II.
You can store the data, but be sure to make it clear to the user. You can't use the data outside of the application or sell it (obviously). For friends list, you should update the list every 24 hours to account for new / removed friends.
Related
Hi i create application that is common to youtube and i`ve got some questions. I use google login(oAuth), so i keep in my database all things required to use google APIs for every user that wants to log in. The question is if i can use(is it possible and legal) google analytics to get info(like gender of people which shows his/her video or age or region) about every user that is loged in to my application and show it to another users which using my application ?
edit:
I do not know if you understood me well, user log in to my app with his google account, i have in my database his google token, etc. In my application all users have got youtube account and now what i want to do is that if you are log in, you can see user`s statistics from youtube(like the gender of people who watch his/her video and what is thier age) for any user registered in my app. There is a youtube analyse api, which alow you to get your account stats, and if i have access to someone`s google account(i keep toke in my datbase), i couldnt just use it to request that analyse api for every user and in that way get access to their stats. And another question is if i get data in the way that i described(of course if it is possibe), is it legall, if i can display such an info to other users not only to the owner of the account?
Thanks for help
Is it legall, if i can display such an info to other users not only to the owner of the account? Thanks for help
If you are authenticating a user to get access to their Private data. It is your responsibility as a developer to ensure that their data remains private. You should not be sharing data between your users without there express permission.
If the data you are accessing is public then you are allowed to display that data with anyone.
Remember when you created your google developer console account you agreed to this Google APIs Terms of Service
b. Compliance with Law, Third Party Rights, and Other Google Terms of Service
You will comply with all applicable law, regulation, and third party rights (including without limitation laws regarding the import or export of data or software, privacy, and local laws). You will not use the APIs to encourage or promote illegal activity or violation of third party rights. You will not violate any other terms of service with Google (or its affiliates).
d. User Privacy and API Clients
You will comply with all applicable privacy laws and regulations including those applying to PII. You will provide and adhere to a privacy policy for your API Client that clearly and accurately describes to users of your API Client what user information you collect and how you use and share such information (including for advertising) with Google and third parties.
You may also want to read Privacy policy
I use the Dropbox Datastore in an app that uses both the iOS and JavaScript SDKs. Aside from the 10MB datastore limit, it works pretty well.
But nearly every support request I get makes me wish I could have access to the user's data for debugging. Being able to see exactly what the user sees helps me to find and fix bugs very quickly.
Is there any way for me to access a user's data without logging into their account? Can I maybe store their access token and gain access to just their Dropbox Datastore data?
This is one of the attractive things about Parse: you can see all user data. While there is a lot of wisdom in sharding user data across Dropbox user accounts, it makes app debugging crazy-hard.
Any ideas? What do you do to get around this?
Dropbox datastores, like files, are considered the user's private data, and as such there isn't a way for an arbitrary party to gain access to said data without some sort of authorization (e.g., access to the account, having the data explicitly shared with them, etc.) Likewise, even the developer of an API app that a user happens to be using doesn't automatically get access to the data.
That said, if, as the developer of the app, you want to troubleshoot using your user's data, the most straightforward method would probably be to get an access token for that app/user pair from the user. That would replicate their setup most accurately. (Unfortunately, the Sync/Datastore SDK doesn't make it easy to extract/insert arbitrary access tokens like that though. So, in that case, this would be a bit of work to build some flow to get an access token, e.g., a small web app, and then some work to read data directly from the API.)
Alternatively, you may want to make it possible for the user to share the datastore with your own account.
In any case, it's very important that the user not be misled or confused as to what is happening or what the developer is requesting. That means being clear with user with regards to what the developer is requesting and what will be done with the data. In addition, apps should provide privacy policies in general.
Does anyone know if there is a way to retrieve the number of members a FB Group had on a certain date?
The usecase is that I want to make a historical graph of member-growth.
A hack could be to check when current members joined, but then you'd miss all members that have joined and left.
Reading some other discussions, it seems like there is no Insight data available for groups, only registered domains, pages and page posts. You won't be able to access historic data directly. You can start measuring now and build up your graph of membership growth by accessing the group/members API regularly (You can use cron to do this in a lightweight way and add the data to your database).
Not so sure with Facebook groups, but with the Facebook App, you can record the access token of the users for later use. Or you can store member id and date they joined in your database. Heroku provide Postgres for that. For the free cronjob, you can use like setCronjob.com to regularly schedule the offline jobs like gathering and calculating the statistic based on the user data that you stored.
Let me explain the whole thing here so you can have a clear picture of the situation:
I have a page on facebook and the insights (both on the page and from the graph api) give me a lot of valuable information, but I need to go deeper. I was thinking of applying the social network analysis concepts (centrality, betweenness, eigenvector, etc) on who likes/shares/comments on my pages posts/pics/etc, so I can find the key-users of my page and how virality spreads among them.
Lets take 'liking a post' as an example. First thing I need is to get a list of everyone who liked that post, which is simple and can be done with a few requests to the graphapi. Now comes the tricky part: I need to know the relationship between all these people who liked the post, but I don't have access to their friendlist. To have access to the friend list I'd have to make the page an app and request that permission, which can't be done at this point. But facebook api allows you to check if two individuals (user1 and user2) are friends with a request like this: user1/friends/user2, and for that I don't need special permissions, just a regular token. Well, so far so good, I just get the users who liked the post and check two-by-two which ones are friends. But here comes the problem:
I can make batch requests to the API, which means I can check 50 pairs of users with one request. And from what I read, facebook allows 600 requests each 600 seconds. Simple math: 30,000 pairs of users each 10 minutes. It's a big number, should be enough. It isn't. Let's assume that the post has 1,000 likes (not being optimistic at all). I'd have to check user1 against the other 999 users. Now user2 would have to be checked against the remaining 998 users (no need to check against user1 again, because the friend-check works both ways). User3 against 997 users and so on, until user999 needs to be checked against 1 user. Therefore I'd need to perform 999+998+997+996+...+3+2+1 checks, or 499,500 requests, which means almost 3 hours to get the data obeying facebook limitations. 10k likes would take over a week!
So my question is: is there any other way to make this work? Another way of getting data, or a largest batch request? Some way I can retrieve this data? Or it's just impossible, since facebook retains the important information?
Thank you for reading all this and helping me out ;)
What you are trying to get to is information that Facebook does not want easily available.
In the same way that you don't have access to "friends of friends", trying to reconstruct social connections takes far too many calls to the API since, as you stated, you would need to test against individual pairs.
Whilst your question is valid and from what I can tell you are not trying to obtain this data to to perform some malicious actions, I'm afraid that at this point you'll just have to use the data that Facebook makes available to you through the Insights application and the access to that data though the API as well.
I'm making a application for facebook that will be used for academic research. Right now when the user goes to install the application I'll request additional information which is stated in the extended permissions.
I would perfectly understand someone not wanting to give out certain aspects of this information (It's just used to gather statistics about people taking part , education, religion etc.)
Does anyone know the best way to filter the permissions? For instance maybe someone is willing to give their age but not education. Therefore can I remove the education request from my application install request dynamically?
If you want to ask the user for only those permissions that he wants to give, you can take input from him before redirecting to Facebook login. You can generate the url for requesting permissions based on this custom set of permissions using the 'perms' attribute of the <fb:loginbutton /> tag or pass the list of permissions you want to the $facebook->getLoginUrl(array('req_perms' => $perms)) call.
To keep track of permission changes, you can use the realtime updates offered. You can know more about it here.
You certainly could build an up-front permissions matrix that the user could cherry-pick from. And that would probably be the way to do it, since you can't do anything to customize the permission challenge that the Facebook Platform generates.
The trick would be keeping track of which permissions the user granted in the given access token you'll receive from back from the Platform. Especially since users can change the permissions granted to your application w/o visiting the application itself - so you'll want to be hooked in to that info via the Real Time Updates.