Hey guys, this is more of a question out of curiosity, but is it possible to get somebody's Facebook page after they have visited your site?
Was thinking maybe a chain of lookup stuff could be used starting with an IP to eventually perhaps get a name and thus that person's Facebook page. I have also heard you can read somebody's web history, is this true?
If you want something, ask for it.
Seriously: you can use Facebook Authentication {instead of|in addition to} your site's registration/login system. It's really not that hard and it's well documented (pay attention to FB's data policies though: what you can do/must not do with the data, how long you can keep it etc.)
When users sign into your app through FB Auth, they must grant your page (temporary) access to their basic profile (at least, I haven't found the way to only use FB Auth for authentication, without granting access to profile data).
On the other hand, if you are planning to track your site's users on FB without their knowledge and/or consent, there's a word for that: "stalking"; in some places, there's even a penalty of law to go with it. In such case, I would recommend talking to a lawyer first - just out of curiosity ;)
Related
Okay, this is a rather specific question but I'll ask it here since I don't find any form on FB's website, this looks like it's the official place for FB support so here I am !
I am a part of a company which produces a unique web application for visually impaired people. Long story short, we take content from a bunch of websites and webservices and centralize everything in a single application, which is accessible, vocalized and controllable using the keyboard.
We would like to add a Facebook client to the application, using the Graph API. To make an acceptable client we would need "risky" permissions such as read_stream and manage_notifications, but I read that they are only granted for Facebook Clients written for a platform on which a FB client does not already exist.
So here is my question : do I have any chance to have any of these permissions granted, or am I wasting my time developing an app which will never be approved ? In order to submit the app for reviewing I must start to write it, and I wonder if it will be worth of my time.
Thanks :)
As WizKid stated, read_stream and manage_notifications are not granted to anyone but are kept in the documentation for legacy purposes.
We are in the process of creating a new authentication system for all of our company web apps. We are considering allowing users to login via Facebook, Google, Live, etc.
What are your thoughts on safety, privacy and security of allowing Facebook access to our users? People are telling us horror stories of Facebook tracking them even when not logged in to Facebook. Has the world chosen to accept ease of login over privacy protections? Are these fears all myths?
Safety depends very much on the code as you implement it. I prefer to avoid logging in people with Twitter, because it is very easy to create a fake account on Twitter. For now, I am with Facebook and Google, and I've noticed nothing particularly "dangerous" in terms of security.
The odd phenomenon (at least as far as my experience goes) is that, when presented with two options, i.e., the possibility to sign up with a "stardard form" that requires a verification email (long procedure) and the possibility to click a button and login with Google, Yahoo, or Facebook (fast and easy), users prefer providing their information with the form, the good old way. It must be due to rumors about the privacy breach you mention.
I don't think I can dismiss or confirm such myths. The sure thing is that the Google+ button (the +1 button to be more specific), says hi if you visit any site that has it while you're logged in, and greets you by name. Google analytics suggests you change your privacy statement if you decide to track the interests and hobbies of visitors. Facebook has insights too. I don't think that these are all myths.
Privacy also depends on what you do with the data you can collect with Google/Facebook/Live login. I have made it a point not to share, sell, use any of the information gathered - not even emails, not even for newsletters (I don't send newsletters). I do understand that this may be pure idealism, and that it doesn't bring you that far if you have to run a business (not sure!), but so far it's working fine, at least for me, and for my users.
I am trying to build an google chrome extension for Facebook.
I should be able to access the facebook api without actually asking the user to authenticate explicitly for my extension.
Is there a way to do that?
The answer is yes and no.
Yes: You can "read" as much as a they have loaded in their page through a Content Script that reads the window document. A good example could be the following.
In the manifest.json
"content_scripts" : [{
"matches" : ["http://www.facebook.com/*"],
"js" : ["js/vendor/jquery.min.js", "js/content.js"],
"run_at" : "document_end"
}]
In the js/content.js
var document = jQuery(window.document);
var posts = document.find("div[role='article']");
and then you can read as much as you wish of the user, or well, as much as the page loads. You could have some sort of timeout mechanism that checks whether there's new content in the page, or new elements were added to the dom, but at the end the user has to scroll down to load information, or you can hack this through Javascript.
No (and why you shouldn't): I'm not a legal guy, but I had been developing long enough to know that whenever a platform gives you an API, you are supposed to use it. Why? Because they can control what information you are reading, and they can protect their user information that way.
This is actually a delicate line, because sometimes you can enhance a website experience without necessary using a website API (and sometimes they don't even have one). This is then even appreciated if you are actually improving the user experience. In this case thought, I wouldn't do it though, because:
It's Facebook, I'm pretty sure they have in some Terms of Service a line where they describe what I just wrote about reading user's information through external scripts.
External applications that crawl your data have had bad reputation since day one (automatic posts, scamming, scrapping information, etc)
Facebook API is now based in Oauth2, which in its foundation was made to protect the users; through a token denial, a user can stop at any time an application from reading his/her data, while your application has no mechanism for that (uninstall may be it, but you may have stored already his/her data)
It's not that hard asking for permission and you would be saving yourself a lot of trouble.
How to do it the right way? Request an application ID, and load the facebook SDK in a Background Page. Prompt the user permissions (yes, the right way includes asking the user for permission on what you can read so he/she can deny you access to them if you misbehave) and then query the Facebook API with that.
Think about it. You can create an extension that reads the content of a user page whenever he logs into his/her bank. Or his email. Actually, anything that a user sees inside a browser window can be retrieved by an extension. This is extremely dangerous to the user if there's no control over which information is being taken from him!
Ask for permission first. Don't be THAT guy ;)
I know pretty well that this topic has been discussed very intensively (I read a lot all over the day).
Still, how probable is it that FB might allow me to create a frontend crawler for a non-commercial, non-public research university project?
My crawler should repeatedly lookup a very limited number of specific public fan pages and collect anonymized data like number of fans, status updates and their number of likes and number of comments each.
What I would like to show is what kind of topics in media pages are "liked" and discussed most and how that develops over time. I know about FB's restricted TOS. Thanks for your opinion on that.
The second question concerns technological approach / authorization: Reading a fan page's number of fans, status updates and their number of likes each - could I even use the API/OpenGraph for such a crawler? I think for reading page walls, you need an access token at any cost, and realizing an automatic "crawler" via an application therefore is not possible I guess (as apps only react to users' actions and cannot act like cron jobs for example)?
As you see, I am pretty new to FB development and logic. Thanks so much for your expertise.
If you mainly target public pages then you should be ok.
You need to have a facebook app and then you can authenticate as the app from your program.
You will get an app token with which you should be able to use in order to crawl public pages data.
If you check the documentation for the Page object you'll see in the tables (fields and connections) that most of what's in the Permissions column is either "No access token or user access_token" or "any valid access_token or user access_token", if you have the app token you're good.
Also, and I think this is something you'll be interested in, the Page object has the "talking_about_count" field.
So, yes you can do it, at least most of it.
As for the TOS, since all of this is perfectly ok and straight from their official documentation, there's no problem.
I want to create an iPhone app that displays (among other things) a specific Facebook wall. For a good user experience I didn't want an app that required the user to have a Facebook account and I didn't want to force the user to have to log in to Facebook to see the latest "news" in the app. I started out by getting the wall RSS feed and tried parsing it ... I can "see" all the data I need ... but that is getting complicated quickly and has too many variables that are making the final results less than stellar. I have read through the Facebook iOS programming tutorials and it seems to me like the SDK forces the user log in, which I don't like.
My question ... Is there a way to use the Facebook SDK with hard coded profile credentials to access a specific wall without forcing the user to login? If possible, is that a recommended approach? Any other ways to skin this cat?
I have read through the Facebook tutorial and searched through many postings on this site but haven't found an answer to this ... sorry if this a newbie question and has already been answered.
Item I.2. of the Facebook API policy list says
You must not include functionality that proxies, requests or collects
Facebook usernames or passwords.
It sounds to me like that's what you're proposing to do; i.e., the user will be able to see a certain wall, but using hard coded credentials (not their own). In other words, your credentials are proxying for the user.
I do not know if it is technically possible to do this (I imagine it is) but I don't think it's a good idea, and I do think it's a violation of the Facebook API terms of service.
First you need to get the a access_token by parsing your app id and secret.
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET
Then send following request to get the data you want. Note that only public data will be accessible.
https://graph.facebook.com/FACEBOOK_USER_ID/?access_token=ACCESS_TOKEN