It's called "Newsfeed RSS" but apparently exports the full ATOM activity stream (the developer said "I guess we are using 'RSS' in the generic sense since people are familiar with that term.").
Anyway, I'm eager to try this out, just because it should make it easier for me to get at the raw data coming out of Facebook without having to build a real app. Can has public ATOM feed for my PUBLIC stuff?
Chris
-- Chris Messina Open Web Advocate
factoryjoe.com // diso-project.org // openid.net // vidoop.com This email is: [ ] bloggable [X] ask first [ ] private
That's a great post by Marshall about interesting ways to use news feed given this app. It's also great to see the Activity Streams markup make it through the transformation.
Personally, I setup a Yahoo! Pipe to keep track of my friends talking about tech.
It's called "Newsfeed RSS" but apparently exports the full ATOM activity stream (the developer said "I guess we are using 'RSS' in the generic sense since people are familiar with that term.").
Anyway, I'm eager to try this out, just because it should make it easier for me to get at the raw data coming out of Facebook without having to build a real app. Can has public ATOM feed for my PUBLIC stuff?
> It's called "Newsfeed RSS" but apparently exports the full ATOM activity
> stream (the developer said "I guess we are using 'RSS' in the generic sense
> since people are familiar with that term.").
> Anyway, I'm eager to try this out, just because it should make it easier
> for me to get at the raw data coming out of Facebook without having to build
> a real app. Can has public ATOM feed for my PUBLIC stuff?
> Chris
> --
> Chris Messina
> Open Web Advocate
> factoryjoe.com // diso-project.org // openid.net // vidoop.com
> This email is: [ ] bloggable [X] ask first [ ] private
>> It's called "Newsfeed RSS" but apparently exports the full ATOM activity
>> stream (the developer said "I guess we are using 'RSS' in the generic sense
>> since people are familiar with that term.").
>> Anyway, I'm eager to try this out, just because it should make it easier
>> for me to get at the raw data coming out of Facebook without having to build
>> a real app. Can has public ATOM feed for my PUBLIC stuff?
>> Chris
>> --
>> Chris Messina
>> Open Web Advocate
>> factoryjoe.com // diso-project.org // openid.net // vidoop.com
>> This email is: [ ] bloggable [X] ask first [ ] private
>>> It's called "Newsfeed RSS" but apparently exports the full ATOM activity
>>> stream (the developer said "I guess we are using 'RSS' in the generic sense
>>> since people are familiar with that term.").
>>> Anyway, I'm eager to try this out, just because it should make it easier
>>> for me to get at the raw data coming out of Facebook without having to build
>>> a real app. Can has public ATOM feed for my PUBLIC stuff?
>>> Chris
>>> --
>>> Chris Messina
>>> Open Web Advocate
>>> factoryjoe.com // diso-project.org // openid.net // vidoop.com
>>> This email is: [ ] bloggable [X] ask first [ ] private
Hey, sorry, don't have any official word on this, but just looking at the
RWW article, I think there are some definite privacy issues with this app
which I'd imagine led to it being taken down. Use case #3 from the article
(create a twitter account to import your entire news feed into) seems
particularly egregious - imagine if just a few hundred thousand people
decided to do that - suddenly you'd have tens of millions of people's
private content publicly searchable on Google without their permission.
We're certainly not opposed to enabling you to export your own content (in
fact, we're always trying to work on ways to make that easier) but exporting
all your friends' content to a totally public place without their permission
isn't cool. Hope that makes sense.
Incidentally, this is the type of thing that we'd LOVE to see some type of
standardized protocol attempt to solve (enabling a way to export private
content while preserving the appropriate ACLs). The only attempt at this
that I'm aware of was http://www.bloglines.com/about/specs/fac-1.0 but as
far as I know it never really gained wide adoption, and I'm not sure it
really does enough.
-Ari
>>>> It's called "Newsfeed RSS" but apparently exports the full ATOM activity
>>>> stream (the developer said "I guess we are using 'RSS' in the generic sense
>>>> since people are familiar with that term.").
>>>> Anyway, I'm eager to try this out, just because it should make it easier
>>>> for me to get at the raw data coming out of Facebook without having to build
>>>> a real app. Can has public ATOM feed for my PUBLIC stuff?
>>>> Chris
>>>> --
>>>> Chris Messina
>>>> Open Web Advocate
>>>> factoryjoe.com // diso-project.org // openid.net // vidoop.com
>>>> This email is: [ ] bloggable [X] ask first [ ] private
Ari -- this has come up a number of times.
I'm curious — realistically, there is no way to prevent people from leaking
their friends' data if they can get a feed of the data — apart from some
kind of DRM (to my knowledge). How are you guys thinking about tackling this
problem if the data needs to be in standard formats to be useful (i.e.
RSS/ATOM) and yet those formats themselves don't deal with access controls?
We talk about using OAuth for providing access to individuals to get the
data that they can already see from outside an application — but once it's
brought outside the app, it's the social contract that keeps the data safe.
As it is, if I take the feed of my Twitter friends' posts — including my
friends who are private — and syndicate that to some third party site (like
Google Reader) — the data could leak.
Wouldn't it be better to make this use case a "known issue" and let me lose
my friends than try to be in the position to keep all people's data safe
forever?
Curious your current thinking on this?
Chris
On Sun, May 3, 2009 at 11:52 PM, Ari Steinberg <arimsteinb...@gmail.com>wrote:
> Hey, sorry, don't have any official word on this, but just looking at the
> RWW article, I think there are some definite privacy issues with this app
> which I'd imagine led to it being taken down. Use case #3 from the article
> (create a twitter account to import your entire news feed into) seems
> particularly egregious - imagine if just a few hundred thousand people
> decided to do that - suddenly you'd have tens of millions of people's
> private content publicly searchable on Google without their permission.
> We're certainly not opposed to enabling you to export your own content (in
> fact, we're always trying to work on ways to make that easier) but exporting
> all your friends' content to a totally public place without their permission
> isn't cool. Hope that makes sense.
> Incidentally, this is the type of thing that we'd LOVE to see some type of
> standardized protocol attempt to solve (enabling a way to export private
> content while preserving the appropriate ACLs). The only attempt at this
> that I'm aware of was http://www.bloglines.com/about/specs/fac-1.0 but as
> far as I know it never really gained wide adoption, and I'm not sure it
> really does enough.
> -Ari
> On Sun, May 3, 2009 at 11:50 AM, Darren Bounds <dar...@cliqset.com> wrote:
>> None that I've seen yet.
>> On Sun, May 3, 2009 at 2:47 PM, Chris Messina <chris.mess...@gmail.com>wrote:
>>> *cry*
>>> That's quite lame. Without explanation?
>>> On Sun, May 3, 2009 at 6:45 PM, Darren Bounds <dar...@cliqset.com>wrote:
>>>> As I'm sure everyone's aware and expected, Facebook has removed this
>>>> app.
>>>> On Thu, Apr 30, 2009 at 8:15 PM, Chris Messina <chris.mess...@gmail.com
>>>> > wrote:
>>>>> Dunno if you have seen this (and I hope raising awareness here doesn't
>>>>> get it shut down), but someone built a feed exporter for Facebook:
>>>>> It's called "Newsfeed RSS" but apparently exports the full ATOM
>>>>> activity stream (the developer said "I guess we are using 'RSS' in the
>>>>> generic sense since people are familiar with that term.").
>>>>> Anyway, I'm eager to try this out, just because it should make it
>>>>> easier for me to get at the raw data coming out of Facebook without having
>>>>> to build a real app. Can has public ATOM feed for my PUBLIC stuff?
>>>>> Chris
>>>>> --
>>>>> Chris Messina
>>>>> Open Web Advocate
>>>>> factoryjoe.com // diso-project.org // openid.net // vidoop.com
>>>>> This email is: [ ] bloggable [X] ask first [ ] private
>>>> --
>>>> darren bounds
>>>> dar...@cliqset.com
>>> --
>>> Chris Messina
>>> Open Web Advocate
>>> factoryjoe.com // diso-project.org // openid.net // vidoop.com
>>> This email is: [ ] bloggable [X] ask first [ ] private
Chris, these are tough questions which sadly I don't have great answers for. I'll take a stab at them, though...
I'm curious — realistically, there is no way to prevent people from leaking
> their friends' data if they can get a feed of the data — apart from some > kind of DRM (to my knowledge).
Yeah, I think the goal here is not to make it impossible, but to make sure that someone who is doing it is really doing it willfully. If you want to take a screenshot of your feed or copy and paste it or whatever, obviously we are not going to try to stop you from doing that, and hopefully you'll have a pretty good idea of the implications of your action.
But if you can just click a couple of buttons under the assumption that you are setting up some new convenient way of reading your friends' content and now you've inadvertently enabled permanent exporting of all of their data to the entire world, then that's quite a bit worse.
> How are you guys thinking about tackling this problem if the data needs to > be in standard formats to be useful (i.e. RSS/ATOM) and yet those formats > themselves don't deal with access controls?
I think this is why we've historically been hesitant to adopt RSS/ATOM for the entire feed. If we could come up with some standard that says "here is a private feed, do what you want with it but only show it to the person whose feed it is" then we'd adopt it in a second. The tricky thing is, if this was just an extension of ATOM/RSS (like the bloglines spec), there's this annoying legacy issue where consumers of the feed who don't know about the standard will inadvertently expose the data. I don't know a great way around this but I'd love to hear thoughts from others on this list. one straw-man i'll throw out there which doesn't sound great is "make a standard with intentionally different names from ATOM so that we can enforce that there are no legacy feed consumers who inadvertently do bad things". Actually, come to think of it, does anyone know how widely adopted that bloglines spec is? I haven't actually looked into it in a while.
> We talk about using OAuth for providing access to individuals to get the > data that they can already see from outside an application — but once it's > brought outside the app, it's the social contract that keeps the data safe. > As it is, if I take the feed of my Twitter friends' posts — including my > friends who are private — and syndicate that to some third party site (like > Google Reader) — the data could leak.
Yes, it could. I think realistically there's a lot less private information on Twitter at this point so the social norms/expectations may be different.
> Wouldn't it be better to make this use case a "known issue" and let me lose > my friends than try to be in the position to keep all people's data safe > forever?
Historically this kind of approach has not worked great for us. If you've got a couple hundred friends, it only takes one of them to accidentally screw up for all your private stuff to be exposed forever. We've seen plenty of cases where users will be tricked into doing stuff that bothers their friends (eg with platform applications tricking them into invite spamming, or getting phished or whatever). Just because your (real life) friend is irresponsible with his usage of the web doesn't mean you don't want to be friends with him. And making things worse, in this case, you don't even have any way to find out that your friend did it until you do an ego-search and find all your private stuff there for the world to see on Google.
"One option may be to publish only a user's own items in a feed,
perhaps folding in the updates of friends who have added the app as
well and specifically opted-in."
Create a new privacy setting in Facebook that allows read permission
to the world, open to crawlers, open to non-facebook members,
essentially removing all privacy controls. Anyone that sets their
updates to this setting explicitly allows their updates to be shared
with the world. If any of their friends wish to export their newsfeed,
only those that are publishing under this new global read permissible
setting would be republished into formats that travel outside the
reach of a Facebook login.
I think this solution sounds reasonable to me, but in general there tends to
be a tension here - if we leave it opt in, it will probably not get very
much usage, while if we change the defaults it will risk confusing people
and causing them to publish something they didn't intend to. But I think
you're right that this is a good direction to explore.
I'm also not totally sure how best to enable people to change their minds -
generally we try to let people delete content or retroactively change its
privacy settings if they realize they don't like it. In some cases (eg
photo tags) this is the only way to enforce things since the person whose
privacy is at risk didn't create the content in the first place. If you've
got a bot continuously crawling and indexing this content, it doesn't allow
much of a window for users to manually take things down. Obviously this is
a much lesser problem than the main one being discussed here but it's still
a bit frustrating that we can't come up with anything to better accommodate
this.
On Tue, May 5, 2009 at 12:16 AM, ian kennedy <ikenn...@gmail.com> wrote:
> Apologies in advance if I am missing something obvious but what about
> a variation on what the Teck Chia, the Newsfeed RSS developer
> suggested in Marshall's article about the take down. (http://
> www.readwriteweb.com/archives/facebook_shuts_down_rss_feed_app.php)
> "One option may be to publish only a user's own items in a feed,
> perhaps folding in the updates of friends who have added the app as
> well and specifically opted-in."
> Create a new privacy setting in Facebook that allows read permission
> to the world, open to crawlers, open to non-facebook members,
> essentially removing all privacy controls. Anyone that sets their
> updates to this setting explicitly allows their updates to be shared
> with the world. If any of their friends wish to export their newsfeed,
> only those that are publishing under this new global read permissible
> setting would be republished into formats that travel outside the
> reach of a Facebook login.
Really?? This is from the old FB help subject relating to this:
"To subscribe to your friends' statuses, follow the steps below:
Click the "Friends" link at the top of any Facebook page.
From the Friends page, select "Friends' Status Feed" in the left
column.
Click the "Subscribe Now" button to receive an RSS feed of the
statuses.
You can permanently store this link in your browser bookmark folder to
quickly view all of your friends' statuses."
So the feature was there, and now it's gone. Are those user's who had
subscribed already (not me stupidly ergh) now cut off from the feed's?
Was there a reason for this? Had FB been held liable for a specific
data leak case?
Since I've already got access to my Friend's update feeds the regular
way (not to mention their profiles), I already have the ability to
violate their privacy rights if I was so inclined. The onus is on me
not to do so.
