in response to johntynan's question:
"Could it be that a contact list in email implies some degree of
privacy, but a list of friends on a social networking site implies an
implicit understanding of openness?"
It seems like OpenSocial indeed says that "friends" on all social
websites are fair game but Google's own "contacts" are not. To be
honest I really don't think that there should be a distinction. If
one is open, the other should be by logical extension, since the
information risks are the same.
The flipside to this argument however, is that you are generally open
about whom you call a "friend" and you'll share that information with
everyone. Contacts aren't necessarily the same. For example, someone
might not want all their contacts to know that they regularly e-mail a
therapist, or let their boss know that they have an addiction to
buying anime.
I think a happy medium would be to make an API that only gives
"contact" info for the person that's logged in. That way, we
developers can make programs that see their contacts -- but NOT see
their contacts' contacts. To do that there would need to be the
caveat that developers MUST NOT save contact-info for future use (a
site/gadget/whatever that saves this info could eventually assemble a
complete social-map, which is what we're trying to avoid).
Things get difficult, which must be why Google makes those deals.
Does anyone know a way around this?