Permission to Share, Please

As an individual without a background in programming, here is my [admittedly feeble] attempt to dig into how Open Graph accesses information.

I spoke with Dr. Aldridge today about how information is retrieved. He told me that information can be pulled in 3 different ways: FQL (Facebook query language), Java Script and php. Most apps will use a combination of these programming languages based on their needs.

The data must then be pulled, processed, then conceptualized. Actions logged by 3rd party apps are not necessarily logged by Facebook. The potential is there to monitor what kind of data a given app is pulling, but Facebook does not have the explicit ability to observe or track what third parties then do with the information they pull.

In terms of visualizing Facebook’s Open Graph, I found Facebook’s Graph API page, the most helpful resource out there.

Public information for any user can be found at

Here’s what my public information looks like:

   "id": "4928378",
   "name": "William Wickey",
   "first_name": "William",
   "last_name": "Wickey",
   "username": "williamwickey",
   "gender": "male",
   "locale": "en_US"

Pretty basic.

Any additional information about an individual must be retrieved through the use of an access token generated when a user accepts a permission request. Depending on the permissions of the app, that token may also allow that app to perform action on behalf of the user such a post things.

To access additional information, an app must ask for specific permissions from the user. Permissions are then divided into “Auth Dialog” and “Enhanced Auth Dialog” on two different screens. The first permission screen grants access to basic info such as user id, name, profile picture, gender, age range, locale, networks, user ID, list of friends, and any other information they have made public. The second screen (Enhanced Auth Dialog) must be used to access additional information about the user or their friends. One interesting aspect of Enhanced Auth Dialog is that these permissions are non-revocable; i.e. once users have allowed your application from the Auth Dialog, they cannot be revoked [by a user].

Permission Screen 1:

Permission Screen 2:

Here is a more extensive list of the information that an app can potentially access and the permissions required. This also includes actions that can be performed on the behalf of a user by an app possessing the necessary permissions such as create and modify events, create and edit the user’s friend lists, perform checkins on behalf of the user, etc.

If you’re curious, you can check out the apps you have already granted permission to here:

Some websites that Facebook has specifically partnered with, like the ones listed below, access public information automatically in order to personalize experiences the moment you arrive.

While this list is small for the time being, Instant Personalization will doubtlessly grow rapidly. Essentially, the services listed above are trusted partners who have already been grated the initial stage of permissions to access user’s information. This is all part of Facebook’s “frictionless sharing” plan that aims to phase out the Like button in favor of automating the sharing experience. As more organizations partner with Facebook we may see the permission screen slowly phased out under the assumption that you want to share everything you do, unless you explicitly specify otherwise.


4 Comments on “Permission to Share, Please”

  1. jluton says:

    This is a very straightforward post that spells out how open graph works in simple enough terms for those of us who have no background in programming. I’m particularly interested in “frictionless” sharing. Will users have any control at all? Will it be easy to change the settings? It seems to me that integrating this type of integration requires a good deal of tip-toeing on the part of Facebook to ensure that the general public doesn’t become too creeped out. But maybe, just as has been the evolution of sharing in the past, they’ll just get used to it and accept it.

    • williamwickey says:

      Yes. Users will have control. Facebook does bank on the frictionless sharing initiative to publicize more of the average user’s data than they might readily volunteer. However, Facebook does not want to scare anyone off.

      This blog post by Mark Zukerberg in November 2011 addresses some of these concerns:

      For now, customizable controls will placate outspoken privacy advocates. The majority of users who are less concerned or unaware of the privacy implications will use the default setting: unless you say otherwise, we’re sharing it.

  2. Nichole Luna says:

    I’ve worked in social 7 years and I’ve never seen such well-thought-out-non-developer explanation of Facebook permissions. Thanks!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s