Permission to Share, Please

As an individual without a background in programming, here is my [admittedly feeble] attempt to dig into how Open Graph accesses information.

I spoke with Dr. Aldridge today about how information is retrieved. He told me that information can be pulled in 3 different ways: FQL (Facebook query language), Java Script and php. Most apps will use a combination of these programming languages based on their needs.

The data must then be pulled, processed, then conceptualized. Actions logged by 3rd party apps are not necessarily logged by Facebook. The potential is there to monitor what kind of data a given app is pulling, but Facebook does not have the explicit ability to observe or track what third parties then do with the information they pull.

In terms of visualizing Facebook’s Open Graph, I found Facebook’s Graph API page, the most helpful resource out there.

Public information for any user can be found at

Here’s what my public information looks like:

   "id": "4928378",
   "name": "William Wickey",
   "first_name": "William",
   "last_name": "Wickey",
   "username": "williamwickey",
   "gender": "male",
   "locale": "en_US"

Pretty basic.

Any additional information about an individual must be retrieved through the use of an access token generated when a user accepts a permission request. Depending on the permissions of the app, that token may also allow that app to perform action on behalf of the user such a post things.

To access additional information, an app must ask for specific permissions from the user. Permissions are then divided into “Auth Dialog” and “Enhanced Auth Dialog” on two different screens. The first permission screen grants access to basic info such as user id, name, profile picture, gender, age range, locale, networks, user ID, list of friends, and any other information they have made public. The second screen (Enhanced Auth Dialog) must be used to access additional information about the user or their friends. One interesting aspect of Enhanced Auth Dialog is that these permissions are non-revocable; i.e. once users have allowed your application from the Auth Dialog, they cannot be revoked [by a user].

Permission Screen 1:

Permission Screen 2:

Here is a more extensive list of the information that an app can potentially access and the permissions required. This also includes actions that can be performed on the behalf of a user by an app possessing the necessary permissions such as create and modify events, create and edit the user’s friend lists, perform checkins on behalf of the user, etc.

If you’re curious, you can check out the apps you have already granted permission to here:

Some websites that Facebook has specifically partnered with, like the ones listed below, access public information automatically in order to personalize experiences the moment you arrive.

While this list is small for the time being, Instant Personalization will doubtlessly grow rapidly. Essentially, the services listed above are trusted partners who have already been grated the initial stage of permissions to access user’s information. This is all part of Facebook’s “frictionless sharing” plan that aims to phase out the Like button in favor of automating the sharing experience. As more organizations partner with Facebook we may see the permission screen slowly phased out under the assumption that you want to share everything you do, unless you explicitly specify otherwise.