While this was announced last month, nobody really noticed it until this week. Facebook has created new features that allow developers to mine your Facebook inbox for data. In addition to the content of your email, it allows applications to make note of who are the recipients of a mail thread, and the time and date of the emails.
In a related new “feature”, developers can also access the notifications that you receive, which include notifications of a status update, notifications of when your friends have taken a quiz, etc..
While the access to notifications is in and of itself pretty darned intrusive, it’s allowing access into the very depths of your Facebook email inbox that is particularly problematic and concerning. Private – and I guess we now have to use that term loosely – messages on Facebook tend to be more personal in nature, with an assumption of confidentiality and, well, privacy (Tracy Turkish Brooks not withstanding).
Facebook users will almost certainly still have to give permission for an application to access their Facebook inbox, however it’s certainly a small minority of Facebook users who don’t automatically click “allow access” after the most cursory of readings of the request, if they read it at all.
And, as Steve Loyola of Best Web Buys, which allows you to compare prices on books, music, video, electronics, and bicycles points out, it means that any email you send to someone who has allowed access will also be exposed!
Says Loyola, “It seems that you must also trust all your recipients to not give access to their inbox (where your emails might reside). I think I now need to be more careful with what I send to those people who like those “which character am I?” apps.”
Allowing Mailbox API access will let it have access to all of the content of your Facebook inbox
including who the recipients are, and when the email was sent or received, and do away with
any shred of privacy you had on Facebook. Like our beacons hadn’t already done that.
Explains Sophos senior technology consultant, Graham Cluley, “Obviously we have to hope that Facebook does not enable this functionality by default, and presents a clearly worded warning to its users if they try and add an application which insists on users waiving the rights to a private mailbox to third parties.”
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
“But my worry is that many of Facebook’s 300 million users will be so keen to see what Sex and the City character they are, or to send a Best Friend Forever ecard to their online buddies, that they’ll glaze over the rights they are signing away when they add an app,” added Cluley.
|No Paywall Here! The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?|
And worry he should. Here is how Facebook themselves announced and described the new functionality (emphasis ours):
“We’re continuously looking for ways to open core Facebook experiences to developers for innovation. Today we set our focus on two communication channels: notifications and the Facebook Inbox. We’re excited to release two new APIs that will let your applications access your users’ mailboxes and notifications in a structured manner. In addition, you can make your stream applications available as attachments for Facebook messages so that users can more easily share application content with friends.
Last week we announced an update to the Open Stream API to allow integration of Page streams with applications. Today we are releasing the Mailbox API so you can provide users with even more opportunities to interact with rich Facebook features within your applications. For example, a desktop application geared toward small business owners could enable users to check their company’s Page stream, as well as read messages and receive notifications, all from their desktop.
The Mailbox API allows you to access your users’ messages, once they grant your application the new read_mailbox extended permission. This lets your applications provide an interface for users to view their messages. For example, your application could pop up an alert when the user receives a new message.
To access information about a user’s mailbox, you’ll query any of three new FQL tables:
* mailbox_folder: This table gives you information about a user’s folders; currently all users have three folders: Messages (inbox), Sent (outbox), and Updates.
* thread: This table gives you information about specific threads. For example, you can get information about recipients of a thread, whether a group or event sent the thread, when it was last updated, the subject, whether it is currently unread, and more.
* message: This table allows you to get information about each message in a thread. You can get information about who wrote the message, THE CONTENT OF THE MESSAGE and also information about the attachment to the message, if it exists, in the same format as attachments are returned in the stream.”
Then, almost as an afterthought, Facebook suggest that at some point applications may also be able to send email as you!:
“While we currently don’t allow applications to send messages through this API, we’re always thinking about new functionality to offer through Facebook Platform.”
As Cluley says, “The idea of Facebook applications being given free rein to mine users’ inboxes and sent folders sends a shiver down my spine.”
We’re shivering right along with you, Graham.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!