Scripting News: Scoble and his Facebook data (Scripting News)
Colin Carmichael
· 1 year ago
Scoble claims that his social graph data is his. As one of his Facebook 'friends' I can assure him that's not. My contact data is mine - and I gave Scoble access to it within the context of Facebook.
Facebook 1, Scoble 0.
Roger Benningfield
· 1 year ago
Dave: I think Facebook *will* allow portability at some point... once they realize that virtually no one will ever use it.
I mean, think about it: to pass muster, such a feature would require that each of Scoble's 5,000 friends check a box that says "let Scoble cart data about me off to another service somewhere". Even in his extraordinary case, most of those people won't check the box, or won't be able to find the box, or won't understand it if they see it. So most of that data ain't going anywhere without TOS-violating (and arguably, trust-violating) screen scraping.
One thing that folks are going to need to accept is that this kinda thing is becoming less about "walled gardens" or "silos" and more about context. Just because I'm willing to declare myself someone's friend on Facebook doesn't mean I'm going to declare the same thing about his profile at Mr. Toad's Wild Bestiality Network. And what if I declare someone my "neighbor" on HomeTownNet, and he imports that connection into a service that uses a different term... like "Best Friends Forever"? I just wave to the guy over a fence every morning... I didn't agree to embrace him on the level that the second service implies.
NOTE: To those who equate this sort of thing to exporting an address book from Outlook... nope. Your address book only claims that you know certain facts about me. It doesn't suggest an agreed-upon, mutual connection.
ianbetteridge
· 1 year ago
I take the view that, actually, neither Facebook nor Robert are in the right. When people friended him on Facebook, there was no expectation on their part that he'd hand over that data to Plaxo, a company which many people (not me) are wary of. It's a trust issue: you trust a friend not to do something stupid with information you give them, and, in some people's eyes, Robert did something stupid with their personal info.
Facebook, of course, should always have allowed access to friend data via an open API. Had it done so, there would at least have been the clear expectation amongst users that data they put on the service would be used elsewhere. Openness is the way to go - but openness depends on trust to work.
Rob Safuto
· 1 year ago
You're leaving something out Dave. This screen scraper wasn't merely downloading to Scoble's local machine. They were parsing the data into the Plaxo database, then giving Scoble access to download from there. Once Plaxo has control of that data I'd like to know what else they do with it. Given Plaxo's track record I don't want to think of the possibilities.
I don't see this as an issue of Facebook having to open up because Scoble really needs that contact info. This is about Scoble helping a corporate entity test a data mining tool. I wonder if his 'friends' on Facebook would want to know that he accumulated them so he could help Plaxo test a tool that mines personal information into 3rd party databases without their knowledge.
Also strange that this occurs at the same time Plaxo is hoping to sell.
whitneymcn
· 1 year ago
I was wondering the same thing with regards to Plaxo's access to the data.
I suppose that any matches who now have their "Facebook user" and "Friend of Scoble" flags set in the Plaxo database agreed to Plaxo's terms when they clicked "yes" on that "Scoble is using Plaxo to keep track of his contacts" email, so they may be fine with Plaxo appending this data to their records. That's the part that concerns me a little, though: Scoble pulled all of his Facebook friends' names, emails, and birthdates for himself? Sure, why not. That Scoble provided that information to a third party, without those friends' knowing what that third party can and can't do with the information? A little more worrying.
Depending on Plaxo's policies and behavior regarding data they get this way I might feel a bit better about it, but it feels very much in the grey area to me.
Would be very interested in seeing the policy that governs Plaxo's use of "friend" data...anybody have access to it, or do I need to bug Plaxo's (probably overwhelmed) PR people?
Jay Moonah from Wild Apricot
· 1 year ago
Isn't the issue the scrap, not so much the ownership of the data? I would assume FB is doing this more to protect their system resources than anything else. Do you think he would he have been banned if he had collected the data manually?
mdoeff
· 1 year ago
Are you open to the possibility that this has nothing to do with FB wanting to close off their data and is simply FB protecting themselves from automated scripts that can slow down the site for everyone?
Robert Scoble
· 1 year ago
If that's the case, why does Facebook hit Gmail's servers and import Gmail addresses?
Isofarro
· 1 year ago
Volume. Gmail contact addresses can be gotten by one HTTP request (Plus perhaps an additional request for authentication). From the sounds of things this script that was run on your behalf hit Facebook with a load more than one request - enough requests to trigger off a flag that indicated an automated bot scraping pages at a much faster rate than human effort. Whether its 5000 requests (one per contact), or 500 requests within a very small time frame - its bad bot behaviour, and one that cannot be condoned.
What's the difference between 2 HTTP requests and 5000? One is managable, the other will create a spike. What happens when several people decide to hit Facebook with 5000 consecutive requests at the same time --- there's a risk servers won't cope with the barrage - as with any DDOS attacks, an infrastructure can only handle a certain amount of traffic at any one point in time. No single website can live through a DDOS.
This has nothing to do with your desire to export your social graph. It has to do with hitting a server with an automated badly behaved bot. You do not have the right to expose Facebook to the risks associated with a badly behaved bot.
Kudos for not using your celebrity status as a means for re-enabling your account. You are really no different to a hacker, or black hat SEOer scraping data for their own purposes.
You'll note that Google's search also has triggers that prevents automated scraping once a threshold has been reached. Facebook, in this regard, is no different - nor should it be.
Its a pity this is being spun by bloggers as a data ownership issue, when its really about measures to prevent a denial of service attack. Facebook have the right to protect their hardware and software infrastructure - you have no right to take measures that could prevent Facebook from delivering its service to other visitors.
Facebook acted correctly and responsibly. Scoble owes them an apology.
rogerben
· 1 year ago
Because Google silently accepts it from Facebook and lots of other services? It's kind of a lame answer, but probably close to the truth.
Here are the two questions I would ask both Plaxo and Facebook regarding their scraping activities:
(1) Does your robot respect robots.txt?
(2) If not, and you assert that robots.txt doesn't apply in this case, does your robot provide a clearly identifiable, consistent user-agent string with each request?
If the answer to (1) is "no", then that service is on shaky ground, IMO. If the answer to (2) is "no", then the service is acting in bad faith.
asdf
· 1 year ago
The issue isn't who is technically write or wrong, but what the outcome will be. It's obvious that, from a PR point of view, this isn't what Facebook wants. It's very interesting, because it has effectively forced Facebook's hand. They think their valuation lies in their data, and they intend to protect it.
You are right, though. If Facebook doesn't open, somebody else will. And Facebook will continue to battle ever smarter crawlers.
mdoeff
· 1 year ago
Adding to my last comment... If the script that Scoble was running was intended for something that had nothing to do with portability of the social graph - e.g. if it scraped your friends' profile photos and created a pretty collage for personal use - would this even be a news story?
Jay Moonah from Wild Apricot
· 1 year ago
mdoeff, exactly. Facebook may have some questionable policies, but banning 'bots is a good thing. It saves system resources for humans who are using the site -- or am I the only one who remembers the glacial speed of Myspace before they banned the bots?
Save your ammo folks, FB is sure to legitimately deserve it again in the not-to-distant future. ;-)
macbeach
· 1 year ago
Hmmm, so, when I sign up for Facebook and it asks for my ID information for Google, Yahoo, etc in order to copy that very same contact information into their system that's not using precious Facebook server resources?
If Facebook it slow, it's because they have not designed the system to scale properly. And remember, the Facebook TOS makes it pretty clear, they consider your contact data THEIRS not yours. If you delete your Facebook ID today all that contact info is retained. I can't think of any other company that does this.
Facebook policies stink to high heaven.
Maria
· 1 year ago
mdoeff -- The question is, if it wasn't Scoble, would it even be a news story?
dave
· 1 year ago
Why is that the question?
Paul Fabretti
· 1 year ago
I absolutely agree with you here Dave and for me, whilst what Robert did was against the rules, Facebook have to see a return on the investment they have put into developing the platform.
Quite simply, Facebook are providing the means to allow people to connect - this has to come at a price (however small for the user).
The return for Facebook in providing this connectivity platform is the advertisers who pay them to show their wares.
Do any social network users think that people provide this service for the fun of it?
HeavyLight
· 1 year ago
Hey, I thought that I'd already given permission to Facebook to let my friends see (and save) my personal details when I agreed to them becoming my friends.
I certainly expect Facebook to protect *my* data and to ensure that non-friends can't hack it but not to become my Net Nanny around my declared friends.
mikesax
· 1 year ago
1) I'm surprised nobody is paying attention to Plaxo in this... Plaxo very shrewdly "used" Scoble (and some other journalists/bloggers), hoping to lead Facebook in this PR trap, with the goal to force Facebook to open up.
2) Regular automated screen scraping can overload Facebook's servers if enough people start doing it, so it's not unreasonable for Facebook to prevent it. That's an issue unrelated to data-ownership.
3) We need some deeper privacy standards. For example, I would like to be able to say "OK, here's my phone number, but I don't want you to share it". I'd like to have some control over my friends doing something stupid that puts my personal info all over the internet.
4) Long term, I think we'll all just get used to having zero privacy. People will trade their privacy for anything (security, free stuff, convenience), gradually giving it all away. We can fight it, but it will happen anyway.
Knox
· 1 year ago
As one of the "Scoble 5000" I would contend that my birthday is mine, not Scoble's. I object to him handing my birthday over to Plaxo, which I well remember as every goon I met seemed to spam me with some request associated with Plaxo.
somenice
· 1 year ago
I agree with most of the comments that it's more about using a bot than getting the data. Nothing stopping anyone from writing down all of this info or copy/paste.
Could someone not create a facebook app to easily gather this data that's all well and good under the FB terms and service?
Rex Hammock
· 1 year ago
I think FacebookCVS comes pretty close.
fpaynter
· 1 year ago
FacebookCVS does not collect contact information.
Whizzer
· 1 year ago
Who woulda guessed... Facebook with such a great API and all...
heavyboots
· 1 year ago
The thing is... why continue to trust them after their recent privacy gaffes? I turned off my facebook account during the Beacon flap. And I'm fairly happy that I did so as I read something today about their new social ad system getting them in even more hot water for privacy abuses.
dustin
· 1 year ago
Hi Dave, I also "deactivatated" my FB account with the Beacon flap. I understand when you point out the shortcomings of a walled garden, and Scoble has always said this too. I don't understand why he continues to use their services. Scobleizer will always be my point of contact with what he has to say, just as scripting.com is for your voice.
Why continue to harp on FB? Just walk away. Isn't that the loudest complaint you can voice?
allen stern
· 1 year ago
Sorry Dave - you are wrong here. Scoble has no right to take my PII and move it to another system. Did I tell him it was ok? Now sure, what complicates this is that I can give him my business card and he can enter that info into Plaxo or whatever. But tying name and birthdate together is where it can start into an identity issue. Imagine if it wasn't scoble. but instead a criminal. those 2 pieces of data are enough to get credit info on anyone. I think this is an excellent topic for discussion - not so much for scoble v. facebook but in general. I didn't tell Scoble he could use any of my data outside of facebook.
I'd love to have a real live discussion about this sometime!
Scobleizer
· 1 year ago
Allen: so let me get this right.
I don't have any right to stick your number that you gave me as a friend into my cell phone and call you? Why did you give it to me then?
I don't have the right to write down your address on a piece of paper? Why did you put it on your profile page then?
I don't have the right to look up your birthday and send you a birthday party invite in eVite? Why did you show me your birthday if you didn't want me to throw you a party?
If I write down your email address and then type it into my iPhone, is that OK? Why is that OK and it's not OK to just export it digitally and then import it into my iPhone.
Oh, and when you set up a new Facebook account it asks you to import all my data from Gmail. Why is it OK for Facebook to import from Gmail, but it isn't OK for Gmail to import from Facebook?
Translation: you're absolutely on the wrong side of the argument here.
Mike
· 1 year ago
Facebook, of which I am NO fan, had every right to freeze an account pending running a script inside their system. Benign users can damage. Once they ascertained he was not running malicious script then they turned it back on.
bartb
· 1 year ago
Excellent commentary! I think we have reached one possible "tipping point" in terms of walled gardens and who owns "your" data.
VPG
· 1 year ago
I truly do not comprehend how the community can be up in arms about Facebook's process here. If I run automated code which rips data out of a third party environments, surely there is no argument: the community owner must disable the user to protect the platform and their users. Here's one option of dealing with this problem:
1. Facebook creates manual export function for account holders 2. Account holders opt in or opt out to having their data exported by their friends
vpg
Daryl
· 1 year ago
I hate the fact that you're calling this Scoble's data... if Scoble is crawling my Facebook page, it's *my* data. Think of the implications this would have if Facebook caves and says crawling the user's pages isn't against their TOS.
Lonny Eachus
· 1 year ago
Your first assertion is absolute nonsense. If it is published on facebook, or hidden on the page but available to scrapers, then it is PUBLIC information, not YOURS. The only question there is whether you made it public voluntarily, or Facebook did it without your authorization. But... either way, it has been broadcast to the public so now it is *public data* and "belongs" to nobody. If you don't want it public, then don't publish it. Period. Blame yourself, or Facebook if it made available information that you did not authorize. But do not blame Scoble.
As for your other statement, I agree with you. If Facebook does not want information available to spiders or bots, then Facebook might be justified by calling someone on it. I have built many scrapers for various reasons, but none were intended to violate anyone's TOS. The ethics of the situation is important.
(NOTE: By ethics I mean solely the ability of scrapers to overload Facebook's servers, and cause them undue cost and trouble. This has nothing to do with the availability of data. That is completely between Facebook and its users. Repeat: if you don't want people to have your data, don't publish it online. Period.)
Itsie Bitzie
· 1 year ago
Facebook does the very same thing because they "scrape" my online address book (Yahoo mail, hotmail, etc) to look for friends to invite. I guess the shoe is now on the other foot.
jesse285/jesse anderson
· 1 year ago
Well just look at this we are still fighting about nothing
william
· 1 year ago
1. You are not a share cropper- Break the chains 2. Be a rebel 3. Change the game 4. Believe in the possibilities 5. Do good 6. At adelph.us "Open" means- 1. Whenever possible using Open Source applications 2. Whenever possible offering the hosted use of these applications free of charge to members 3. Always writing code using existing Open Source standards that are not proprietary or owned by a company ie (Face Book and the rest) 4. Empowering the community (Individuals, Groups, Non Profits, and Companies) with tools that help them to save time and resources 5. Evening the playing field 6. Giving back to the community 7. Giving back to Open Source 8. You control all access of your account 9. You control all access to your content 7. You have the right to control the conversations that you have with Companies 1. You have the right to choose the who, what, when, and where of this conversation 2. Companies must contribute to the community before they can be included in any conversation 3. Whenever possible the entire community should benefit from these conversations 8. You control your account - 1. We will never give your personal data to any third parties without your permission 2. You have control over who has access to your profile information 3. You have control over who has access to your content 4. At anytime you are free to delete your account 5. When you delete your account it is cleared from our Database
x
· 1 year ago
If you enter the data, then worry about its security, you have already lost it.
All Comments
Facebook 1, Scoble 0.
I mean, think about it: to pass muster, such a feature would require that each of Scoble's 5,000 friends check a box that says "let Scoble cart data about me off to another service somewhere". Even in his extraordinary case, most of those people won't check the box, or won't be able to find the box, or won't understand it if they see it. So most of that data ain't going anywhere without TOS-violating (and arguably, trust-violating) screen scraping.
One thing that folks are going to need to accept is that this kinda thing is becoming less about "walled gardens" or "silos" and more about context. Just because I'm willing to declare myself someone's friend on Facebook doesn't mean I'm going to declare the same thing about his profile at Mr. Toad's Wild Bestiality Network. And what if I declare someone my "neighbor" on HomeTownNet, and he imports that connection into a service that uses a different term... like "Best Friends Forever"? I just wave to the guy over a fence every morning... I didn't agree to embrace him on the level that the second service implies.
NOTE: To those who equate this sort of thing to exporting an address book from Outlook... nope. Your address book only claims that you know certain facts about me. It doesn't suggest an agreed-upon, mutual connection.
Facebook, of course, should always have allowed access to friend data via an open API. Had it done so, there would at least have been the clear expectation amongst users that data they put on the service would be used elsewhere. Openness is the way to go - but openness depends on trust to work.
I don't see this as an issue of Facebook having to open up because Scoble really needs that contact info. This is about Scoble helping a corporate entity test a data mining tool. I wonder if his 'friends' on Facebook would want to know that he accumulated them so he could help Plaxo test a tool that mines personal information into 3rd party databases without their knowledge.
Also strange that this occurs at the same time Plaxo is hoping to sell.
I suppose that any matches who now have their "Facebook user" and "Friend of Scoble" flags set in the Plaxo database agreed to Plaxo's terms when they clicked "yes" on that "Scoble is using Plaxo to keep track of his contacts" email, so they may be fine with Plaxo appending this data to their records. That's the part that concerns me a little, though: Scoble pulled all of his Facebook friends' names, emails, and birthdates for himself? Sure, why not. That Scoble provided that information to a third party, without those friends' knowing what that third party can and can't do with the information? A little more worrying.
Depending on Plaxo's policies and behavior regarding data they get this way I might feel a bit better about it, but it feels very much in the grey area to me.
Would be very interested in seeing the policy that governs Plaxo's use of "friend" data...anybody have access to it, or do I need to bug Plaxo's (probably overwhelmed) PR people?
What's the difference between 2 HTTP requests and 5000? One is managable, the other will create a spike. What happens when several people decide to hit Facebook with 5000 consecutive requests at the same time --- there's a risk servers won't cope with the barrage - as with any DDOS attacks, an infrastructure can only handle a certain amount of traffic at any one point in time. No single website can live through a DDOS.
This has nothing to do with your desire to export your social graph. It has to do with hitting a server with an automated badly behaved bot. You do not have the right to expose Facebook to the risks associated with a badly behaved bot.
Kudos for not using your celebrity status as a means for re-enabling your account. You are really no different to a hacker, or black hat SEOer scraping data for their own purposes.
You'll note that Google's search also has triggers that prevents automated scraping once a threshold has been reached. Facebook, in this regard, is no different - nor should it be.
Its a pity this is being spun by bloggers as a data ownership issue, when its really about measures to prevent a denial of service attack. Facebook have the right to protect their hardware and software infrastructure - you have no right to take measures that could prevent Facebook from delivering its service to other visitors.
Facebook acted correctly and responsibly. Scoble owes them an apology.
Here are the two questions I would ask both Plaxo and Facebook regarding their scraping activities:
(1) Does your robot respect robots.txt?
(2) If not, and you assert that robots.txt doesn't apply in this case, does your robot provide a clearly identifiable, consistent user-agent string with each request?
If the answer to (1) is "no", then that service is on shaky ground, IMO. If the answer to (2) is "no", then the service is acting in bad faith.
You are right, though. If Facebook doesn't open, somebody else will. And Facebook will continue to battle ever smarter crawlers.
If the script that Scoble was running was intended for something that had nothing to do with portability of the social graph - e.g. if it scraped your friends' profile photos and created a pretty collage for personal use - would this even be a news story?
Save your ammo folks, FB is sure to legitimately deserve it again in the not-to-distant future. ;-)
If Facebook it slow, it's because they have not designed the system to scale properly. And remember, the Facebook TOS makes it pretty clear, they consider your contact data THEIRS not yours. If you delete your Facebook ID today all that contact info is retained. I can't think of any other company that does this.
Facebook policies stink to high heaven.
Quite simply, Facebook are providing the means to allow people to connect - this has to come at a price (however small for the user).
The return for Facebook in providing this connectivity platform is the advertisers who pay them to show their wares.
Do any social network users think that people provide this service for the fun of it?
I certainly expect Facebook to protect *my* data and to ensure that non-friends can't hack it but not to become my Net Nanny around my declared friends.
2) Regular automated screen scraping can overload Facebook's servers if enough people start doing it, so it's not unreasonable for Facebook to prevent it. That's an issue unrelated to data-ownership.
3) We need some deeper privacy standards. For example, I would like to be able to say "OK, here's my phone number, but I don't want you to share it". I'd like to have some control over my friends doing something stupid that puts my personal info all over the internet.
4) Long term, I think we'll all just get used to having zero privacy. People will trade their privacy for anything (security, free stuff, convenience), gradually giving it all away. We can fight it, but it will happen anyway.
Could someone not create a facebook app to easily gather this data that's all well and good under the FB terms and service?
Why continue to harp on FB? Just walk away. Isn't that the loudest complaint you can voice?
I'd love to have a real live discussion about this sometime!
I don't have any right to stick your number that you gave me as a friend into my cell phone and call you? Why did you give it to me then?
I don't have the right to write down your address on a piece of paper? Why did you put it on your profile page then?
I don't have the right to look up your birthday and send you a birthday party invite in eVite? Why did you show me your birthday if you didn't want me to throw you a party?
I don't have the right to check if you also are on Upcoming.org, Flickr.org, Yelp.com, Plaxo.com, LinkedIn.com, or any number of other social networks?
If I write down your email address and then type it into my iPhone, is that OK? Why is that OK and it's not OK to just export it digitally and then import it into my iPhone.
Oh, and when you set up a new Facebook account it asks you to import all my data from Gmail. Why is it OK for Facebook to import from Gmail, but it isn't OK for Gmail to import from Facebook?
Translation: you're absolutely on the wrong side of the argument here.
1. Facebook creates manual export function for account holders
2. Account holders opt in or opt out to having their data exported by their friends
vpg
As for your other statement, I agree with you. If Facebook does not want information available to spiders or bots, then Facebook might be justified by calling someone on it. I have built many scrapers for various reasons, but none were intended to violate anyone's TOS. The ethics of the situation is important.
(NOTE: By ethics I mean solely the ability of scrapers to overload Facebook's servers, and cause them undue cost and trouble. This has nothing to do with the availability of data. That is completely between Facebook and its users. Repeat: if you don't want people to have your data, don't publish it online. Period.)
2. Be a rebel
3. Change the game
4. Believe in the possibilities
5. Do good
6. At adelph.us "Open" means-
1. Whenever possible using Open Source applications
2. Whenever possible offering the hosted use of these applications free of charge to members
3. Always writing code using existing Open Source standards that are not proprietary or owned by a company ie (Face Book and the rest)
4. Empowering the community (Individuals, Groups, Non Profits, and Companies) with tools that help them to save time and resources
5. Evening the playing field
6. Giving back to the community
7. Giving back to Open Source
8. You control all access of your account
9. You control all access to your content
7. You have the right to control the conversations that you have with Companies
1. You have the right to choose the who, what, when, and where of this conversation
2. Companies must contribute to the community before they can be included in any conversation
3. Whenever possible the entire community should benefit from these conversations
8. You control your account -
1. We will never give your personal data to any third parties without your permission
2. You have control over who has access to your profile information
3. You have control over who has access to your content
4. At anytime you are free to delete your account
5. When you delete your account it is cleared from our Database