A new Facebook application that allowed users to export the full contents of their stream into an RSS feed has been quickly shut down by Facebook for violating the site’s privacy rules.
Newsfeed RSS was an application developed by Teck Chia that took Facebook’s “Open Stream API” and made the contents a little too open. Here’s the problem: converting users’ Facebook streams into RSS feeds is inherently insecure, because many RSS feed readers make feed URLs public and indexable. That could lead to information Facebook users thought they were only sharing with their Facebook friends ending up in search engine archives forever.
As Facebook engineer Ari Steinberg wrote (not speaking on official behalf of Facebook) in this forum post,
- I think there are some definite privacy issues with this app which I’d imagine led to it being taken down… imagine if just a few hundred thousand people decided to do that – suddenly you’d have tens of millions of people’s private content publicly searchable on Google without their permission.
We’re certainly not opposed to enabling you to export your own content (in fact, we’re always trying to work on ways to make that easier) but exporting all your friends’ content to a totally public place without their permission isn’t cool.
The move by Facebook to shut down Newsfeed RSS was the right one, as it clearly created privacy problems. Most users who would have tried out the app would have inadvertently shared private information about their friends without actually intending to expose them.
However, it’s clear that users do want to consume their Facebook stream outside Facebook.com. The new client applications built on Facebook’s Open Stream API are a more secure step in that direction that Facebook is highly encouraging.
At the end of the day, users’ trust in Facebook depends on the social contracts between users implicit with sharing on the site. Users who violate their friends’ privacy will naturally be moved further out in the “circle of trust.”