What exactly was the reason for LOLapps having their applications shut down on Friday morning? According to a company blog post, it was due to the transmission of Facebook user IDs to third parties, an issue which the Wall Street Journal is heralding as a massive privacy breach. Fortunately for LOLapps, the apps are back, however developers are left wondering why LOLapps had their applications pulled, yet Zynga and other top developers didn’t.
The most likely reason is published via a blog post by Jesse Farmer on a Hacker News thread:
Hmm. This is very interesting.
A few facts:
1. When you embed an iframe with fb:iframe, the parameters Facebook passes to your app get passed to the iframe automatically. This includes the Facebook UID. This is the way everyone has always embedded Facebook ad units and AFAIK nobody has ever been punished for doing so. I’ve had people at Facebook look over my apps with a fine tooth comb when dealing with TOS violations and this has never once come up.
2. Facebook will take action against apps if people use fb-provided widgets in ways that “violate” the TOS, i.e., if Facebook’s own widgets violate the TOS they will take action against the app.
This happened to be with the fb:wall widget, where Facebook told me I wasn’t allowed to have comments auto-post to people’s walls (the default behavior) and must include a “report” link to every comment (impossible / not a feature of fb:wall). They disabled feed posting for one of my apps due to that “violation.”
3. Facebook, as an organization, hates, hates, hates bad press. They will move mountains to prevent or preempt bad press. I’ve had people at Facebook tell me more-or-less verbatim that whatever I did, my applications were not allowed to generate bad press for Facebook. If they did, I would be banned.
4. Facebook will scapegoat companies. When the Scamville drama happened, Facebook banned Gambit payments from the platform and threatened any application developer with banning if they used Gambit. They were no worse than Offerpal or Super Rewards with respect to the types of offers they were running — everyone was getting their offers from the same pool — but Facebook banned Gambit and implicitly endorsed Offerpal and Super Rewards.
Gambit was the smallest of the three, so the general feeling in the FB developer community is that they picked the weakest one and took them out to show how “serious” they were in dealing with the problem. They also made SR and Offerpal clean up their offers and punished Zynga for running questionable offers, but only Gambit was permanently and forever banned.
So, given the above, I have to wonder…did Facebook ban lolapps, the smallest of the major FB game companies, from the platform as a way to preempt the press fallout from this article?
While we have no way of confirming whether or not this is the case, the timing is extremely interesting, and it’s also somewhat questionable that LOLapps was pulled as an example to other developers, considering every single one of the top 10 applications were sharing user IDs. Granted, LOLapps was singled out as one of the primary offenders in the WSJ article. After being notified by the WSJ, who also most likely notified Facebook that an article was imminent, Facebook decided to take drastic action.
For the most part, whether or not the sharing of user IDs through referrer URLs is significant is debatable. However with a massive “investigative” article being published by the WSJ, Facebook had to take some action and clearly LOLapps was the one to take the fall. With everything happening the way it did, Jesse Farmer’s version of the story definitely appears to be a compelling one (and most likely to be the truth). What do you think of Facebook’s decision to pull LOLapps from the platform for a few days?