« Me asking Sen. John Edwards a question
Early Friday morning links »

Whether to bother Mark Zuckerberg or not

When we last visited this issue - I put out a call to all lawyerly types - to help me interpret the Facebook’s TOS regarding whether or not we can display a list of friends garnered from one’s Friend’s list that we get via the Facebook APIs rom one’s Facebook account.

One of our programmers had raised this issue - so I - like any good blogger - took it to the blogosphere - specifcially MY favorite lawyer - Denise Howell.

Well after sufficiently covering her lawyerly ass - like any good lawyer - Denise seems to think - that BEFORE I bother Mark Zuckerberg - I should go spend some MORE money on lawyers.  See how that works?

Even if the lawyer gives you the free advise they cover their ass so much so that you STILL need to go and spend money. Its kind of like a hidden oath that all lawyers take “no matter what, get them to spend more money.”

Anyway - I’m relieved.

And I’ll probably bother Mark Zuckerberg anyway - cause he’s gonna be flying one of those private jets pretty soon - like Larry and Sergey (but probably not as big.)

This entry was posted on Friday, August 25th, 2006 at 12:18 am and is filed under . You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

3 Responses to “Whether to bother Mark Zuckerberg or not”

  1. Denise Howell Says:
    August 25th, 2006 at 7:38 am

    Actually, I think bothering Mark Zuckerberg (particularly on a jet) is a great idea, but I don’t think he’ll be able to answer all the pertinent questions. (And as far as I know, he’s not a lawyer either.)

    There’s a reason we’re the second oldest profession. ;)

  2. Anonymous Says:
    August 28th, 2006 at 9:32 am

    Any update on this issue Marc? :)

  3. Dave Fetterman Says:
    August 31st, 2006 at 4:30 pm

    Marc,

    Good to come across these issues. The Facebook Development Platform is designed to be easy to use, and easy to understand, so we don’t attempt to define a privacy model too different from what you’re used to seeing on the Facebook site. In fact, you can follow these very simple rules and be within the guidelines most of the time:

    1. Rule of Visibility:
    This basically follows from the idea that an outside application built on the Facebook Development Platform is an extension of a user’s experience on http://www.facebook.com. That extension is built by any outside developer with a good idea, but it is not a replacement for the privacy rules on http://www.facebook.com.

    From the viewpoint of the user on the outside application, if Facebook content is not normally visible to a given user on http://www.facebook.com, then it should not be made visible on any application consuming the API from the Development Platform. So if an application user could see a another user’s profile during their normal perusal of Facebook, they can generally see the same information on a developer application built on the Development Platform. The exceptions are noted in our documentation. Photo albums, some event information, and certain more sensitive profile information about a user is not shared to a viewing user UNLESS both users have signed up explicitly for that application. If a user elects to turn off Platform visibility entirely, nothing is visibile.

    2. Rule of Storage: Data should not be stored any longer than the lifetime of the session credentials used to obtain it, or 12 hours. Logically, if you no longer have a working session, then the user is no longer interacting with Facebook on your site. That session can clearly be renewed quickly thereafter.

    The 12 hour clause is simply for convenience at this point. Session keys for server apps are currently set to expire after one hour, which may change in a general or case-by-case way in the future.

    The exceptions to this rule are pieces of data which are not revealing in any way, which you can use as unique keys for your application. Storing a user id is fine, since that user may have data associated with them on your application. Storing friend links, photos, user profile information, and the like, is violating the terms of service in an obvious way.

    During a user’s session, if you’re displaying only your own data, plus data obtained from that session, you’re definitely doing well by our policy and by your users.

    3. Rule of Association:

    We’re providing this development platform for users to create their own unique applications and experiences relating to Facebook. These experiences are not to be confused with Facebook itself. So, developers should not use Facebook properties like our graphics, or use ‘Facebook’ in a way that could be confusing to a user. This is for everyone’s benefit.

    I welcome any feedback on ambiguities or issues with the Development Platform. This is a first effort, so we’re continually working to make this faster, more reliable, and most importantly, more useful.

    Dave Fetterman
    Tech Lead, Facebook Development Platform