[rhizome]

If exfiltration of user information and data was not the explicit purpose of FB's API policies, they soundly rejected the principle of lead privilege, which dates back 45 years and is no doubt incorporated into FB's own systems.

thanks to the very permissive APIs that Facebook provided

Why did they do this?

https://en.wikipedia.org/wiki/Principle_of_least_privilege

[varenc]

Facebook improved this years ago and you can see the discussion surrounding this change in the released emails. These days a Facebook app can't ask for your entire friends list, instead, it only gets to see your friends that have also authorized that app. Also, user IDs now have a per-app namespace so they can't be (easily) correlated between different apps.

The discussion revealed in this release is pretty fascinating. For example, you can see that at some point Zuck's friends authorized 31 apps and 76% of those apps had "read_stream" access giving access to their entire newsfeed.

Through one lens this is Facebook locking down their API in an anti-competitive way, which is somewhat true, but mostly this feels like an API change making privacy improvements for users. (The Cambridge Analytica data came from an older app that was running before these changes were made...)

[rhizome]

Facebook improved this years ago and you can see the discussion surrounding this change in the released emails...

This is the same elision they use. My question was, in the face of almost two generations of awareness of the principle of least privilege (almost typed "lead" again!), why did they design the API so that it gave away so much information and data in the first place?

Through one lens this is Facebook locking down their API in an anti-competitive way, which is somewhat true, but mostly this feels like an API change making privacy improvements for users. (The Cambridge Analytica data came from an older app that was running before these changes were made...)

https://newsroom.fb.com/news/2018/12/response-to-six4three-d...

Read the "Whitelisting" section. The only change they mention is turning off the ability to request permission to access the now-problematic data and information (let's say "D&I"). Of course, we also know that this is selectively applied. That's not "somewhat" anticompetitive, it's not necessarily different that the CA problem, and at any rate is only a marginal privacy improvement for users because there's (my estimate) no way in hell they're going to tell us who still has access to the APIs.

[kjeetgill]

Can't they trivially use your first name and/or email to correlate across apps? I'm pretty sure those are all part of the lowest permission class.

[varenc]

I don't think the Facebook API gives you access to your friends emails...but agreed there are still ways to correlate this. (hash of profile photos for example?)