Hacker News new | ask | show | jobs
by andreyf 5699 days ago
Not sure if this is the right answer, but a guess: it's easy for other web services to access this stored data if the user provides them with their Facebook login and password, which no self-respecting service would ever ask for. Even if Google did at one point get users to give up their facebook credentials, the API's they access will probably block IP's that try to access multiple users' data in a short amount of time.

The best solution, IMO, is to use the browser as a platform: a Chrome extension can allow users to seamlessly sync data between services, because Chrome already has access both to your Facebook account and your Picasa account.
1 comments
yariv 5699 days ago
With the Facebook API, the user doesn't have to provide any third party his credentials to allow the third party to access his data. Facebook uses OAuth to securely pass an access token to the third party while protecting the user's credentials. See http://developers.facebook.com/docs/authentication/ for more info.

(I work on the Facebook platform.)

link
andreyf 5698 days ago
Ah, but if I remember correctly, the terms of that OAuth usage explicitly state that while data may be accessed and used, it can't be stored indefinitely (with good reason, sometimes I don't want some app toy to indefinitely store all the information I trust Facebook with). So if a third party uses that API as an export mechanism, their API access should be (rightfully) shut down.

BUT - what if I actually want to export all of my photos into SomeApp.com, and I want to give SomeApp the right to store my photos indefinitely? Is there an API they can use to pull it from Facebook directly?

link
yariv 5698 days ago
It used to be the case that apps could only store your data for 24 hours, but we removed this restriction in the last f8 conference.

You can definitely export all your photos into SomeApp.com using the graph API and they can store your photos indefinitely. These APIs are documented at http://developers.facebook.com/docs/api.

link
andreyf 5698 days ago
Oh, cool! Big misconception on my part, thanks for clearing it up :)
link
jfarmer 5698 days ago
@andreyf:

When Facebook switched from their old API to their new OAuth-based API they also removed restrictions on storing data.

link