I think this is just pissing users off. I want to import my contacts into Google+, but I currently have no desire to leave Facebook. After seeing this, that changes a bit.
FYI, if you go into Google+ and go to your account settings, you'll see a link called "Data Liberation." This link will allow you to download all of your data -- contacts, posts, pictures; everything -- and take it wherever you like. The Data Liberation Front is Google's project to make sure that you can withdraw your data from all Google sites as you please.
Does the export include email addresses? Facebook offers an "export" too, but you just end up with HTML pages with your friends' names and no contact info.
How it works is you get all your contacts, and the data you're authorized to see. So, people who you're just following and aren't sharing anything with you, just appear as Google Plus links. People who have you in their circles and are sharing their email address with you will also have their email address attached.
I just downloaded it, because I didn't know the answer. It's better than that, actually -- you get full vCard collections of all your contact groups, with a fully populated vCard for each contact.
The Data Liberation Front is a good first step but providing content in the form of a zip file is pretty useless. True data portability is much tougher and probably isn't worth an investment from a company like Google if it were even something they wanted to do.
Disclaimer: I'm bootstrapping OpenPhoto on Kickstarter
I saw that option - it's nice. I just wish I could liberate my gmail data too. Almost half a million emails, and I'd like to have a gzip of them in case something happened.
I use getmail to backup my Gmail (per that link), but there is still data loss. You can either use POP and lose your labels or use IMAP and lose your unread status (IMAP mode marks everything as read - someone patched getmail to offer a "leave unread" option but the maintainer refuses to accept any such patches).
Also, Google throttles your downloads - on POP this takes the form of returning just a few emails per download. It took me about three months to have a full backup at home, and I'm a paying customer (~30gb of mail on Apps Premier or whatever they're calling it today).
If this "read mail" thing is a problem for you why don't you just patch the software? Yes, a .tar.bz dl link in GMail would probably be nice, but sometimes you have to take matters into your own hands. If the maintainer doesn't want the patch, patch it yourself and host it on Github/Bitbucket/Google Code/etc.
I know, I just think Gmail should have a built in interface. It'd also be nice to be able to only download emails with a certain label, in a specific period of time, etc.
There is a legitimate question here -- do you own the information about your friends, or do your friends? Many things on Facebook are a shared quasi-public, quasi-private space where the ownership isn't clear, and don't fit into our usual mental model of "I own my own data!"
This example is even clearer. The app lets you export your friends' names and contact information. This isn't your information, it's your friends'. What if one of them wanted to take their phone number off the site? What if one of them wanted to hide their information from you specifically? If you've downloaded it already you're depriving them of the right to control their own data.
Clearly social networks should be required to offer some sort of friend list information for export. Maybe a bare list of user ID's is all that should be required -- the information about who your friends are seems legitimately like it's yours. Joining it against names and contact information is the potentially privacy-invasive step; that could be done online, under control of your friends, not you.
> What if one of them wanted to take their phone number off the site? What if one of them wanted to hide their information from you specifically? If you've downloaded it already you're depriving them of the right to control their own data.
Consider how ridiculous that would sound if you asked "What if one of your friends had emailed you their phone number and wanted to remove your access to it (or had emailed you and wanted to remove your knowledge of their email address)? What if they gave you information in person and now want to hide it from you specifically?"
That's the mental model I, personally, use for social networks: any information you choose to publish on it is fair game for whatever your friends want to do with it (and they can do whatever they want with any information I publish on it). Anyone who does not want to be contacted (or have their contact information exported into other formats - such as the linking of name and email address which is required to email) should not make it available - there's no reason to publish an email if you don't want to be emailed, and no reason to publish a phone number if you don't want to be called.
> Consider how ridiculous that would sound if you asked "What if one of your friends had emailed you their phone number and wanted to remove your access to it (or had emailed you and wanted to remove your knowledge of their email address)?
That would be a fine system -- where phone numbers and other means of contact can become invalidated if the owner wants them to.
But you don't have a problem with them sharing your information with anyone as long as it's a technology provider? Even if that technology provider has a fundamental interest in abusing that access and using your data for purposes far beyond than what you or your friend ever intended?
You are choosing to share the information with them. They can view your profile and see it and type it wherever else they want, the only thing that preventing automatic export achieves is making it inconvenient for someone to leave facebook, not prevent someone from taking any conceivable action they wanted with your information.
That is unrelated to an issue that essentially amounts to adding your friends' phone numbers (phone numbers they already made available to you) to your new address book when you get a new phone.
Not if Google subsequently decide to make your information available more widely than it was originally, it's not -- and I would remind you that several of the Internet giants, including both Google and Facebook, have faced heavy criticism for deliberately doing exactly that in the not-so-distant past.
If my number is listed in the 1995 local big yellow phonebook but then I choose to have it unlisted in the 1996 phonebook, is it wrong for someone with the older phonebook to have my phone number?
I don't really see why. The world is not black and white. I tell my friends things that are sensitive all the time, and they understand that as a matter of simple good manners and common courtesy they would keep that information between us. How come as soon as we're on the Internet, suddenly all the shades of gray disappear, and I either trust someone with my entire life story to do with as they wish or I don't trust them at all?
You are confusing trust with the right to have an address book. if you give me your phone number I can save that number in my Verizon cell phone, then when I switch to ATT I can move the number to my ATT cell phone. That IS a black and white issue.
Because I demand the right to move phone numbers to my new phone, does not mean that I demand the right to sell your phone number to telemarketers or send your phone number to sex offenders. Doing things like that would make me a shitty friend. And being a shitty friend is totally unrelated to what websites/phones I store contact information on
> You are confusing trust with the right to have an address book.
And most of the people in this discussion are confusing the right to have an address book (which you control and to which only you have access) with giving someone else's personal data to Google (a global giant that would squish you like a bug if it meant a 0.001% increase in its data mining efficiency, with absolutely no loyalty to either you or the person whose data you are providing to it). Is that clear enough?
That's not the point. Your friend made a decision to share their private data with you using Facebook, knowing that it was Facebook that would be holding the sensitive data. You are talking about sharing that data with other organisations, which your friend has no control over. The point isn't whether or not you trust those organisations, it's whether it's abusing the privilege of having access to your friend's data to spread that data around where they don't control it any more. I think doing so is, at best, a betrayal of confidence.
(Edit: And in answer to your other question, about which organisations I personally can trust, we have fairly strict laws in my country about privacy and data protection, which limit what any of these companies may legally do and give me various rights with regard to any personally identifiable data anyone holds about me. I don't think those laws go far enough, but IMHO they're certainly better than the free-for-all you seem to want. So I can have some confidence in how my data will be handled by any company operating in our jurisdiction, which immediately makes me more likely to trust them than US-based companies like Facebook and Google whose business models fundamentally rely on undermining privacy in ways that are rarely going to be in the interests of the exposed.)
My friend has shared their contact information on Facebook, I decide to contact them using my iPhone, and save their contact information. That now gets sync'ed from my phone to my Mac, which is sync'ed with Google because I use gmail for my main email account and I like to have all of my contact information also available from within gmail and more importantly google voice so that I know when people send me text messages and when they call me.
If my friends have trusted me with their information they also trust me to make sure to keep it safe. What service I use to store my data should not be of any consequence for them. That is the same way with this Facebook exporter (BTW, the iPhone app allows one to sync contacts from Facebook to the iPhone address book, which can then get sync'ed to .Mac, Me, or the new iCloud, from there back to a Mac and then back up to Google), it allows the user to get the data from Facebook and store it in their address book. Instead of having to go through each entry one by one this plugin automates the process.
I don't see how my friends that clearly have made this data available to me (so I could contact them) should now have a say as to how and where I store said data. Just because I decide to store it in my address book on Google doesn't make much if a difference, if they didn't want me to have that data in the first place they should have A. never have given it to me, or B. ask me to please remove their information.
I'm giving up on this thread now. The endless downvotes instead of replies and people missing the point are just disheartening.
One more time, for the record: Your friend trusted you with their personal data, not Google. You may not personally have a problem with sharing your own personal data with Google, but not everyone is like you, and some people do. That doesn't mean they have a problem with sharing the data with you in the first place or that it was somehow unreasonable of them to give it to you.
I really can't understand why so few people in this discussion seem to understand the distinction. We have multiple Acts of Parliament on the subject here in the UK and an entire government department whose primary responsibility is enforcing the rules, so I'm clearly not the only one who gets it or thinks it's important. Maybe it's a cultural/generational thing, and the average person on HN just sees the world differently or something. Then again, the average person on HN today downvotes rather than replying if they disagree, based on my experience in this discussion and what's happened to several other people in other discussions I've been following, so things have obviously gone way downhill.
You really expect every one of your contacts to let you know before the buy an Android cell phone, or sign up for gmail or call you on google voice? What if one of your contacts doesn't trust ANY company other than Google? Using your logic, you shouldn't contact them on anything other than Google services.
Your phone number and email address were never meant to be secret. That only provides security by obscurity and leads to exactly this problem - you, a user, being upset when the security you were led to expect doesn't align with reality.
If you wish to not receive certain communications the way to do this is by screening incoming connections/contents. This works, unlike secrets.
Now, understanding that what you wanted to do (keep an email address secret) is a bad idea - it won't do what you want, you can see why those who understand don't care about this "privacy" - it isn't.
Claiming to authorize your email address being shared with CompanyX but not CompanyY is like saying "Here's my phone number, I'm only lettingVerizon subscribers know it, to keep AT&T from snooping on which of their users calls me." It's just nonsensical.
When you tell your friends, the information loss over distance and time eventually makes the words turn to shades of grey.
The internet preserves those words in their original state, black and white, which makes them stick out against the shades of grey composing the background.
Even simpler...when your friends die, with them go the words you have shared. Not so with the internet. It appears to be immortal.
I don't think that's really a legitimate question.
If you tell a friend e.g. your email address, you willingly give up the control you had over that piece of information, and accept that he now knows your email address. What you're expecting is that you can control when your friend forgets the information you voluntarily gave him. I doubt that's a legitimate expectation.
Why did Facebook import e-mails over years and still hold them in their databases? There is no way to remove them and when someone with this address enters Facebook he gets recommendations for Friends.
Do they own this data?
Think about this before you blame people who just try to find a way to reconnect with their friends (who are ok with being your friend on FB) on another Platform.
From the article it seems like the app is scraping. Why? The Facebook Graph API should be able return all this data. That Facebook prevent scraping, which is most likely conducted by some scamming services, is a good thing IMHO considering most (all?) of the data is available through their API. If this is the case the title should be "Facebook prevents scraping" as Facebook still allows export of data through the API. The Facebook Graph API usage is managed by the specified permissions for the app and thus you can control it to a greater extend compared to a browser extension which could do whatever it wants to the pages you visit and your authenticated session.
You are right. It only returns name and id. You can only get the email address of the authorized user. I still understand why Facebook would prevent scraping though. And also I see many exploits of allowing access to your friends email addresses.
> The most important principle for Facebook is that every person owns and controls her information. Each person owns her friends list, but not her friends’ information. A person has no more right to mass export all of her friends’ private email addresses than she does to mass export all of her friends’ private photo albums.
> Email is different from social networking because in an email application, each person maintains and owns their own address book, whereas in a social network your friends maintain their information and you just maintain a list of friends. Because of this, we think it makes sense for email applications to export email addresses and for social networks to export friend lists.
So the way they're construing this, contact information is not your data to begin with, but rather someone else's data which you've been granted (perfectly revokable) access to. I don't know if this holds in court, but I'm pretty sure no one will bother bringing this to court to find out.
I think tomelders is talking about the legality of the plug-in, which collects personal data and provides it to another party. (Edit: Actually, on rereading, maybe he really was talking about a right of access to the Facebook data. The following stands either way.)
I'm not a lawyer, but I do spend a significant amount of time working with data protection and privacy issues in the UK. With my current understanding, I don't see how that could even possibly be permitted under the data protection and privacy laws here without the consent of those whose data you're transferring to Google+.
I suspect Google could get into trouble with the ICO (what, again?) if they are behind the plug-in, but if I were them, I'd be more worried about the European level privacy hawks. Here in the UK we're relatively forgiving, but Europe can and does slap down megacorps with significant penalties from time to time.
Yeah. Except Google's DLF allows you to export just about anything and everything you can create in Google products. It's true that Google's search is it's bread and butter but in the battle for good will, Facebook keeps shooting itself in the foot.
The 1998 data protection act is about data relating to you - the data of your friends would not be covered (obviously it would be covered for them).
Even for that data, while the (British) law states that people must be able to claim the information stored about them, they have to submit a request, and the company is allowed to charge a small fee.
Stored lists of related individuals are covered by the DPA 1998, just not their personal details other than their name. This is not explicit but implied by the fact that related people on a credit file can be obtained under the DPA setting a precedent for access.
This has been demonstrated a few times in court but I can't be bothered to dig around for references.
You can play it out in court if the judge is favourable with this case: Since Facebook has allowed viewing emails for many years, there's a reasonable expectation that emails will always be there. By suddenly doing attempts to circumvent a tool, they could run afoul of; de facto false advertising (the author stated that the use was allowed since 2010) or anti-trust/monopoly laws by abusing their monopoly against new competition.
However, Facebook could whip out their ToS and point out that his extension is illegal as noted buried somewhere deep in the legalese. Or something else.
Even though I'm IANAL, this isn't clear cut to me either.
Data Protection wouldn't cover this. They're keeping the data securely, and you have personal access to it. Data Protection doesn't stipulate that you must be able to easily export your data to rival services, I'm afraid.
If it's still on their servers, to comply with the act they'd need to provide access to your information within 40 calendar days for a charge no greater than £10.
I am going to start off by saying I haven't read the article. With that said, didn't Google deny Facebook from scraping contacts off of gmail a year (or two) ago? I forget the exact method they implemented, but I know it stunted Facebook's ability to scrape the emails for a good while.
Google allowed Facebook to import your Google Contacts via an API for years. Last fall it blocked Facebook's access to that API, saying that they'll restore it when Facebook offers reciprocity (i.e. if Facebook begins to allow users to export their FB contacts using a similar API, then Google will reactivate Facebook's access to the Google Contacts API).
Facebook's argument has always been that it doesn't think you have the right to export your friends' contact information (or at least, they're endlessly pondering whether you have that right). Which is a ridiculous argument, because, as has been mentioned elsewhere, they already allow Yahoo Mail users to do exactly that.
On the other hand the valuation is merely based on the fact that they are the "one and only social network". They are dependent on this monopolistic behavior or they are screwed and can forget an IPO.
Zuckerberg himself with this "i just try to connect people for the rest of my life" seems to be under this bias. He is no Steve Jobs who was able under almost any condition to create value.
This social network stuff has the biggest lock-in of all internet services, but he can't prevent people from moving by force.
Is this particularly new news? This extension was the first thing I tried Wednesday night when I got into the service, and it didn't export anything but profile URLs. I had to make a throwaway Yahoo account to export my contacts.
Their "Download my information" option excludes users' email, which makes it mostly useless for exporting your graph.
Furthermore, if they were worried about server load, they would block queries altogether. Instead, what they're doing now is just hiding the email addresses if an IP address queries too rapidly. I don't think there is any explanation besides data protectionism.
I think I used this extension months ago before it got blocked. Worked pretty well, but I found that it didn't get all the information that I was hoping for. Namely the e-mail address was missing for all of my contacts. Got their bio info. and other stuff though.
Actually they did not restrict the access to your own data, but to a specific method of accessing them. Which, I am quite sure, is no legal issue for anybody
Yes, but you know, I have ~ 122 friends. And I invited like 40 of them to join Facebook.
Now, those 122 friends are fully aware that their public email addresses and phone numbers are available to me. Those that do not want this, should not publish their emails or phone numbers or should not befriend me.
What Facebook is doing here is to make it hard to export my list of friends to other places, like Google's contacts or my own phone's contacts list or Google+ or whatever. I have to go over each of those 122 acquaintances and copy/paste their data manually.
What they are doing is definitely not illegal, but on the other hand I dislike Facebook so much that I'm willing to switch to a competitor that already engages in anti-competitive behavior by means of their near-monopoly, but that knows how to treat my own data.
I disagree that it is your data. If I befriend you on Facebook I am not giving you permission to bulk import my information into any old website which may or may not treat that information respectfully. People are focused on Google but forget that if they enabled this your information could be bulk imported into schemy websites who only want the data to spam. Even if those applications get banned it's too late if you're the one getting spammed and your information sold to other spam lists.
The key here is that Facebook relationships are not people you trust. They are people you kind sorta know. That doesn't imply that they are trustworthy enough to hand over your personal information to do whatever they wish with.
Don't fool yourself. If they're not that trustworthy, you shouldn't be friending them, because preventing known Chrome extensions from doing this does not prevent the other 5000 ways (including a pen and paper) of doing the same thing.
I would be offended if my friends started giving out my personal details to random businesses using a pen and paper, too.
I don't personally use Facebook, having abandoned it almost immediately precisely because my friends were collectively volunteering all kinds of information that I considered private. Today, my friends know this is my view and it's not a problem, nor am I the only one of my group who takes this view. Obviously it took a while before my views became known, though.
In any case, this whole black-and-white idea that if you volunteer any personal information to friends on one service with privacy controls you might trust then that information is fair game for anyone to give to anyone else is just silly. If it weren't, Facebook themselves wouldn't have been pressured repeatedly into creating and maintaining all those privacy controls even though it's not really in their interests to do so and they've tried to reduce them again and failed on several occasions.
But this isn't a random business. They decided, intentionally, that they wanted to put your personal information in there. True story: I have manually entered personal information (name, email, birthday, phone number) for many of my friends into my email accounts' address books over the years. They have done the same to me. It's expected.
That's what I was saying: If you're going to let people see all your personal info, it should be people you would trust to use that info properly. Facebook stopping Google from importing your info but allowing Yahoo to do so won't protect you at all.
Then you should ask your friends not to enter your info into their Gmail address books, and only give your info to you people you trust to honor that request. That's where the trust comes in. If you give your info to people, you must trust that they will not misuse it, whatever "misuse" means to you. Google's import tool would not sneak onto your friends' computers at night and surreptitiously import your data against their wishes, and lacking that tool will not stop your friends from "giving" your info to Google.
Facebook blocking one method for one company to import your data is not security; it's just corporate warfare.
> Facebook blocking one method for one company to import your data is not security; it's just corporate warfare.
Oh, I realise that. And I realise that some companies are necessarily going to get access to some basic contact information like e-mail addresses anyway if they are also in the e-mail business, because we all use mail services for e-mail to work. The fact that Google are in both the e-mail service business and the data mining business is an unfortunate coincidence in this respect, as far as I'm concerned.
I guess I just don't think it's healthy that in 2011, with all the data mining and all the poor security and genuinely harmful consequences of leaks going on, we still rely on things like unencrypted communication and centralised service providers who have direct access to personal data. We can do better now, and we would collectively be significantly safer and probably significantly happier as well if we did. Swapping Facebook spying on your entire life for Google does not seem like a particularly constructive move in that context.
I do, and I dislike immensely the fact that this means Google may be data mining personal messages I send privately to friends and I have no way to no or avoid it.
This is one reason all personal communications over the Internet should long since have defaulted to encryption. I don't mind Google offering a useful service, but there's really no (technical) need for them to have access to all that data while they're doing it.
There is no good way for Google to provide encryption within its gmail product without having the user provide the key to the browser/javascript (easily stolen) and or having the key stored on their servers (ease of use).
The unfortunate side effect of encryption is that it is not transparent, it requires users to be completely aware of what is and isn't encrypted and also to be completely aware of where their keys are stored and how they are treated. Defaulting to encryption would just make it so that the majority of the people are unable to communicate and or use the internet at large.
Most people do not use gmail with IMAP so suggesting client side is not going to really work. With encryption stuff like mailing lists will not work either, because you'd need to individually encrypt the message for each and every single recipient on the mailing list.
Oh, come on. Are you really suggesting that a world that managed to build the Internet, where the mathematicians developed concepts like public key encryption and password hashing, where many banks routinely issue physical tokens for two-factor authentication before access to secure systems, and where several nations run national ID databases, we couldn't manage to devise a system where every user has unique credentials to access sensitive systems without those systems themselves being able to decrypt the user's data?
That's a load of nonsense. In the grand scheme of things, solving that problem is easy. We just haven't done it yet, because while Pandora's box is open, not enough people have yet come down with plague.
Sadly, that means things are going to have to get significantly worse before they get better. Still, as the ever-increasing leaks turn into more concrete problems like bad credit because your card was swiped, being arrested based on bad intelligence, or having your political career destroyed because the wrong private comments leaked out, sooner or later enough people with serious influence are going to get hurt for the situation to change.
we couldn't manage to devise a system where every user
has unique credentials to access sensitive systems
without those systems themselves being able to decrypt
the user's data?
In the case of the GMail web interface, which I can tell you it's better than any desktop client I ever used, no, it isn't possible.
It isn't, because then Google cannot render email messages in the browser for you. And if it did decryption with Javascript, it's still their client and their client can still send back information about your emails to them.
Then you've got the problem of losing functionality. I love GMail because it does a good job of searching through my emails, or filtering them. And, ever since I switched to GMail, my spam problems are over.
Of course you could argue that with encrypted emails, spam is eliminated because you can just filter away messages for which you don't have a decryption key.
But this also represents a usability problem - getting the decryption key of every user that sends you email it's a PITA; and it would also prevent unsolicited emails that you do want (like old friends contacting you for the first time, or job offers).
Really, for encrypted email to work, you have to trust the client and it cannot be the default.
I don't think it would eliminate spam - the system would probably use PGP key servers to avoid the hassles of key sharing.
But yes, it's an usability nightmare now that everyone is using webapps. And even with native apps, having to copy the private key from your computer to your smartphone would be over most people's heads.
Well, here in Portugal (and I hear in Belgium they have a similar system) our national ID card can sign and encrypt data using an internal private & public keys. That could be used to encrypt email securely even on a rogue machine.
The main technical problem is the lack of readers. The actual main problem is user education - nobody knows how to work with them.
How would it encrypt email on a rogue machine, securely? If the machine is rogue and has all key presses and has the plaintext how can it be secure then? Sure it is encrypted but it is already compromised.
Oh, sure, the current email is compromised, but not the key (since the encryption/decryption is performed by the card itself). The advantage is that you can use a public machine to check a non-important email without giving them the keys to all others or letting them email faking your identity.
If I only befriended people I trust with my personal data my profile would have a half a dozen friends, or less. Making it difficult for people to do something stupid is a superior strategy to making it easy for them to do so.
If you only trust 6 people to have access to your email address then customise Facebook's privacy settings to only let those people see it. You don't have to trade data security for access to friends.
Facebook can't protect you from every way your friends could mishandle the data you give them access to. If you don't want them to have access to part of your profile it's up to you to set your privacy permissions appropriately, and it's Facebook's responsibility to make that as easy as possible (which they haven't).
I would't be that confident Google will properly herd out contacts, eventually... It happened before with Android's openness, it can happen again with G+
Can't you import friends by downloading your friends list using the facebook export tool? Google can use that to match people up with their friends as long as their friends have opted into Google+ with their facebook UID too.
You can use the API to export your friends list as facebook UIDs which can be used to reconstruct your graph assuming your friends have also opted into the third-party service with their facebook data/uid.
Facebook's "export tool" generates an incomplete static HTML version of some of the data you put into Facebook. The friend list wouldn't really be of any use unless people had unique names.
Go to your google account settings, and there is an option called "Connected accounts". Facebook is listed there. I don't know what this actually does however.
