I recently decided to RSVP for a meetup on meetup.com. It was a meetup I don't, in fact, want most folks I know to know about. I made sure to use my junk email account that doesn't have my name tied to it.
So I was scared shitless when after RSVP'ing I see faces of all my facebook friends and an offer to invite them. I always thought you had to do the whole facebook connect crap before websites could just splash your fb friends list at you? Then I thought about all the billion different ways facebook has to integrate them into your site and figured this must be one of the ways.
Pretty much any of it. If there's a photo I want a friend of mine to see, but they don't have permission to see it, I just send them the URL of the static content and it works every time, whether or not they're logged in.
Bert, your facebook profile ID is in that URL (the number starting with 1389...).
Also, there is no restriction on who can see pictures when you a direct link to an image. This is mostly due to the fact that CDNs used to store static files usually don't send cookies and thus have no concept of a session.
My personal portfolio site is listed in my HackerNews profile, on my portfolio site I have a link to my Facebook profile (so that people I give my business card to are able to more easily find me, and not my dad).
I am familiar with what is in the URL, and I am also familiar with CDN's. I was merely posting my rebuttal to the OP who said it was obfuscated.
Not at all, they now even give you a link to download the image. You can share this publicly. Or just right click and choose "Copy Image URL". I viewed source and it's a standard container div setup, nothing obfuscated about it. The image URLs are all right there.
That's it? So if I rationally weigh my cost of having to watch where I click and find it to be significantly less than the benefits from hanging out with friends online, I'm a victim of an "abuse"?
It's a sad day for HN when thoughtful discussions have been replaced by such obvious sensationalism nonsense. We can compile kernels but Facebook's super-complex privacy settings reduce us to wimps.
Here's the text I was thinking of when I wrote that:
"So I was scared shitless when after RSVP'ing I see faces of all my facebook friends and an offer to invite them. I always thought you had to do the whole facebook connect crap before websites could just splash your fb friends list at you?"
Someone was petrified that fb knows and may have already revealed something that person really wants to keep private. Sounds fairly abusive to me.
How long is until you'll be able to 'connect' to the DMV via fb? What if you're a serial scofflaw, and have a trail of unpaid speeding tickets. We already have instances of debt collectors attacking fb profiles. What if state agencies try to get in on this act?
> I always thought you had to do the whole facebook connect crap before websites could just splash your fb friends list at you?
No, you're wrong.
> Someone was petrified that fb knows and may have already revealed
Based on that someone's own mistaken idea.
> How long is until you'll be able to 'connect' to the DMV via fb?
Then just quit when that happens? Or don't let people post to your wall? Or don't friend strangers? Sorry, but these aren't rocket science and they in no way resemble an "abuse".
Watmough, you have to opt in to a site in order for that site to be able to access your information. However, social plugins allow your information to appear inside iframes on third-party sites (without revealing your identity or your friends to the site)
The website doesn't have access to your friends and cannot post anything without your consent. It can just set up an isolated iframe which is controlled by Facebook. There is no communication between the iframe & the page you're on (except for the initial setup data) so the website cannot post on your behalf. It might sound creepy but it's actually very safe.
In the article, the writer is at issues with social apps that he allowed to post on his behalf. It's entirely different.
My take on this: the (only) problem is that Facebook has changed the way info is displayed (with the ticker feed) and in that new context, the rights we gave to social apps on our Facebook accounts have been extended. Not technically but that's what it amounts to in pratice, since it's much more likely for stuff getting posted to be seen.
The fact that you can be going about your regular Internet life and not know if something you do will or won't be posted to a social network is a huge problem. Facebook's approach seems to be to boil the frog toward people not giving a crap about privacy at all, to voluntarily give it up as a reflex or instinctual action, or not to notice that it is already gone, all under the cover of "being friendly." I mean, you aren't such a grump that you don't want to tell your friends what you're doing, right?
This is why I closed my Facebook account two years ago (happened to me on cnn.com). But I'm back. I just wanted those "connections," I don't think that it is worth it.
So I was scared shitless when after RSVP'ing I see faces of all my facebook friends and an offer to invite them. I always thought you had to do the whole facebook connect crap before websites could just splash your fb friends list at you? Then I thought about all the billion different ways facebook has to integrate them into your site and figured this must be one of the ways.