Saturday, May 17, 2008

How Google Friend Connect Works



We figured you might be tracking the conversations about Google Friend Connect and Facebook. We want to help you understand a bit more about how it works on the Friend Connect side with respect to users' information.

People find the relationships they've built on social networks really valuable, and they want the option of bringing those friends with them elsewhere on the web. Google Friend Connect is designed to keep users fully in control of their information at all times. Users choose what social networks to link to their Friend Connect account. (They can just as easily unlink them.) We never handle passwords from other sites, we never store social graph data from other sites, and we never pass users' social network IDs to Friend Connected sites or applications.

The only user information that we pass from a social networking site to third-party applications is the user's public photo, and even that is under user control.

That's the high-level view. But what about the details? Here is more information on exactly how Friend Connect interacts with third-party social networks and applications.
  1. Google Friend Connect puts users in control over whether they're connected to their data on Facebook.
  2. Google Friend Connect only reads a small amount of user data from Facebook, and does so using Facebook's public APIs. We read the Facebook numeric id, friendly name, and public photo URLs of the user and their friends. We read no other information.
  3. The only user information that we pass from Facebook to third-party applications is the URL of the user's public photo.
  4. Google Friend Connect does not permanently store any user data retrieved from Facebook.
1) Google Friend Connect puts users in control over whether they're connected to their data on Facebook.

We behave like any other caller of the Facebook API. (See the Facebook developer api documentation for details.) When a user links their Facebook account with Google Friend Connect they must consent to this on Facebook itself. Here is the set of screens a user goes through:

First, the user must click "Link in Facebook friends":



Next a user sees this screen. This screen is from Facebook (notice the URL of the page shows facebook.com):



The user is then asked for their Facebook username and password on Facebook. (Note that Google Friend Connect does not have access to the user's Facebook username and password.) If the user logs in successfully, Facebook returns a session key to Google Friend Connect, and the user sees this screen:



This screen also comes from Facebook. On this screen the user is asked to consent to allowing Google Friend Connect to access some of their personal information. The user can choose to allow this access or not.

The user can easily unlink their Facebook account from Friend Connect. This can be accomplished in two ways:

From the Friend Connect settings dialog:



And from within Facebook's own Applications Privacy screen:



2) Google Friend Connect only reads a small amount of user data from Facebook, and does so using Facebook's public APIs. We read the Facebook numeric id, friendly name, and public photo URLs of the user and their friends. We read no other information.

If a user decides to link their Facebook account to Google Friend Connect, we ask Facebook for a small amount of user information. Here's an example of what might be returned:

Example data retrieved from Facebook (NOT passed to third-party apps):
  500013789
31415926535
Peter Chane
http://profile.ak.facebook.com/profile5/1038/101/s500013789_4207.jpg
694454023
Mussie Shore
http://profile.ak.facebook.com/profile6/1933/85/s694454023_4271.jpg
709611
Sami Shalabi
http://profile.ak.facebook.com/profile5/657/87/n709611_9673.jpg
This data is made up of the following fields:
  • A Facebook user ID (e.g. 500013789) that is used when Google Friend Connect communicates with Facebook. The unique ID is a number assigned by Facebook -- it is NOT the user's username or their phone number. The unique ID contains no personal information.
  • A session-key (e.g. 31415926535) which is a unique number provided by Facebook, that Facebook uses to track and control what data is exposed to Google Friend Connect for the logged-in user.
  • The user's friendly name as they entered it in Facebook (e.g. "Peter Chane"). This is typically a first and last name.
  • A URL to the user's public Facebook picture (e.g. http://profile.ak.facebook.com/profile5/1038/101/s500013789_4207.jpg). If the user set their picture to be private on Facebook then Google Friend Connect does not receive the picture. Again the picture used by Google Friend Connect is public and is easily viewed by anyone on the web.
  • A list of Facebook user IDs for each of the user's friends on Facebook. For each friend, Google Friend Connect retrieves the friend's Facebook picture-URL and name.
3) The only user information that we pass from Facebook to third-party applications is the URL of the user's public photo.

Applications that run on Friend Connect sites (e.g. the iLike application that runs on www.ingridmichaelson.com) have access to a subset of the information that is requested by Friend Connect from social networks such as Facebook. Applications are passed the following data from Friend Connect:
  • Your Google Friend Connect ID. This is a number. It is not a name, and it is not your ID from Facebook or any other social network.
  • Your nickname that you entered in Friend Connect. (NOT your friendly name from Facebook or any other social network.)
  • The URL to your public photo from Facebook or another social network. And only if you've chosen to make that photo public on the social network. (Note that Facebook includes the user's Facebook ID in the URL of their profile photo. We intend to obfuscate this URL in a future release of Friend Connect.)
  • The Google Friend Connect IDs (and Friend Connect nicknames, and photo URLs from linked social networks) of any of your friends who are also members of this site. (Not all of your social network friends. Not their social network IDs.)
That's it. These apps have no access to additional profile data -- yours or your friends. The apps have no idea who else is on your friends list on your social network(s).

4) Google Friend Connect does not permanently store any user data retrieved from Facebook.

Google Friend Connect purges all of the data it receives from Facebook frequently. The Facebook terms state that application developers should do this every 24 hours; we do it more often (currently every 30 minutes) because we don't want to store this data any longer than we absolutely need it.

Thanks for your interest in Friend Connect!

Regards,

Peter, Sami, Mussie

17 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Hm, i wonder what Pedram Keyani wrote that the author removed his comment :) Or is it because he left Google and works for Facebook now and gets censored ?

    ReplyDelete
  3. It almost felt the same to me that facebook has responded prematurely and with yourself clearing the air, the feeling has been confirmed. Kudos to you, and to the person who came with the idea of FriendConnect.

    ReplyDelete
  4. @ princ3
    Looks Like Keyani removed his own comment..

    ReplyDelete
  5. we are the jewish community in murcia spain
    a community that really is proud but nevertheless we relish privacy , griend connect puts the key in my hand to go where i want with whomever I want to share when what I feel is important to me
    raquel samper directora comunidad judia murcia

    ReplyDelete
  6. Thanks for this post. I'm really dissapointed in the way that Facebook blocked Google Friend Connect, it is obvious that everything facebook is saying about "private user information being passed without the user's consent" is all a load of rubbish.

    I'm looking forward to the day when Friend Connect, OpenID, and other open technologies are dominating the web, and will work towards that day. Unfortunately, for now, we are stuck with monopolistic services like Microsoft Windows and Facebook. But keep up the good work!

    Cheers,

    David

    ReplyDelete
  7. there are 2 problems
    1 entering again and again profile info. we are all sick of it.one time should be enough.
    2 bringing friends with us but not all.

    google friends offers an open social content language in a google friend container...even a jew feels safe here
    now thats alot!!!

    ReplyDelete
  8. With facebook and myspace dying, googles own orkut was a stillbirth, do they really think people need more places to put their pointless profiles? im sure google want it, all the advertising goodness, but it's too late.

    http://www.painfullback.com/

    ReplyDelete
  9. When you're explaining the retrieved data, I think you mixed up the Facebook user-id (31415926535) and session-key (500013789)

    ReplyDelete
  10. This comment has been removed by a blog administrator.

    ReplyDelete
  11. First of all, I would like to say that gFriend seems very promising. The only problem that I can see is with having too many social networking projects (website or software based) offered by Google. Lively, Orkut and Google Groups are all included in this, so why not consolidate what you have into the one bundle to make the most of the resources at your availability? I realize that Lively offers the 3D community aspect, but it does seem to attract a certain 'crowd'. And Orkut is a neat product as well, but lacks something that sets it apart from the other social networking websites. Google groups is somewhat different from the other two but revolves around community building rather than one-on-one interaction or the 'room' mentality. So, take the best of all of these products and integrate them into gFriend so that you don't get stuck having to maintain multiple products. If you try to allow access to other Google services into the same code then it will quite simply rock, thus setting gFriend apart from the likes of Pownce which I am quite impressed with since joining up months ago. And while you're at it, throw in a dice roller for the roleplayers. :D

    ReplyDelete
  12. What I want to know is when is Friend Connect going to roll out on Blogger?

    The press release at TechCrunch50 said "in the next few weeks" and that was published on August 27.

    That was 4 weeks ago. So just what does a few weeks mean? Can we get some type of definition as to when we will see Fiend Connect showing up in our "Followers" widgets?

    ReplyDelete
  13. Also is there any chance that FaceBook will allow Friend Connect? Those fools made the worst decision ever not to embrace OpenSocial.

    Now Digg is talking about FaceBook and their FriendConnect FaceBook app.

    Just what I want, those idiots from Digg invading a somewhat professional network like FaceBook.

    What are they thinking over there.

    Is there any plan for a social bookmarking site to embrace OpenSocial and hence Friend Connect?

    ReplyDelete
  14. I'm looking forward to the day when Friend Connect, OpenID, and other open technologies are dominating the web, and will work towards that day. Unfortunately, for now, we are stuck with monopolistic services like Microsoft Windows and Facebook. But keep up the good work!
    Thanks for this post. I'm really dissapointed in the way that Facebook blocked Google Friend Connect, it is obvious that everything facebook is saying about "private user information being passed without the user's consent" is all a load of rubbish.

    great9126,
    Online Dating

    ReplyDelete
  15. This comment has been removed by a blog administrator.

    ReplyDelete
  16. CHOICE HOME WARRANTY SCAM:
    When I told choice home warranty company that I was concerned about negative comments posted on GOOGLE they said " Don't worry that is just our competition posting those negative comments ". So I believed choice home warranty and signed up and boy did I ever regret that. They take in money and do not approve claims.

    ReplyDelete