The neverending GRAPH

Through all the accusations and doom-and-gloom predictions about Facebook and its future implications, it appears we’ve never investigated Facebook and its open graph (and we must in order to understand the true reach of Facebook).

Facebook operates on a system of simple identifiers and “connections” between those labels and unique IDs. Yes, I understand the platform is incredibly robust and massive – just go with me on this one. According to Facebook’s Developer section,

At Facebook’s core is the social graph; people and the connections they have to everything they care about. The Graph API presents a simple, consistent view of the Facebook social graph, uniformly representing objects in the graph (e.g., people, photos, events, and pages) and the connections between them (e.g., friend relationships, shared content, and photo tags).

So, let’s break this down. Here is my unique ID:

{
   "id": "44403710",
   "name": "Lacy Mahone",
   "first_name": "Lacy",
   "last_name": "Mahone",
   "username": "lacymahone",
   "gender": "female",
   "locale": "en_US"
}

All IDs can be found at https://graph.facebook.com/[username_or_page_name] and are returned as JSON objects (JavaScript Object Notation). Facebook uses this format because it is a text format that is independent of any specific programming language that both humans and machines can read easily. Consider this the list of “identifiers” that Facebook will use in all of its “connection” equations.

All of the objects in the Facebook social graph are connected to each other via relationships. [...] We call those relationships connections in our API. You can examine the connections between objects using the URL structure https://graph.facebook.com/ID/CONNECTION_TYPE. The connections supported for people and pages include:

  • Friends
  • News feed
  • Profile feed (Wall)
  • Likes
  • Movies
  • Music
  • Books
  • Notes
  • Permissions
  • Photo Tags
  • Photo Albums
  • Video Tags
  • Video Uploads
  • Events
  • Groups
  • Checkins

Whoa… That adds up to a lot of data. A sample of what is returned when I pull up the graph of my music interests is below (the list is MUCH longer than this).

{
   "data": [
      {
         "name": "Sealion",
         "category": "Musician/band",
         "id": "190637787649621",
         "created_time": "2011-04-29T14:39:51+0000"
      },
      {
         "name": "Unearth Official",
         "category": "Musician/band",
         "id": "5813222730",
         "created_time": "2011-02-28T00:43:35+0000"
      },
      {
         "name": "Binary Sunrise",
         "category": "Musician/band",
         "id": "119658943109",
         "created_time": "2011-02-21T20:41:46+0000"
      },

So now we understand in a very simple way how Facebook compiles and organizes your information and how it relates to others. As you see above, Facebook knew that I "liked" Binary Sunrise on February 21, 2011 at 8:41 p.m. and they kept that information. There's a lot of frivolous information kept within the graph that you may not know or care about, as long as its safe from prying eyes. It is safe, right? Well, as long as YOU keep it that way...

Now that we're on that topic, let's talk a little about authorization. As is, the Graph allows you to access all public information about anyone or anything in text form. That's no big deal. To access more than public information, you need what Facebook calls an access token. Developers must add these to the front end of any apps people use on Facebook. Requesting an access token is what's happening when the popup shows up asking you whether you'd like to allow X Application access to X, Y, Z. In order to access X Application, you must allow access.

[pic - upload problems]

[pic - upload problems]

When anything additional is listed, the developers are requesting access to more than your publicly available information (this could be email address, news feed, notes, photos, ability to post to your wall when you're logged out, etc.). They can even be notified if you decide to de-authorize their app. You might be thinking "why in the WORLD would I ever allow that app access to anything?" Well, simply because you want what they offer - be it a game, airline miles, votes for your picture, anything really.

Here is an example Facebook gives in its Developer section of the kind of information an access token could give a developer. Bret's public graph information available at https://graph.facebook.com/btaylor looks like this:

{
   "id": "220439",
   "name": "Bret Taylor",
   "first_name": "Bret",
   "last_name": "Taylor",
   "link": "http://www.facebook.com/btaylor",
   "username": "btaylor",
   "gender": "male",
   "locale": "en_US"
}

Bret's graph information with an access token available at https://graph.facebook.com/btaylor?access_token=2227470867|2.GwwRBfgwxdwTgWQ8vCaOsg__.3600.1304496000.0-44403710|bl-gfDaiFqQ1rt7B7XtjotDPyI0 looks like this:

{
   "id": "220439",
   "name": "Bret Taylor",
   "first_name": "Bret",
   "last_name": "Taylor",
   "link": "http://www.facebook.com/btaylor",
   "username": "btaylor",
   "hometown": {
      "id": "108363292521622",
      "name": "Oakland, California"
   },
   "location": {
      "id": "109650795719651",
      "name": "Los Gatos, California"
   },
   "work": [
      {
         "employer": {
            "id": "20531316728",
            "name": "Facebook"
         },
         "position": {
            "id": "148305368513781",
            "name": "CTO"
         },
         "with": [
            {
               "id": "4",
               "name": "Mark Zuckerberg"
            },
            {
               "id": "1586010043",
               "name": "Zach Rait"
            }
         ],
         "start_date": "2009-08",
         "end_date": "0000-00",
         "projects": [
            {
               "id": "153823678006564",
               "name": "Open Graph",
               "with": [
                  {
                     "id": "4",
                     "name": "Mark Zuckerberg"
                  }
               ],
               "from": {
                  "id": "4",
                  "name": "Mark Zuckerberg"
               }
            }
         ]
      },
      {
         "employer": {
            "id": "99073561945",
            "name": "FriendFeed"
         },
         "location": {
            "id": "108212625870265",
            "name": "Mountain View, California"
         },
         "position": {
            "id": "116320241753504",
            "name": "Founder & CEO"
         },
         "with": [
            {
               "id": "581903346",
               "name": "Goutham Patnaik"
            },
            {
               "id": "15500414",
               "name": "Benjamin Golub"
            },
            {
               "id": "223020",
               "name": "Tudor Bosman"
            },
            {
               "id": "1214835",
               "name": "Dan Hsiao"
            },
            {
               "id": "836701",
               "name": "Casey Maloney Rosales Muller"
            },
            {
               "id": "4809535",
               "name": "Kevin Fox"
            },
            {
               "id": "500039935",
               "name": "Gary Burd"
            },
            {
               "id": "207830",
               "name": "James Norris"
            },
            {
               "id": "580246416",
               "name": "Sanjeev Singh"
            },
            {
               "id": "672745547",
               "name": "Paul Buchheit"
            }
         ],
         "start_date": "2007-10",
         "end_date": "2009-08"
      },
      {
         "employer": {
            "id": "86860316161",
            "name": "Benchmark Capital"
         },
         "location": {
            "id": "104048449631599",
            "name": "Menlo Park, California"
         },
         "position": {
            "id": "104098916294662",
            "name": "Entrepreneur In Residence"
         },
         "with": [
            {
               "id": "210560",
               "name": "Peter Fenton"
            },
            {
               "id": "207830",
               "name": "James Norris"
            }
         ],
         "start_date": "2007-06",
         "end_date": "2007-09"
      },
      {
         "employer": {
            "id": "104958162837",
            "name": "Google"
         },
         "position": {
            "id": "103146903077097",
            "name": "Group Product Manager"
         },
         "start_date": "2003-03",
         "end_date": "2007-06",
         "projects": [
            {
               "id": "162849873739882",
               "name": "Google Maps",
               "with": [
                  {
                     "id": "207830",
                     "name": "James Norris"
                  },
                  {
                     "id": "767560056",
                     "name": "Lars Eilstrup Rasmussen"
                  },
                  {
                     "id": "734236612",
                     "name": "Jens E. Rasmussen"
                  }
               ]
            }
         ]
      }
   ],
   "favorite_teams": [
      {
         "id": "112437965439134",
         "name": "Stanford Cardinal"
      },
      {
         "id": "106533819377582",
         "name": "San Francisco 49ers"
      },
      {
         "id": "109892325707088",
         "name": "A's"
      }
   ],
   "favorite_athletes": [
      {
         "id": "106056612759445",
         "name": "Toby Gerhart"
      },
      {
         "id": "112417838771364",
         "name": "Joe Montana"
      },
      {
         "id": "132355330134939",
         "name": "Andrew Luck"
      }
   ],
   "inspirational_people": [
      {
         "id": "103864656318694",
         "name": "Linus Torvalds"
      },
      {
         "id": "113529011990795",
         "name": "Steve Jobs"
      }
   ],
   "education": [
      {
         "school": {
            "id": "112075895485567",
            "name": "Acalanes High"
         },
         "type": "High School"
      },
      {
         "school": {
            "id": "6192688417",
            "name": "Stanford University"
         },
         "concentration": [
            {
               "id": "192578844099494",
               "name": "Computer Science"
            }
         ],
         "type": "College"
      },
      {
         "school": {
            "id": "6192688417",
            "name": "Stanford University"
         },
         "degree": {
            "id": "193640483997198",
            "name": "MS"
         },
         "concentration": [
            {
               "id": "192578844099494",
               "name": "Computer Science"
            }
         ],
         "type": "Graduate School"
      }
   ],
   "gender": "male",
   "locale": "en_US",
   "languages": [
      {
         "id": "106059522759137",
         "name": "English"
      },
      {
         "id": "110343528993409",
         "name": "Spanish"
      }
   ],
   "updated_time": "2011-05-02T05:06:10+0000"
}

Hopefully you'll think twice before allowing any ol' app access to your information. Even if you de-authorize an app, any ill-meaning developer could already have much of your information. It appears that true privacy all depends on the walls you put up and the intentions of the developers you let inside the fence.

Just for fun, here is code I simply copy-and-pasted from Facebook's Developer section on rendering anyone's Facebook profile image:

Tech