Just the other day I was digging into various Web 2.0 APIs to see what the possibilities where. You know, just kicking back and having fun geek style. I quickly gave up.

For some reason, both Facebook and LinkedIn protect certain information about your friends and contacts in the name of privacy. If you log into your Facebook account, you can see the e-mail address of your friends if they have provided one on their profile. You cannot retrieve that e-mail through the API and the same goes for the phone number. You can get pictures, gender, age etc. but not the e-mail address.

LinkedIn does expose the e-mail address, but not addresses, phone numbers or any other information except the name, title and organization. The reason why I wanted the e-mail address was that it is a great key that could pair up your Facebook friends to the LinkedIn contacts. Then I would be able to get all the information on the people from the two networks and make a more complete profile on them.

I know that people might be reluctant to share their e-mail address on Facebook, but apparently a lot of the same people have no issue sharing it on LinkedIn. It doesn’t make sense. And why does the LinkedIn vCards of your own contacts not contain information like country and zip code even though people have entered it? Why couldn’t they just let it be up to the individual user to allow this information being public? Privacy restriction, that’s why, and probably a law suit waiting to happen.

Now, there is some sense in keeping sensitive information private, but why are they just sensitive to the API’s on not if you’re logged in on the websites? In other words, people can get access but not machines. It might be that people build mash-ups, but machines have to execute them and that’s the problem.

It seems that the bigger the programmable web becomes, the bigger the issue becomes on keeping information private, thus limiting us from doing some really cool stuff easily. I guess we could always go back to screen scraping as long as it’s still possible, which by the way it is on both Facebook and LinkedIn – for now anyway – even thought it is a clear violation on their terms of service.

So, I gave up my little venture, looked longingly at the moon from my window and dreamed of a world where privacy restrictions and law suits don’t conflict with my geeky nature.


Comment by JacobM

I hear you, but are you saying "isn't it annoying that these companies are succumbing to their fear of lawsuits" or are you saying "doesn't it suck that a bunch of rat-bastard spammers and phishers have ruined things for the rest of us"?


Comment by Tom

I don't know, maybe I'm just too cynical but it seems to me that (whatever they say) the real reason sites like this don't allow you to access such information is because you could develop an export feature which would make it easy to move all your "social data" to another service.

I mean, in the case of Facebook the only privacy concern would be to protect your friends from spam but a malicious widget could just as easily create the same amount of spam using Facebook messages since they send the message to your inbox anyway.

In my opinion its just a case of each service keeping the most valuable piece of information they have to themselves. For Facebook that's the e-mail address so they won't let you retrieve that, for LinkedIn its actual contact information so they'll let you have the e-mail address but not the other info.

Comment by Mads Kristensen

It's probably the latter that leads to the first, which then again leads to my frustration :)

I think you're probably right, but it's still strange that more and more APIs become available but they are so limiting that you can really only use them for very few specific things.

Comment by Dan Atkinson

Yes, I agree that the privacy issues certainly lock up a lot of functionality that could be used for cool things.

An example of something that could be really awesome (if things like email address where fully accessible in Facebook) is OutSync: http://www.melsam.com/outsync/

It's almost fully functional, and if I remember from the Hanselman Minutes podcast, it does page scrapes to retrieve data, and then matches up the image against the name. This could be much stronger, if only people could allow their friends API access to their personal details.

Comment by Martin H. Normark

OutSync is cool.

But the Facebook API is so restricted - it's very bad. I tried to get the profile ID of each logged in user visiting my profil, from a simple app I created. The API even had a method called getLoggedInUser. That only gave me my own profile id/ user id. In the description of the method, it says 'get's the user associated with the current session'. They could argue that a session here, is the "session" to the profile hosting my app.

Comment by wow gold