How Google Friend Connect Works
By Peter
Chane, Sami Shalabi, Mussie ShoreWe figured you might be
tracking the
conversations
about Google Friend Connect and Facebook. We want to help you understand a bit more about how
it works on the Friend Connect side with respect to users' information.
People find the relationships they've built on social networks really valuable, and they
want the option of bringing those friends with them elsewhere on the web. Google Friend
Connect is designed to keep users fully in control of their information at all times. Users
choose what social networks to link to their Friend Connect account. (They can just as easily
unlink them.) We never handle passwords from other sites, we never store social graph data
from other sites, and we never pass users' social network IDs to Friend Connected sites or
applications.
The only user information that we pass from a
social networking site to third-party applications is the user's public photo, and even that
is under user control.That's the high-level view. But what
about the details? Here is more information on exactly how Friend Connect interacts with
third-party social networks and applications.
- Google Friend
Connect puts users in control over whether they're connected to their data on
Facebook.
- Google Friend Connect only reads a small amount of user data
from Facebook, and does so using Facebook's public APIs. We read the Facebook numeric id,
friendly name, and public photo URLs of the user and their friends. We read no other
information.
- The only user information that we pass from Facebook to
third-party applications is the URL of the user's public photo.
- Google
Friend Connect does not permanently store any user data retrieved from
Facebook.
1) Google Friend Connect puts users in control over
whether they're connected to their data on Facebook.We
behave like any other caller of the Facebook API. (See the
Facebook developer
api documentation for details.) When a user links their Facebook account with Google
Friend Connect they must consent to this on Facebook itself. Here is the set of screens a user
goes through:
First, the user must click "Link in Facebook
friends":
Next a user sees this screen. This screen is from Facebook (notice the URL of
the page shows
facebook.com):
The user is then asked for their Facebook username and password
on Facebook. (Note that Google Friend Connect does
not have access to the
user's Facebook username and password.) If the user logs in successfully, Facebook returns a
session key to Google Friend Connect, and the user sees this screen:
This screen also comes from Facebook. On this screen the user is
asked to consent to allowing Google Friend Connect to access some of their personal
information. The user can choose to allow this access or not.
The user
can easily unlink their Facebook account from Friend Connect. This can be accomplished in two
ways:
From the Friend Connect settings dialog:
And from within Facebook's own Applications Privacy
screen:
2) Google Friend Connect only reads a small amount of
user data from Facebook, and does so using Facebook's public APIs. We read the Facebook
numeric id, friendly name, and public photo URLs of the user and their friends. We read no
other information.If a user decides to link their Facebook
account to Google Friend Connect, we ask Facebook for a small amount of user information.
Here's an example of what might be returned:
Example data
retrieved from Facebook (NOT passed to third-party apps): 500013789
31415926535
Peter Chane
http://profile.ak.facebook.com/profile5/1038/101/s500013789_4207.jpg
694454023
Mussie Shore
http://profile.ak.facebook.com/profile6/1933/85/s694454023_4271.jpg
709611
Sami Shalabi
http://profile.ak.facebook.com/profile5/657/87/n709611_9673.jpg
This
data is made up of the following fields:
- A Facebook user ID
(e.g.
500013789) that is used when Google Friend Connect communicates
with Facebook. The unique ID is a number assigned by Facebook -- it is NOT the user's username
or their phone number. The unique ID contains no personal information. - A
session-key (e.g.
31415926535) which is a unique number provided by
Facebook, that Facebook uses to track and control what data is exposed to Google Friend
Connect for the logged-in user. - The user's friendly name as they entered
it in Facebook (e.g. "Peter Chane"). This is typically a first and last name.
- A URL to the user's public Facebook picture (e.g.
http://profile.ak.facebook.com/profile5/1038/101/s500013789_4207.jpg).
If the user set their picture to be private on Facebook then Google Friend Connect does not
receive the picture. Again the picture used by Google Friend Connect is public and is easily
viewed by anyone on the web. - A list of Facebook user IDs for each of the
user's friends on Facebook. For each friend, Google Friend Connect retrieves the friend's
Facebook picture-URL and name.
3) The only user information that
we pass from Facebook to third-party applications is the URL of the user's public
photo.Applications that run on Friend Connect sites (e.g.
the iLike application that runs on
www.ingridmichaelson.com) have access to
a subset of the information that is requested by Friend Connect from social networks such as
Facebook. Applications are passed the following data from Friend Connect:
- Your Google Friend Connect ID. This is a number. It is not a name,
and it is not your ID from Facebook or any other social network.
- Your
nickname that you entered in Friend Connect. (NOT your friendly name from Facebook or any
other social network.)
- The URL to your public photo from Facebook or
another social network. And only if you've chosen to make that photo public on the social
network. (Note that Facebook includes the user's Facebook ID in the URL of their
profile photo. We intend to obfuscate this URL in a future release of Friend
Connect.)
- The Google Friend Connect IDs (and Friend Connect
nicknames, and photo URLs from linked social networks) of any of your friends who are
also members of this site. (Not all of your social network friends. Not
their social network IDs.)
That's it. These apps have no access to
additional profile data -- yours or your friends. The apps have no idea who else is on your
friends list on your social network(s).
4) Google Friend
Connect does not permanently store any user data retrieved from Facebook.Google Friend Connect purges all of the data it receives from Facebook
frequently. The Facebook terms state that application developers should do this every 24
hours; we do it more often (currently every 30 minutes) because we don't want to store this
data any longer than we absolutely need it.
Thanks for your interest in
Friend Connect!
Regards,
Peter, Sami, Mussie
