Today, Facebook has announced the rollout of a new permissions model for third-party applications, mandating that apps specify exactly what data they wish to access (and giving users the ability to opt out if they wish to). The change has been in the works for a long time: Facebook’s blog post notes that it was first announced back in August 2009 as a result of privacy concerns brought up by Canada’s Privacy Commissioner. The new dialog boxes were shown off at f8 in April.
Third-party Facebook applications have always had to ask users for permission to access their private data, but before now the dialogs were unspecific, and sometimes required users to click “Yes” to a series of boxes which could get confusing. Now all data that an application wishes to access will be presented in a single dialog box. As usual, applications will be able to access data that you’ve shared with ‘Everyone’ (which actually encompasses quite a bit of data these days). Beyond that, users will be told in plain English exactly what private data they’re sharing, which can include things like your Email address, photos, and videos. This is definitely a step forward.
A month ago, Facebook also made changes to its main privacy control panel that makes it easier to manage your settings (and turn off Facebook Platform entirely). Still, those changes have not gone far enough to silence privacy advocates, especially with regard to Facebook’s controversial Instant Personalization feature.