When asked about the issue at Web 2.0 Summit, Mark Zuckerberg mentioned that he wasn’t sure that Facebook was “100% right” in preventing Gmail or other third party apps from crawling the site, and referred to the difference between information you yourself put into an email application versus information put into a social network by people you’ve chosen to befriend as a factor in what the eventual universal export policy will be, “We’re trying to think through these things and be respectful of all the forces that are at play.” In other words, it’s complicated.
While Facebook “thinks through these things,” it seem to making some bold moves, from kicking off power user Robert Scoble for trying to scrape his contacts through Plaxo in 2008 to eliminating the Gmail option entirely from “Find My Friends” while allowing unlimited (albeit problematic) contact info access to partners Yahoo and Hotmail.
To give us a better sense of the evolution of Facebook’s contact info policy, a tipster who might have been the first person to attempt mass Facebook email scraping, sent us the below string of support emails between himself and Facebook proto-employee Dustin Moskovitz, resulting from attempts to aggregate the contact info of everyone in the Princeton network in 2004.
On Aug 22, 2004, at 7:52 PM, thefacebook – General Information wrote:
Hi,
I deactivated your account because of a security violation. Let me know what you were up to if you’re interested in getting it back.
Dustin @ thefacebook
————————————————-
On Sun, 22 Aug 2004, xxx xxxx wrote:
Hi Dustin,
I have written a script to go and collect the picture, cell phone number, birthday, hometown, and year of everyone at Princeton. Then, using the princeton ldap directory, I looked up information like room phone number, room address, and email address. I then exported all of this in vCard format, to be imported into my mac’s Address Book program, and put on my iPod.
I probably should have run this at night, so that I did not cause a slowdown for other users. However, I reviewed this section of the privacy policy, and didn’t think I was violating any of it with my script. But I’ll be interested to hear your take on that.
“The Web site is for the personal use of individual Members only and may not be used in connection with any commercial endeavors. Organizations, companies, and/or businesses may not become Members and should not use the Service or the Web site for any purpose. Illegal and/or unauthorized uses of the Web site, including collecting email addresses of members by electronic or other means for the purpose of sending unsolicited email and unauthorized framing of or linking to the Web site will be investigated, and appropriate legal action will be taken, including without limitation, civil, criminal, and injunctive redress.”
If you want me to stop, I’ll stop. It’s your site. However, if you are concerned with an overuse issue rather than a privacy issue, I would appreciate it if you would allow me to continue where I left off, which is at Katy Bacon. I wouldn’t mind setting it to run at night, in small batches, or whatever. But again, if you don’t want me to do it, I won’t
do it, no questions asked.”
I guess I’d appreciate getting the xxx xxx account back, but nobody needs or uses the ulink account.
Look forward to hearing from you,
xxxxxxxxxxxxxxxx
————————————————-
From: thefacebook – General Information <info@thefacebook.com>
Date: August 22, 2004 6:33:11 PM PDT
To: xxxxxx xxx@princeton.edu
Subject: Re: Security Violation
Hi xxxx,
So the slowdown isn’t really an issue, but we pretty much don’t want people to aggregate the information available on the website. Part of the reason people are willing to provide so much information is because of the security and privacy we built into the site.
I was pretty much assuming you were going for the email addresses, but on further consideration, I’m probably going to change the privacy policy from “collecting email addresses” to “collecting email addresses or other contact information” for the future.
We are in the process of developing a feature where you can export vcards for your friends (one of them, or all of them at once) and we’ll probably release it relatively soon. I’d appreciate it if you would use that instead of collecting info on everyone at Princeton.
I’ve reactivated your account.
The moral of this blast from the past? The more things change the more things stay the same, other than that whole “No businesses on Facebook thing.” Well maybe we could also amend Moskovitz’s “We pretty much don’t want people to aggregate the information available on the website,” statement with “unless of course they are an ad partner.”
The most interesting thing is about this exchange is that even in 2004, Moskovitz realized the sheer utility of being able to export your Facebook Friend contacts (as opposed to everyone at Princeton) and explicitly references a feature in the works where you could export VCards for your Friends. After all you built those relationships.
That mythical VCard feature, which never actually appeared, sounds similar to the universal export that Facebook took advantage of when Google took away access to its API and would allow you to do exactly what the short-lived Google Chrome extension did on Friday before it was shut down. Here’s to hoping the feature will one day see the light of day.
Update: While it is not clear whether these were official Facebook features or not, commenters are reporting that Facebook has actually experimented off and on with allowing an export feature in both in CSV and VCard format, neither having any staying power. A representative from Facebook told us, “We may have tested this a long time ago, but not in the last few years.”