Facebook releases data about NSA requests


Facebook on Monday released data showing how many requests for data the company has received from the National Security Agency — at least, the range of these requests. From January through June 2013, Facebook received fewer than 1,000 requests for user content data from the NSA, regarding 5,000 to 5,999 accounts.


Facebook Platform Updates: Frictionless Requests 2.0, OAuth 2.0 and HTTPS Deadlines Tomorrow, FBML Ending June 2012

Yesterday, Facebook announced updates to the Requests 2.0 including the introduction of frictionless requests that don’t require users to complete a Requests dialog. This could get users to send more Requests, helping apps gain new users and reengage existing users. However, some users might opt in to frictionless requests without fully understanding the feature’s implications, and later be surprised to find out their in-app actions have been sending Requests to their friends

It also set the deprecation schedule for FBML. Support will be discontinued on January 1st, 2012, and apps using FBML will cease to work on June 1st, 2012. Last week’s Platform Update also noted additions to the Graph API, a change to setAutoResize, and a new way for developers to have their apps indexed. Finally, tomorrow is the migration deadline for OAuth 2.0 and HTTPS.

Requests 2.0 Updates

Previously, developers had to force users through a Requests dialog every time they want to send a Request. Developers can now enable frictionless requests, which allows them to automatically send Requests on behalf of its users when a user opts to send a Request to a friend they’ve already sent one to.

If enabled, when users go to send their first request to a specific friend, they’ll see a checkbox for “Don’t ask again before sending Requests to [this friend] from this app.” Next time they opt to send a Request to that same friend from that same app, the Request will be automatically sent without interrupting usage of the app.

As Requests are an important driver of growth and retention for apps, making it easier for users to send Requests should help apps increase their user counts. Frictionless Requests may also be compatible with Facebook’s forthcoming HTML5 mobile app platform, which will allow users to send Requests that are delivered as notifications.

Facebook is also implementing a new breaking change to Requests 2.0 that will improve its performance. A new migration setting called “Requests 2.0 Efficient” is now available in the Developer app. When activated this “changes the format for request IDs in the JavaScript requests callback method.” Developers should make the change to their JavaScript and then enable the migration.

In 90 days on January 1st, 2012, all apps will be opted into both Requests 2.0 Efficient and Upgrade to Requests 2.0. Developers should make sure they’re ready to prevent breakage. New apps are now opted into both these migrations and cannot opt out. Apps are also now responsible for deleting old Requests. Details for making the migration are available in the Requests documentation.

FBML Deprecation

Facebook announced over a year ago its plans to deprecate FBML. In March 2011, it ceased to allow new FBML apps to be created. Now it has scheduled the final two steps of the deprecation.

On January 1st, 2012 Facebook will stop supporting FBML and cease to fix bugs except for those related to privacy and security. On June 1st, 2012, Facebook will remove all FBML endpoints and any apps built on the language will stop functioning. The deprecation will make Facebook app development more accessible as programmers won’t have to use a proprietary language.

The two main parts of FBML that remain useful to developers are Requests and Static FBML. Requests can now be handled with Requests 2.0, and Static FBML can be replaced with iframe apps. Several Facebook Preferred Developer Consultants offer free iframe app builders, including Wildfire Interactive. Facebook has also worked with Wildfire to offer a FBML to iframe migration tutorial. XFBML will not be deprecated.

Platform Updates

As detailed in a Platform Update, problems with FB.Canvas.setAutoResize have forced Facebook to rename the call for controlling how an app is displayed on the Canvas page. The function is now named FB.Canvas.setAutoGrow and only works for increasing the size of an app. To shrink an app, Facebook recommends using “FB.Canvas.setSize with a height parameter to set the iframe height explicitly.” FB.Canvas.setAutoResize will be deprecated on January 1st, 2012.

Mutual friends between two users can now be retrieved from the Graph API with the call: https://graph.facebook.com/me/mutualfriends/FRIEND_ID

The following information about an application can now be pulled from the Graph API:

  • canvas_name
  • logo_url
  • icon_url
  • company
  • daily_active_users
  • weekly_active_users
  • monthly_active_users

To do so, developers can use the call https://graph.facebook.com/ANY_APP_ID

To simplify how apps are indexed by Facebook’s internal search engine, now when apps reach 10 month active users they are queued to be indexed in the next index rebuild which happens ever two to four weeks. Developers no long need use the setting page’s Submit to Search link. This will make sure apps that are gaining users aren’t accidentally left out of search.

OAuth 2.0 and HTTPS Migration Deadline Tomorrow

In May, Facebook announced that developers would eventually need to migrate to a more secure way to pass access tokens and allow users to browse their apps over a secure HTTPS connection. This followed a security issue where apps were found to be leaking permissions tokens that could give third-parties unauthorized access to user data. The migration becomes mandatory tomorrow, October 1st, 2011.

Developers must use OAuth 2.0 for authentication, encrypt access tokens, and have an SSL certificate and provide a secure browsing URL. To assist developers, Facebook has released admin.setAppProperties which allows the necessary settings changes to be made programmatically. FBML apps must also have SSL certificates and secure browsing URLs.

Platform Update: Credits Insights, Platform Policies, App to User Request Messages

Amongst a flurry of announcements about changes to games on its platform, Facebook recently updated the Developers Blog regarding the addition of a new Insights analytics tab for Facebook Credits. The latest Platform Update also included announcements about how app-to-user request notifications will now show the notification’s message; new capabilities for the Graph API, activity and recommendation plugins, and the Graph API Explorer; as well as clarifications of two Facebook Platform Policies.

Developers of Facebook apps that use Facebook Credits will now or soon see a Credits tab in their Insights dashboard. Credits Insights graphs the information developers receive in their daily Credits reports, name spend, chargebacks, and refunds. Developers can select date ranges for these graphs, compare time periods, and export data in XLS or CSV format.

Credits Insights, accessible to those with the Administrator role on a given app, will help developers determine how effectively their apps and games are monetizing. The Insights graphs are more efficient for determining the impact of design changes or market forces on monetization than the more momentary Credits reports. With time, Facebook may add more data to Credits Insights that could help developers better understand who is spending within their apps, and what is convincing them to make purchases.

Facebook quietly changed some important Platform Policies recently, banning promotion of apps on some types of competing social platforms and restricting how developers can reward their users. In the Platform Update, it announced two smaller deletions from its policy document:

FPP IV.4: You must provide users with an easily identifiable “skip” option whenever you present users with an option to use a Facebook social channel.

Apps no longer have to include a skip option because apps must always obtain user consent before posting on their behalf.

FPP IV.5: You must not provide users with the option to publish more than one Stream story at a time.

This deletion permits apps to let users publish to the walls of multiple friends simultaneously. Group communication, group buying, multi-player gaming, and other types of apps will now be able to let users choose multiple recipients for a wall post rather than put users through several redundant share steps.

The policy was likely put in place initially to reduce the potential for wall post spam. However, Facebook has been refining its app quality ranking system such that apps that publish posts that are frequently hidden or marked as spam will receive fewer impressions of their news feed content and risk suspension. Facebook apparently sees these repercussions as adequate to discourage spam.

App to user Request notifications that appear in the Apps and Games Dashboards now include the message originally included with the Request, making them a more effective method for developers to communicate with their users and ping them with calls to action. Before, these notifications didn’t include the message. The change could increase the conversion rate on app-to-user Requests. The counters for pending Requests will also appear in the new Games Ticker.

Developers using Facebook’s Activity or Recommendations plugins now have the option to prevent old or outdated content from appearing in the plugins. The  max_age field lets developers set the number of days within which a URL must have been created to be eligible for display within the plugin.

For example, ’0′ would make all stories show up regardless of URL creation date similar to how the plugin worked before, whereas ’14′ would require the URL to have been created in the last two weeks. The option will make the plugins more useful to developers of sites focused on breaking news or other real-time content.

The Graph API Explorer now permits developers to quickly generate access tokens for one of the apps they admin. This will make it easier to test APIs that require users to grant permissions to an app.

Rather than using the legacy REST API, developers can now determine if a user Likes a Page using the Graph API call:


This could help apps determine if a user is eligible to see fan-only content protected by a Like-gate.

Facebook Redesigns Friend Request Email Notifications to Fight Spam

This week Facebook redesigned the email notifications users receive when they’re sent a friend request. These emails now show stats about the request sender, including their friend, photo, wall post, and Group count, helping users identify spammers since they usually have few friends and little content. The emails also now include a link to “See All Requests” for batch request management.

Previously, requests only showed the name, profile picture, and mutual friend count of a friend request sender. If users answered requests via email and didn’t visit the sender’s profile, it would be difficult to tell if the person was a real acquaintance or a spammer looking to publish scams to their news feed.

Facebook has made several other moves this year to reduce friend request spam. In September it began preventing users from sending suspicious friend requests to people they are far removed from on the social graph. In January, it introduced a “Mark you don’t know him/her” response option to friend requests. Facebook limited the amount of friend requests that could be sent by those receiving too many of these marks.

Facebook’s Chief Technology Officer Bret Taylor said at our Inside Social Apps conference in January that Facebook had reduced spam by 95% in the last year, partly in thanks to these spam prevention features. However, Facebook has to be careful not produce false positives and accidentally block legitimate friend requests between two people that met in real life, even though they’re distant on the graph or one user has sent some unsolicited requests before.

These new email notifications bring a summary of what a user might manually check a profile for to determine if a friend request was spam. This should help reduce the number of spam friend requests that are accepted, and therefore keep the site cleaner and safer to use.

Platform Updates: Platform Policy Checklist, App Request Notifications Lead to Apps, HTTPS for Page Tabs, Hack Europe

Facebook’s latest updates to the Developers Blog announced a new policy checklist for app developers, that users are now directed straight to an app when they click through notifications from app requests, the need for developers to fill in their HTTPS URL for their iframe apps, several Facebook-hosted events for developers in Europe, and a few other FQL changes and functionality additions.

Platform Policies Checklist

Developers curious as to whether their apps violate any of Facebook’s terms of service or Platform policies can now refer to the Platform Policy Checklist. Available as a .PDF in several languages for review before an app’s launch, the list includes privacy, data, content, social channel, branding, and functionality guidelines in easy-to-understand terms. Some of the policies that are more frequently violated, such as rewarding users for inviting or sharing with friends, allowing users to publish more than one news feed story per day, or using data about users in ads are all clearly prohibited.

The Checklist will help reduce support and developers forum inquiries by answering some frequently asked questions. The document also will make it difficult for developers to claim that they didn’t know that their app violated Facebook’s terms or exploited users, and will therefore make policy enforcement more straightforward.

One policy that has been hazy before –the prohibition of “concepts or features that undermine the Facebook product” — includes examples such as “don’t encourage users to tag anything other than real people” and  ”don’t notify users of friend remove”. This could be referenced in the future as a reason for Facebook banning certain apps that don’t necessarily violate another specific policy. Developers should by happy to have this resource, as reviewing it during conceptual planning for an app could save them a lot of time and money that might be wasted creating an app that gets disabled soon after launch.

App Request Notifications Lead to Apps

Last month, Facebook introduced Requests 2.0, a system that allowed for user-generated and app-generated requests to be sent that trigger notifications for the recipient. Previously, these notifications led to the Games Dashboard or Applications Dashboard where users could manage their requests, but they weren’t leading to reengagement as they were designed. To increase the reengagement spurred by these requests, users are now brought directly to a canvas app when they click the notification generated by an app’s request.

The change makes requests a much more valuable viral channel to developers, and should boost MAU numbers since it pushes users to manage requests from within apps, not the dashboards.

HTTPS URLs for Page Tab Apps

In January, Facebook launched the option for users to browse the site over HTTPS for increased security. It also added a Secure Canvas URL field that developers needed to fill out to allow their apps to be browsed through HTTPS, otherwise Facebook would show users a confirmation screen to inform them they’d have to browse over standard HTTP.

In February, Facebook began allowing Pages to display iframe apps, but if users had HTTPS enabled, iframe Page tab apps would be blank when loaded and would not appear in a Page’s navigation menu. A bug report was filed on March 16th and it received a number of up-votes from developers.

On March 17th, Facebook introduced a new field in the developer app called “Secure Tab URL” to the Facebook Integration section of the Developer app. Developers must fill in this field, or users won’t be able to see or access their app in Page tab form.

Supressing Auto-Generated Photo Stories

Facebook app developers can now suppress the auto-generated stories that appear on a user’s profile when they upload a photo through the app. This wayif a developer wants to publish a story about the photo, perhaps after a user has edited it through the app, there won’t be two similar stories stacked on a user’s wall. This will lead more users to click through the app’s version of the photo instead of being split between the two, exposing more users to a link back to the app. Developers simply add the no_story=1 parameter to the POST to suppress the story and prevent redundancy.

Affiliations Year and Status to be Deprecated

Facebook users could previously list a year and status as part of a network affiliation. Since the network could be a school, which has its own year and status fields under education history, users could enter conflicting data into the two instances of the year and status fields. To resolve this, Facebook will strip the year and status fields from the affiliation column of the user FQL table on April 18th because affiliations ”was less up to date and had worse coverage” than the education fields.

Facebook Developers Events in Europe

Several Facebook-hosted events will occur in Europe this month, allowing independent developers and startups in the region to build apps, meet peers and venture capitalists, discuss the Platform, and learn about technical updates from Facebook’s team.

HACK Berlin on March 25th will include panels and a judged hackathon. Facebook Developer Garage Paris on March 29th will include a mixer and an introduction to Julien Codorniou, Facebook’s new Head of Platform Partnerships for France and Benelux. Startup Day London on March 31st will allow Facebook team members, VCs, and employees of socially-focused startups to get to know each other.

Get the latest news in your inbox
interested in advertising with inside facebook?

Social Media Jobs
of the Day

Social Media Manager

Social Media Manager
Santa Monica, CA

Social Media Manager

Honest Tea, Inc.
Bethesda, MD

Product Manager - Community Platform

Maker Media
San Francisco, CA

Featured Company

Join leading companies like this one and recruit from the nation's top media job seekers on the Mediabistro Job Board. Every job post comes with our satisfaction guarantee. Learn More

Our Sponsors

Mediabistro A division of Prometheus Global Media home | site map | advertising/sponsorships | careers | contact us | help courses | browse jobs | freelancers | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us