Blog Post

Get your hands off that contact info, says Facebook

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

The battle over who controls the information in your social graph — and specifically, who controls the email addresses of your contacts — continues to ramp up. Just a week after shutting down a Chrome extension that let you pull that information out of Facebook, the social network has flipped the kill switch on another service from Open-Xchange that provided a similar export capability. Although the company says its service abided by all the terms of the Facebook public API, it has become the latest victim of Facebook’s ongoing attempts to maintain control over the contact info of its users.

The shutdown of Open-Xchange’s address-book-exporting service makes the issue even more obvious, since it’s a more straightforward offering than the Chrome extension developed by Mohamed Mansour. The programmer launched the extension last fall as a way of allowing users to move their contacts out of Facebook, after Google changed the terms of its API in order to highlight the social network’s refusal to allow users to export that data. But Mansour’s solution effectively just scraped the Facebook site — rather than using the approved API to access the data — and that’s expressly forbidden by the company, making it easier to justify the shutdown of the service.

Open-Xchange’s service, however, isn’t a scraper at all. It uses the social network’s approved API, and according to a press release from the company — which makes an open-source email server and collaboration system — it obeyed all the various restrictions that Facebook places on dealing with user data. According to an email from Facebook sent to the German company, however, the address book application was disabled because it allowed users to export email addresses of their contacts without the approval of each of those users. The Facebook email said:

You cannot use a user’s friend list outside of your application, even if a user consents to such use, but you can use connections between users who have both connected to your application.

In other words, in order to behave the way that Open-Xchange intended — by allowing users to import and consolidate their address books from different services and social networks — the German company’s service would have to require that everyone in a user’s Facebook contact list also join the service and authorize the export of that information. In the company’s news release, Open-Xchange CEO Rafael Laguna railed against Facebook’s control over a user’s data, saying:

If you want to see what a future looks like where a single company controls YOUR personal data for its own profit, this is a glimpse. Clearly, Facebook management does not want you to have the ability to take your personal information outside their walls to, say, Google+ and will do everything in their power to stop you, including violating their own terms and conditions.

We’ve reached out to Facebook for a comment and will update this post if we get one, but what the social network’s behavior in this case — and the case of the Chrome extension — makes clear is that the company believes it needs the approval of each user before it allows anyone to export their email addresses. As we noted in our post about the Chrome extension, Facebook executives have repeatedly said that they believe each user owns their email and other contact information, and that while it might be okay for email programs such as Gmail to allow export of those addresses, Facebook doesn’t believe that it should do this — and some supporters, including media analyst and author Jeff Jarvis, agree that they should not provide this info for privacy-related reasons.

What Facebook still hasn’t explained, however, is that users can easily export all of the email addresses and other information from their contacts by using a Yahoo (s yhoo) email account. In fact, the Yahoo importer allows you to use Facebook Connect, so the whole process takes about three clicks. And iPhone (s aapl) users can also import and sync all of the Facebook data for their contacts, creating a single unified address book — in other words, exactly the same thing that Open-Xchange was trying to provide. Why are these other methods allowed when the Germany company’s export feature is blocked? That isn’t clear.

What is clear is that Facebook sees that contact information as a crucial resource that it needs to maintain control over, either because it doesn’t want to give new networks such as Google+ a leg up in gaining new users, or because it foresees some kind of privacy backlash if it allows widespread export of users’ email addresses. But Google — which has launched a full-fledged data export tool called Google Takeout, the product of an internal team called the Data Liberation Front — is unlikely to give up the fight.

Which raises the question: Do you mind if a user that you are connected to through Facebook exports your email address to use in another service such as Google+? Let us know in the comments.

Post and thumbnail photos courtesy of Flickr user Rupert Ganzer

22 Responses to “Get your hands off that contact info, says Facebook”

  1. Anonymous

    You know, the Google Contact/Circles data export doesn’t contain email addresses either if you add someone on Google+. It just contains their Google+ profile url. This is the same as the Facebook data export. What’s the big deal?

  2. beenyweenies

    Yeah, this one’s a no-brainer. We all know that Facebook doesn’t care about our privacy. After all, “the age of privacy is over” according to the CEO.

    This weak and very public freakout shows just how terrified they are of Google+. Unfortunately for them, I have a feeling this will drive MORE people to Google+. Some out of spite for Facebook greedily clinging to their data, and some who are just curious to see what’s got Facebook so worried.

  3. So explain to me this, you got to Facebook in the first place and found your first few friends by using Facebook’s “Friend Finder” tool, and it did what? Took your email addresses from your webmail account, with your permission and invited these friends to join Facebook. This tool is still readily available to this day to add new friends to your Facebook profile. Yet, it’s wrong to share the addresses you’ve acquired in Facebook when you explicitly gave each of these people permission to access your profile and personal information. In fact, if I wanted to, I could go through each of my friend’s profiles (all 1300+ of them) and pull each of their addresses myself and still never tell a soul. Applications have just designed this process to be easier and more efficient, JUST LIKE FACEBOOK DID IN THE FIRST PLACE. How is this wrong? Hypocrites.

  4. Andrea

    This is where FB loses credibility: if I select to use an app, I get a message saying they can access all kinds of info, which “Includes name, profile picture, gender, networks, user ID, list of friends, and any other information I’ve shared with everyone.”

    So, I have a bigger problem with a friend of mine liking some silly game and now that game company has my name (and who-else-knows-what) without my consent because a friend opted in. Why do they even need to know I exist? Because they can profile and send me ads to make money? I have a bigger problem of being sucked into that – against my will – than I do someone I already have a relationship with having my email. Control and profit, indeed.

    • Hear, hear. I’m far more concerned about my friends who have zero discretion in their online game play or apps, and how those third-party companies I’VE NEVER CONNECTED WITH OR WANT TO CONNECT WITH now have information about me.

      I’d love to see an opt-out of that type of absurd data-sharing. It’s like *you* getting an STD because your best friend wasn’t careful about who *she* slept with. No, thanks.

  5. Surely, if I have shared my email address with someone and its stored in FB, by not allowing it to be transferred is actually harming me rather than protecting me. I suggest that we all email FB support and instruct them to allow all people who have my email details the export facility. They will soon ‘open up’ their restriction ;-)

  6. It is sites such as this Facebook – as well as allowing email addresses to be shared easily – that allow tagged, shoppybag and zedo to spam us. If I WANT you to have my email address, I will provide it. I already get too many emails containing hundreds of addresses that spammers would love to receive. People forward everything.

  7. paul martin

    To be fair to Facebook the latest on the big story in the UK – phone hacking where journalists have accessed people’s mobile phone voice mail boxes – took a strange turn this morning. Journalists were accused of bribing Royal Protection Police Officers to get hold of contact details of those they were assigned to look after.

  8. Eric Blair

    If you don’t like FB then deactivate it with a protest note. If enough people do so, FB will get the message. However, slavery is freedom so I doubt most failbookers will do anything at all. Which is doubleplusgood.

  9. This happens with email addresses on every other export/import so people are used to it. Once I give you my address (email or otherwise), I can’t control where you store it. My only issue is if you start posting it somewhere or signing me up for stuff, or otherwise use it in ways that would make me want to shoot you in the head with a silencer through my coat as I passed you in the park while walking my dog (who I was clearly busy with and could never be the assailant).

  10. Do I mind?? If you Google my name, my blog (and evidently now my Google Profile with G+) show up on the first page. Which has one of my emails. Going with my user handle, you get a whole bunch of sites with most of them being me.

    So I really could care less.

    This is NOT about user privacy. It’s purely about control.

  11. ” Why are these other methods allowed when the Germany company’s export feature is blocked? That isn’t clear.”

    Yes it is. Yahoo!, Microsoft, and the other companies that are allowed access to Facebook’s data give Facebook money.

    Was this developer giving Facebook money? No.

  12. “while it might be okay for email programs such as Gmail to allow export of those addresses, Facebook doesn’t believe that it should do this”
    And yet facebook wants us to use our FB messages with email addresses as our primary messaging resource. [head explodes!]

  13. If I share my email address with someone on Facebook, then I don’t mind if they take that address out of Facebook and import it into some other application, like Google+ or gmail contacts or whatever.

    If Facebook is so concerned about “protecting user data and privacy” (*yeah right* ), then they could make an opt-*in* privacy control setting that allows your Facebook friends to go ahead and export your email address.

  14. Tobias Schwarz

    The contact export also works nicely with other email providers than yahoo. It works nicely with Windows Phone 7. Maybe this kind of behaviour is the beginning of the facebook management mistakes G+ needs to make people outside of the tech circuit join…

  15. While I’m not a FB user, it’s really not up to me how somebody (whom I’ve given my contact info to) stores that information. They might use a thunderbird or outlook address book, or store it on their phone, or write it down in a paper address book. It’s not up to FB or anybody else to dictate how anyone stores their personal list of contacts, so this is just a pathetic attempt by FB trying to lock a user in, and it won’t work.

    Is there an over/under line for FB turning into MySpace or AOL?

  16. “Which raises the question: Do you mind if a user that you are connected to through Facebook exports your email address to use in another service such as Google+? Let us know in the comments.”

    No. If I’ve shared my email address with someone I assume they might grab it and pop it into their address book so that they can email me in Gmail or whatever. I have no issue with them adding that to Google+ etc as long as they don’t share it with others. Facebook couldn’t care less about protecting user privacy here – this is purely a strategic play.

      • It seems to me that if Facebook’s concerns were truly altruistic and related to it’s users privacy (I know… that sounds like an oxymoronic joke), then a simple tick box in MY privacy settings permitting such usage and set to ‘Opt Out’ as the default would surely be a pretty reasonable solution! Is it just me or does one get the image of a big fat kid with his pockets bulging and chocolate all round his mouth stating categorically he didn’t steal the cake?