By Konstantinos Papamiltiadis, Director of Developer Platforms and Programs
Today, we’re facing questions about whether Facebook gave large tech companies access to people’s information and, if so, why we did this.
To put it simply, this work was about helping people do two things. First, people could access their Facebook accounts or specific Facebook features on devices and platforms built by other companies like Apple, Amazon, Blackberry and Yahoo. These are known as integration partners. Second, people could have more social experiences – like seeing recommendations from their Facebook friends – on other popular apps and websites, like Netflix, The New York Times, Pandora and Spotify.
To be clear: none of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the FTC.
How did people use these features?
People used these features in many different ways, including through:
We’ve been public about these features and partnerships over the years because we wanted people to actually use them – and many people did. They were discussed, reviewed, and scrutinized by a wide variety of journalists and privacy advocates.
But most of these features are now gone. We shut down instant personalization, which powered Bing’s features, in 2014 and we wound down our partnerships with device and platform companies months ago, following an announcement in April. Still, we recognize that we’ve needed tighter management over how partners and developers can access information using our APIs. We’re already in the process of reviewing all our APIs and the partners who can access them.
Who are these integration partners and why did Facebook work with them?
People want to use Facebook features on a variety of devices and products, many of which we don’t support ourselves. This was particularly true early in our history, before Android and iOS became the predominant ways people use the internet on their phones. Text-only and feature phones were widely popular. Across the industry, companies like Facebook partnered with other companies to build integrations. Take the Blackberry Hub app as an example. People using Blackberry devices could log into Facebook using this feature, allowing them to see the same Facebook News Feed they would see if they logged in from a desktop computer. The data we provided allowed the person to access their own account on Blackberry. Blackberry couldn’t use any of the information for its own purposes.
Facebook has had similar integration partnerships over the years with Amazon, Apple, Microsoft, Yahoo and other companies, which were overseen by our partnerships and product teams. These partners built many kinds of integrations, including mobile versions of Facebook and social feed hubs, which aggregated feeds from Facebook and other companies. We’ve shut down nearly all of these partnerships over the past several months, except with Amazon and Apple, which people continue to find useful and which are covered by active contracts; Tobii, an integration that enables people with ALS to access Facebook; and browser notifications for people who use Alibaba, Mozilla and Opera.
Does this mean these companies got access to my Facebook information if I didn’t authorize it?
Our integration partners had to get authorization from people. You would have had to sign in with your Facebook account to use the integration offered by Apple, Amazon or another integration partner.
What was instant personalization and how did it work?
Instant personalization is a product we offered with select partners from 2010 to 2014 that involved public information on Facebook, and it’s different from the types of partnerships we’ve described above. With instant personalization, people could link their Facebook account with other services like Rotten Tomatoes or Yelp to see public information their friends shared. When searching on Bing for articles about an upcoming trip to Europe, you could get results based on what your friends had shared publicly. People could turn off instant personalization at any time.
Did partners get access to messages?
Yes. But people had to explicitly sign in to Facebook first to use a partner’s messaging feature. Take Spotify for example. After signing in to your Facebook account in Spotify’s desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person’s messages in order to power this type of feature.
Why did some partners have access to data as late as 2017, even after instant personalization was shut down?
Instant personalization only involved public information, and we have no evidence that data was used or misused after the program was shut down. However, we shouldn’t have left the APIs in place after we shut down instant personalization. We’ve taken a number of steps this year to limit developers’ access to people’s Facebook information, and as part of that ongoing effort, we’re in the midst of reviewing all our APIs and the partners who can access them. This is important work that builds on our existing systems that track APIs and control who can access to them.