Assumption of anonymity/privacy. That's the ballgame.
Here's a model:
Friend A is a swinger. She's private about it, her facebook profile is hidden from searches, public, etc. She posts as attending a swinging event.
Friend A is connected to Friend B, another swinger (but semi public about it), someone she's met, trusts, etc.
Friend B sees Friend A's swinger party in his events-feed, and signs up to go to it too. Friend A 'likes' this. But that's OK, because Friend A trusts Friend B to know this information.
Here's where it breaks down:
Friend B is connected to Friend C, an ad-hoc internet friendship without the same level of trust between A and B (to hammer home the point).
What the poster of the article is saying, is that now Friend C can inspect Friend B's feeds and see what activity is going on by B's friends. So it's possible to determine that Friend A is interested in this lifestyle and what her name is.
Friend A expected her activities would be private and, through the website, it appears they are. But the API is permitting inspection that is not obvious and exposes information that would seemingly be private.
Yes, don't post stuff you don't want public (it's a good rule of thumb) but this is going a bit further than that and breaking the barrier of expected/perceived privacy and reality. That's not good.
When Friend A 'liked' an event on Facebook that arbitrary other people in (or even out) of her friend graph could also 'like', Friend A did something dumb no matter what Facebook does.
I wouldn't be arguing if Facebook betrayed A's private details to an anonymous search. But when you declare interests to Facebook, you concede your privacy.
You're suggesting a write implies a read too. I don't know I agree with that- just because i 'liked' something doesn't imply I get to know who else did.
The way I see it is that A's private details include her activities on the site (she's got her priv settings way high....) so presenting that information to people she's not connected with seems analogous to presenting it to anonymous users.
Here's a model:
Friend A is a swinger. She's private about it, her facebook profile is hidden from searches, public, etc. She posts as attending a swinging event.
Friend A is connected to Friend B, another swinger (but semi public about it), someone she's met, trusts, etc.
Friend B sees Friend A's swinger party in his events-feed, and signs up to go to it too. Friend A 'likes' this. But that's OK, because Friend A trusts Friend B to know this information.
Here's where it breaks down:
Friend B is connected to Friend C, an ad-hoc internet friendship without the same level of trust between A and B (to hammer home the point).
What the poster of the article is saying, is that now Friend C can inspect Friend B's feeds and see what activity is going on by B's friends. So it's possible to determine that Friend A is interested in this lifestyle and what her name is.
Friend A expected her activities would be private and, through the website, it appears they are. But the API is permitting inspection that is not obvious and exposes information that would seemingly be private.
Yes, don't post stuff you don't want public (it's a good rule of thumb) but this is going a bit further than that and breaking the barrier of expected/perceived privacy and reality. That's not good.