What Sites See When You Login With Facebook

I’ve been working on a lot of web apps with social networking authentications lately and it has been interesting to see what developers can see when you login via Facebook (as well as other social networks). Below is an example of what a site has access to when you login via Facebook. The below example is a request for “basic information” and “email”. When you login, Facebook will tell you what the site is requesting access for. You can think of the array below as the minimum amount of data you normally give them access to. In reality, most apps request access to more data than this including your wall posts, contacts, likes, etc.

For my profile, requesting access to “read_feed” resulted in an array 2,054 lines of data containing gps coordinates of all my check-ins, photos I’ve been tagged in, and everything someone has said on my wall in the last 6 months as well as the full name and facebook ids of my friends who posted on my wall.

To give you a visual perspective, here is an extremely zoomed out screenshot of the data returned with just feed permissions.

Below is an array of the “basic information” you give sites when you login with your facebook account:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
Array
(
    [FB] = Array
        (
            [Me] = Array
                (
                    [id] = 15601718
                    [name] = Jodi Wilkinson
                    [first_name] = Jodi
                    [last_name] = Wilkinson
                    [link] = http://www.facebook.com/jowilki
                    [username] = jowilki
                    [hometown] = Array
                        (
                            [id] = 123456789101112
                            [name] = Southern, Virginia
                        )

                    [location] = Array
                        (
                            [id] = 123456789101112
                            [name] = Reston, Virginia
                        )

                    [work] = Array
                        (
                            [0] = Array
                                (
                                    [employer] = Array
                                        (
                                            [id] = 123456789101112
                                            [name] = KZO Innovations
                                        )

                                    [location] = Array
                                        (
                                            [id] = 123456789101112
                                            [name] = Reston, Virginia
                                        )

                                    [position] = Array
                                        (
                                            [id] = 123456789101112
                                            [name] = Co-founder, VP of Products
                                        )

                                    [start_date] = 2007-03
                                )

                        )

                    [education] = Array
                        (
                            [0] = Array
                                (
                                    [school] = Array
                                        (
                                            [id] = 123456789101112
                                            [name] = Degrassi High
                                        )

                                    [year] = Array
                                        (
                                            [id] = 123456789101112
                                            [name] = XXXX
                                        )

                                    [type] = High School
                                )

                            [1] = Array
                                (
                                    [school] = Array
                                        (
                                            [id] = 123456789
                                            [name] = Example University
                                        )

                                    [year] = Array
                                        (
                                            [id] = 1234567891123145
                                            [name] = XXXX
                                        )

                                    [concentration] = Array
                                        (
                                            [0] = Array
                                                (
                                                    [id] = 1234567891123145
                                                    [name] = Information Technology
                                                )

                                        )

                                    [type] = College
                                )

                        )

                    [gender] = female
                    [email] = email@example.com
                    [timezone] = -4
                    [locale] = en_US
                    [verified] = 1
                    [updated_time] = 2012-04-18T00:14:05+0000
                )

        )
)

See Graph API Reference and click on each link to see more examples of data that is available. Most people are generally aware that they are sharing all this data online, but it’s nice to visualize it in this format and decide if you want to share it with third party sites.

Logging in via Twitter, for example, is generally a better option because it does not provide websites or developers access to your email address. It also has less personal information for the most part. Twitter discloses your “display name” which can be a pseudonym and doesn’t require your real first name or last name.

Comments