Oh, great. Facehook has a brand new API, obsoleting the one I wrote StreamFeed for. I'm glad I learned about this before I got too deep into writing a new write layer on top of StreamFeed. *sigh* I really hope they don't change their API as often as they change their privacy policy.

Don't get me wrong - I like the new API. it's cleaner, slicker, and far better documented. It implements OAuth, a standard authentication protocol, instead of the proprietary Facebook Connect.

http://developers.facebook.com/docs/api

I have more things I want to do with Facehook's API.

The thing about Facebook that overwhelms every objection is but this: Everybody uses it. I can scream about rent-seeking, despotic, greedy corporations all I want, but the problem is really all of my Facehook friends, who either can't or won't use anything that is more respectful of privacy or autonomy. Sorry guys, but you're the asshole. Of course, everyone else can just pass the buck endlessly in circles through the bulk of their own network, and nothing ever gets better.

Now that I have StreamFeed pretty stable (though not, alas, 'finished', as you might expect), I'm somewhat embarrassed to admit that I still have not actually been using it myself. The problem is that, although it's nice to get my data out, every time I want to contribute a comment //in//, I end up going to the website, so I might as well just go there in the first place.

I've started to look for an open Facebook frontend, one that yanks down and stores everything through the API. I know there are desktop apps that do this - even some that aggregate info from multiple social networking sites - but they're closed profit plays that don't run on Ubuntu. There's not much point to using a proprietary desktop app to overcome the limitations of a closed web site. You have to trust unaccountable for-profit rent-seekers. Screw that.

So what I need to really get my experience away from Facebook while still connecting through it, is to master the rest of the API in my own application. If I could fire off comments immediately from the RSS feed list, there would rarely be a reason to go to the website itself. But as I think about it, this would necessitate a personal database mirror of all the Facebook data I can access through the API, updated in something close to real time. In attempting to solve a use case, the problem just keeps getting bigger.

(Hm. instead of RSS2Email, would Facebook > Google Wave work well?)

And here, I pause, and I wonder exactly what I'm doing. I'm succumbing to the temptation to build ANOTHER app for a closed platform. I'm adding value to a privacy-invading rent-seeker I despise, //in the name of overcoming the obstacles it created deliberately//.

I'm coming down with Stockholm Syndrome. Fuck you, Facebook. Fuck you.

So I'm participating in a discussion thread on Facebook about what "Web 2.0" means. I typed in a comment about how web services are free-as-in-beer:

Well, not quite. You don't actually charge them cash. Note the absurdity of the elevator pitch: "It's like Twitter, only we charge people to use it."

Instead, you commodify users into their attentions, and sell that to advertisers. Yes, that involves obstructing users from one another.

The moment I hit the submit button, I could not have asked for a better example of exactly the phenomenon I was discussing. A window pops up:

Warning: This Message Contains Blocked Content
Some content in this message has been reported as abusive by Facebook users.

Wow, Facehook. You know exactly when and how hard to suck.

Facebook is like Magic: The Gathering.

I started playing the collectible trading-card game not long after Wizards of the Coast invented (popularized?) the genre. Over the years, I settled into a cycle: I'd start buying and collecting cards, I'd play, I'd get bored, I'd get rid of my cards. Months, or years later, I'd feel like playing again, and curse the fact that I got rid of all my old cards. Lather, rinse, repeat.

This last time, in 2008, I made two changes: first, I refused to buy more cards. I made due with gifts. I didn't build any real winner of a deck, but I did okay for a while. Sure enough, I lost interest. This lead to my second change: I kept my cards. They are faithfully gathering dust in a box below my desk. I expect that I will never play again, if for no other reason than to feed the irony of never returning to a game I have cards for after several cycles of "damn, I wish I had kept my MTG cards!"

I'm mulling over deactivating my Facebook account for the second time, and I suspect that the situation is similar. I don't think I'm going to actually deactivate it, but I will probably start paying less attention to my stream. I've already removed the stream from my newsreader, and accepted it as ephemeral. I'm still culling my friends lists, not accepting many new invites, suggestions, friend requests... and the like. I still want the stream available, occasionally, but, really, it's a horrible medium for the kinds of interactions I'd really prefer.

I know I'm going to regret, however mildly, deactivating it and cutting ties, but there's no real reason to kill it entirely. It's fine as background radiation.

What the hell good is being in a Facehook group if the group's activity doesn't appear in your activity stream?

It seems Facebook can't even go for a week without losing data.

These guys are seriously on the suckwagon.

I already discontinued my Streamfeed because, well, it's not like I have a heavy need to archive the Facebook equivalent of my LJ friends list. I am, however, using Streamfeed's HTML format to read my stream, even though it's DIFFERENT from the feeds/streams that Facebook publishes, and includes bullshit from Mafia Wars and Farmville that I never signed up for.

Maybe I'll delete my account again...

... and before I can post, the comments on the thread that set me off are back. Am I being overly impatient? Or is uptime really too much to ask a centralized service provider?

If Facebook were a Facebook user, you'd unfriend them.

Now that I've had more time to take in Facebook, I'm not real impressed with it.

It seems like it's broken too often, unreliable, and flaky. I'm not real happy with how Facebook decides what's worthy of your attention, and suggests stuff to poke you into generating activity data for them to exploit. Like they do when they insensitively suggest you interact with people who've died. Tacky. If Facebook was a Facebook user, you'd unfriend them.

The news feeds are sorted and filtered in sporadic, incomprehensible ways; I don't get why I have two feeds on the site that are as different from each other as from the data I get through the Open Stream API.

At least I have all my data. Facebook is a pipe network, not a storage medium.

So, yeah. After I clicked on a link in my HTML StreamFeed page to the wordpress blog of a friend of mine, he clicks on the referer string that appears in his logs, and gains access to private content before he even knows he's 'hacked' my Facebook account.

Now, granted, StreamFeed is a read-only application that neither requests nor requires any write permissions to your Facebook account - so the danger was limited. It's still unacceptable, from a privacy perspective.

So, it's back to HTTP authentication we go. It's just way too easy to circumvent otherwise.

If you've been using StreamFeed, please be sure to update your feed URLs from the current version. Old ones will be deprecated in the future.

From here on, HTTP authentication support is going to be required of newsreaders using StreamFeed URLs. I did have one newsreader I tested choke on the long username and password fields in previous URL formats. I have remedied that by posting most of the long string as a get parameter, and only a short but critical piece of it in the password credential. Without both, the feed URL won't work, but the password will be handled by applications with appropriate care needed to safeguard users' privacy.

I have been getting quite a few reports of trouble from people who have been trying to use StreamFeed URLs with HTTP authentication (the default) in various newsreaders.

I have hesitated to dispense StreamFeed URLs that put the Facebook session key and session secret in the query string, because I know how URLs end up in server logs, referrer strings, etc. But I managed to figure out a way to tighten up the data at least enough that I think it will be alright to ditch HTTP authentication at least as the default URL.

From now on, instead of putting the session key and session secret into the username and password section of the URL, they will be encrypted with the StreamFeed script's app secret, and tacked on as a query string parameter. This way, anyone who gets a hold of the URL will still be able to see your feed, but at least they won't be able to hijack the session key and secret. StreamFeed operates strictly with read-only permissions, so there is no danger of anyone ever getting write access to your Facebook account.

Furthermore, no one will be able to read your StreamFeed with their own Facebook app once they have your URL; the URL is only usable on the StramFeed instance that created it.

Previous StreamFeed URLs should still work for the time being, but may be deprecated in the future.

I'm kind of digging Facebook. I've already adjusted to posting short one-line "zingers" on LJ. I've already observed that they'd make perfect Twitter tweets. But I didn't realize until recently that Facebook prefers - neigh, insists - on the exact same, tiny, anemic, "don't take my time" excuse for social communications. It's a straightjacket when you actually want some substantive cyber-space to actually spend some quality time with people online - but that's what blogs (such as LJ) are for.

They're not just different sites with different sets of contacts - they're different media altogether. The difference between LJ and Facebook and Twitter are more like the difference between postal letters, phones, and email.

Pardon me if I'm late to this party. I realize there's sure to be lots of eyerolling and exclamations of "well duh!" going on right about now. I'm slow. It's just the way I like to do things.

I suppose I will need to try Twitter next. I mean, if the point is to have that extra outlet to reach people with, and it HAS to be crammed into a tiny space, I might as well cut the crap (meaning, Facebook's endless extra money-making distraction and cruft) and go to the site that STARTED as nothing but communication that was 100% portable (RSS, SMS, etc) to begin with.

But, of course, the value of a social network isn't just its portablity or feature set - it's your contact list. By that measure, I'm pretty sure I won't be leaving Facebook, now that it's output is portable. Nonetheless, some perspective is developing.