An excerpt from Paul Fenwick’s Dark Stalking on Facebook:

For a while I’ve been using Facebook’s API and Facebook Query Language (FQL) via Perl’s WWW::Facebook::API module to run fairly innocent queries on my friends. If I visit a town, I’d like a reminder of who lives there. If I want to go rock-climbing, it helps if I can easily search to see which of my friends share that hobby. This is good, innocent stuff, and makes me glad to be a developer.

Last week I decided to play with event searches. If a large number of my friends are attending an event, there’s a good chance I’ll find it interesting, and I’d like to know about it. FQL makes this sort of thing really easy; in fact, finding all your friends’ events is on their Sample FQL Queries page.

Using the example provided by Facebook, I dropped the query into my sandbox, and looked at the results which came back. The results were disturbing. I didn’t just get back future events my friends were attending. I got everything they had been invited to: past and present, attending or not.

I didn’t sleep well that night. I didn’t expect Facebook to share past event info. I didn’t expect it to share info when people had declined those events. I haven’t found any way of retrieving friends’ past events using Facebook’s website, but using FQL made it easy. Somehow, implicitly, I thought old events would fade away, only viewable to those who already knew about them. I didn’t expect them to stick around for my code to harvest, potentially years into the future.

Finding my friends’ old events crossed a moral boundary I honestly didn’t expect to encounter. Without intending, I really felt like I was snooping. It didn’t matter that these friends had agreed to share this information under the Facebook terms and conditions. I would personally feel uncomfortable with this much information being so readily available, and assume my friends would feel the same.

However my accidental crossing of moral boundaries wasn’t the only thing that kept me awake last night. I was also kept awake by wondering just how much information could I tease out of the Facebook API. What could I discover? What if I were evil?

Read the rest of this great article onĀ  PJF’s Pages – Journal – Dark Stalking on Facebook.