Tow Center
Published in

Tow Center

The Graph API: Key Points in the Facebook and Cambridge Analytica Debacle

That ain’t workin ‘, that’s the way you do it — data for nothin’ through the Graph API for free

People = Objects

Facebook’s Graph API is a developer, or app-level, interface that followed an earlier “REST” version of Facebook’s API. The introduction of the Graph API was heralded by Facebook as a revolutionary way to understand and access people’s social lives. Or, “We are Building A Web Where the Default Is [Sharing].”


Version 1.0 of the Graph API launched on April 21, 2010. It was deprecated in April 2014 and closed completely to legacy apps (ie, existing apps that used the API before April 2014) on April 30, 2015.
Facebook for Business: Say hello to Facebook’s Audience Network — a new way for advertisers to extend their campaigns beyond Facebook and into other mobile apps.

Main v1.0 Problem: Extended Permissions

What made the Facebook Graph API’s v1.0 highly problematic was its extended permissions. Apps could request a huge range of users’ friends info without much friction or communicating the reason(s) for providing consent.

Symeonidis, Tsormpatzoudi & Preneel (2017):

My Recommendation

The UK MP Damian Collins, the UK’s ICO office, the United States Senate and Congressional committees, and other important regulatory actors such as the Federal Trade Commission should require Facebook to immediately share with the public the “quizzes” used by Cambridge Analytica — with all the questions, any versions if relevant, and the entire list of v1.0 Graph API “friend permissions” used to effectively steal personal information from up to 50 million people.

Publicity Settings versus Privacy Settings

Facebook’s interface has been built around the false pretense of giving users control over what is shared. But the focus is on “posting,” or outward sharing; what we actively CHOOSE to share. In reality, Facebook users have the exact opposite ability to control what is passively shared ABOUT THEM — meaning the information and metadata others can extract.



The Tow Center for Digital Journalism at the Columbia Graduate School for Journalism

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jonathan Albright

Professor and researcher in news, journalism, and #hashtags. Award-nominated data journalist. Media, communication, and technology.