During the 2010 f8 conference, Facebook announced that it would be launching a new set of data permissions as part of the new Graph API. The permissions themselves, while they provide more granular coverage of the data available via Facebook, aren't really that interesting - the interesting part of the new data permissions are what Facebook grants to clients in terms of license to use and store the data.

User Experience

The user experience has changed as part of launching the new data permissions. Using the old permissions required a user to click through a number of authorization dialogs, one for each permission required. This series of dialogs sometimes caused confusion for users, depressed conversion, and sometimes left developers with an incomplete permission set as users began authorizing the app but quit when they felt they were giving too much away.

Figure 1 - Facebook previously required four popups to log in, allow offline access, and read/write access to the user's stream.		Figure 2 - With the new permissions dialog, all of the required permissions are displayed in a single authorization prompt.

Facebook's CTO Bret Taylor wrote in the Facebook Developer blog that this change increases conversions for applications by 28-41%. If only we could get that kind of conversion rate increase from flipping a switch on other websites.

Better Data Provisions

One of the most debilitating parts of a Facebook application, performance-wise, were the restrictions on data that prevented most Facebook data from being cached for more than 24 hours. As Facebook's Ethan Beard wrote in the Developer blog, we often had to write special code paths to handle Facebook data due to the 24 hour caching limit, or worse, we never actually stored the data at all, instead using FBML or XFBML to access it. Now with explicit consent, we can access the user's preferences and store it forever (as long as we provide a way for the user to opt-out). This opens a number of new possibilities - imagine a business like Amazon.com taking advantage of knowing a user's preferences. All of a sudden, they could start recommending books similar to Anthem or 1984, even though I've never bought those books on Amazon, because I listed them as part of my favorite books on Facebook.

On top of the new data retention policy, Facebook is actually going to start pushing data to application owners via a process they're calling Real Time Updates. Now, application developers don't even have to query the data - it gets pushed to us as users authorize our applications or as they change their profiles. This will hopefully speed up Facebook by not having numbers of redundant queries being made on behalf of applications, but it will also provide the opportunity for more interesting development tools to be included. I'm happy to say that real-time updates were important enough to me to include support for real-time updates for users as part of OpenGraph.NET, an open-source .NET Framework-based toolkit for developing for Facebook's Graph API.

Like It or Not

As of June 30, you can access these changes via the Developers application .

Figure 3 - The New Data Permissions setting is disabled by default for existing applications, but enabled by default for new applications.

I haven't seen in our applications that the new permissions are causing much trouble because of the way they're used, but as always, your mileage may vary, and it would be better to check it out now before they're forced on your app.