privacy api policy – Naked on Pluto http://pluto.kuri.mu “ Share your way to a better world ” Mon, 23 Sep 2013 09:34:19 +0000 en-US hourly 1 https://wordpress.org/?v=4.5.2 Plutonian clothing strategy http://pluto.kuri.mu/2010/06/15/plutonian-clothing-strategy/ http://pluto.kuri.mu/2010/06/15/plutonian-clothing-strategy/#comments Tue, 15 Jun 2010 12:22:49 +0000 http://pluto.kuri.mu/?p=110 How naked do we want to be on pluto? This is a big question for us planning this game. We wish to explore notions of privacy in a socially networked world, but at the same time we risk hypocrisy if we fail to honor our players with anything more than complete transparency concerning what we are doing with their data.

While privacy and facebook has been a hot topic of debate recently, I’m unclear how much as been discussed about the rights given to facebook applications when you agree to give them access to your data. Depending on your settings, it can use your session id to do anything you can do – access your friend’s data or post on your wall (as most games like to do for advertising).

From my initial reading, the facebook privacy policy is fairly clear and well written concerning your responsibilities as an application developer. Firstly there is a distinction based on where the data comes from:

Data given to your application by the user

Any data entered into your application directly can be stored and used by you in any way. This seems sensible, as it should be covered by your own privacy policy with your users – it’s nothing to do with facebook according to the Understanding User Data and Privacy rules:

Because you have collected this data independently, you may use this data however you see fit. For example, you may transfer independent data, along with the associated Facebook User ID to any of your trusted partners. You may not include any information accessed from the Facebook API in this transfer however.

Note “your trusted partners” part – the assumption is that most social networking apps will be funded at least in part by marketing dollars. Not this one, in case you were curious.

Data from the facebook API

There seem to be 3 levels of privacy concerning your data accessed through the facebook API, the policy talks about “using data from any other purpose than displaying it back to the user”, which I take to mean sending it to other users, “trusted partners” or anyone else other than you, this is from the developer policy documentation:

Users give you their basic account information when they connect with your application. For all other data, you must obtain explicit consent from the user who provided the data to us before using it for any purpose other than displaying it back to the user on your application. A user’s friends’ data can only be used in the context of the user’s experience on your application.

Basic account information means your name and graph ID number, depending on your privacy settings and how much info you gave it of course. This is my basic info, direct from the facebook graph API: https://graph.facebook.com/100000480510823

The rest of your information (such as your friends list) can only be used with your permission – and there is quite a lot of effort made in preventing apps tricking users into giving permission, with misleading buttons or making it a requirement it in some way for a game or an application.

Your friend’s information is regarded as completely private – apps can access it and show it back to you in any way, but not give it to anyone else – even with your permission.

I’m used to these sorts of rules when working on console games there are similarly strict guidelines, but the crucial difference with facebook (and presumably other social networks) is that I am unclear as to whether anyone is actually responsible for auditing applications other than the people developing them.

]]>
http://pluto.kuri.mu/2010/06/15/plutonian-clothing-strategy/feed/ 2