Facebook API

Dear Lazyweb, under what circumstances would a post that I can see in my Facebook stream not be available in the graph API?

I can't tolerate using the Facebook web site, so I convert it to an RSS feed so that it all shows up in my feed reader, but posts by certain people are being left out and I can't figure out why. E.g., for one of my friends, I can see their posts on other peoples' walls but none of their other posts. For their stuff, "https://graph.facebook.com/<friend_uid>_<post_id>?access_token=<token>" gives me false, but that same style of URL seems to work for lots of other people. These entries also don't show up under "https://graph.facebook.com/<friend_uid>/posts?access_token=<token>".

On the site the post has a URL like "https://www.facebook.com/<friend_name>/posts/<post_id>" and just says "N hours ago near Location" and the mouse-over says "Shared with: Firstname's friends" so I don't see what's weird about it.

WTF?

Tags: , , ,

22 Responses:

  1. Grant Paul says:

    If the user disables allowing applications to access their posts. It's a privacy feature: some people might not want applications seeing their posts, and so they can disable that.

    The actual control is the boxes inside "How people bring your info to apps they use" under "Ads, Apps and Websites" on this page: https://www.facebook.com/settings/?tab=privacy

    • jwz says:

      I thought you had to do that for each app individually, and there was no way to block them all? That's not what's going on here because I created a new app just to test that theory.

      • Grant Paul says:

        That's for your own apps, which you do control the preferences for individually. But some people didn't like that your friends (who you might want to share some information with) could then use shady apps that you don't like, and those apps could then grab your data (since your friends authorized them, and you let your friends see your data). So I think that was added in response to that, to allow people to share data with their friends but specifically not with applications their friends use.

        (Does that make any sense?)

        [Duplicate filter note: accidentally posted this not as a reply below, not sure how I can delete that one. Sorry.]

        • Grant Paul says:

          (Also, the reason you can see their posts on other people's walls is that those are governed by the person's own privacy settings for their timeline, rather than the person making the post.)

        • jwz says:

          I understand why someone would want that, I'm saying that I didn't think that facility existed. (As is so often true of Facebook.)

          So is there some way to auth to the graph as me instead of as "an app owned by me"? Because this is some bullshit.

          • Grant Paul says:

            I don't know how, if it is possible. If you want to spend more time on it, you might be able to grab tokens from one of Facebook's own native apps (here's some I grabbed from their iOS app a while back, status unknown: https://github.com/Xuzz/tweaks/blob/master/FaceForward/Facebook.xm#L53) and pretend to be that, since those are considered "you", rather than an app. No idea if they're compatible with what you'd need, though.

            (Related: people blocking apps is the main feature lacking from alternative native Facebook clients. They just can't see posts from users who don't share that data with their friends' apps.)

            • jwz says:

              Those are indeed interesting magic numbers, but I don't know how to convert them to the kind of access_token that is required by OAuth2 and the graph API.

            • jwz says:

              I think I've figured it out. Searching for "Facebook for iPhone" on Facebook reveals in the URL that the official app's "App ID / API Key" is 6628568379, and from there you can use the usual OAuth2 mechanism to generate an access_key -- except that this key has the magic bits set that bypass peoples' app security settings, and let you actually read your whole stream. Yay!

              • That'll work right up until a bright-eyed young engineer decides to rewrite the whole authentication engine, of course.

                • jwz says:

                  It's a weird situation to be in: I don't want to publicize their stupid bug, because if they fix it, my stupid shell script will stop working.

                  Eh, it's not like it's the biggest of their privacy exposures anyway.

                  One thing I have learned from this is that only a tiny number of my FB friends had turned on that preference, since it took me so long to notice that there was even a problem.

                  • Ronald Pottol says:

                    I have the shoot all apps in the head flag set, I can play no games, etc. So if you were to follow my (why, I never post?), you would hit this.

          • Otto says:

            I'm not 100% sure that this is the case, but you can control what other apps your friends use can see about you. Visit https://www.facebook.com/settings/?tab=privacy and click through to the "Ads, Apps and Websites" section, then look at "How people bring your info to apps they use". Certain settings here may be blocking your Apps ability to see other people's posts.

  2. Mr. Ignition says:

    One thing I learned while attempting to replace facebook.com with the Graph API is that I miss out on lots of things - posts, pictures, etc. just because of how people tweak their privacy settings.

  3. Ben Bennett says:

    Ever since the timeline-pocalypse my RSS feeds have been unable to link directly to posts. Instead I get dumped at the top of that person's timeline. Have you managed to create links that take you to the right post? Stupid Facebook.

    However, Google Plus loses more because it has no freaking APIs to let me get my feed out. There are APIs to stalk a pserson's public posts, but that's not really useful. (And yes, I know that software exists to scrape the HTML to turn it into an RSS feed).

    • jwz says:

      My first attempt at all this involved scraping Facebook's HTML, but that's fantastically difficult because it's all buried in 30 layers of Javascript and AJAX. If you know of something that scrapes Facebook's HTML effectively I'd love to hear about it.

      • My guess is that if you were to spoof the User-Agent of a very underpowered phone's browser and hit m.facebook.com, you would get a much more parseable newsfeed.

        • Hex says:

          This is a good suggestion. A User-Agent string that currently works for this is "Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; NOKIA; Lumia 800)" if you want to test it.

          On a related note, my hatred for Facebook for redirecting me to that site from my phone - for that is the User-Agent string of my browser - is immense. IE Mobile 9 is easily capable of rendering the normal Facebook site, let alone touch.facebook.com, but they redirect it to the braindead cut-down version. THANKS FACEBOOK.

  4. rwatkins says:

    Driving something like phantomJS to login and then scrape each LI out of the UL#home_stream should deal with the layers of Javascript and AJAX, though I dont know that the pain keeping up with the ever changing HTML format is worth it.

  5. Frank says:

    Hi,
    I have a question on the facebook-rss.pl script: Do I need any special setting on the app I created for the perl script? I tried your script, but after entering the "App ID / API Key" I only get "facebook-rss.pl: failed after 10 tries".

  6. Bob says:

    If you want more posts, use FQL instead of the graph API. Graph API only gives minimal feed content. FQL handles many more feed item types. The downside is you'll need to make an extra FQL call to translate user IDs into names. I can dig up some sample code if you want to try it and need help.

  7. Cam says:

    Not suggesting this as a solution for you, but just as a piece of information in case it's useful for anyone: I use Tweetdeck (the old one) logged in to Facebook and it appears to display everything in its Facebook-authenticated column, even things that don't appear on the web for me (like comments left on events I'm not invited to).