Why f8 was good for the open web

Disclosure: I joined Facebook last Fall. Over a year ago I predicted that they would open up.

It’s easy as a technologist to think about openness solely in terms of technology, but openness is broader than that. Openness of technology means that others can build using the same tools that you do. Openness of data means that developers can build innovative products based on APIs that weren’t previously possible. And openness between people is what happens when when all of these things come together to give people better ways to share information.

Sure, some things Facebook launched are more “open” than others, but here is what’s exciting me:

1) No 24-hour caching limit: Developers have found that one of the most annoying policies was only caching data from the Facebook API for twenty-four hours at a time. At Six Apart this meant that we had built infrastructure that allowed us to comply with this restriction in a way that wouldn’t impact site performance. Today developers can store data from Facebook’s API as long as they’re keeping it up to date and agree to remove it at a user’s request.

2) An API that is realtime and isn’t just about content: Part of why it’s possible to remove the 24-hour caching limit is because Facebook’s API now supports the ability for developers to subscribe to changes. This means that developers do not need to continuously fetch data from Facebook to see if it has changed, but rather will have those changes pushed to their applications in realtime.

Now the first question you’re probably asking is if Facebook used PubSubHubbub; at least that was my first question to our engineering team a few months ago. Given that PubSubHubbub models a feed of public entries, it doesn’t work for subscribing to arbitrary social data (and doesn’t support JSON either). I think this is another example of how Google thinks so differently from Facebook. The web started as a collection of documents, but people are becoming even more important.

So instead, Facebook’s realtime API uses WebHooks and borrows from PubSubHubbub where possible. This is a first step toward a World where I no longer need to manually update my mailing address at every site I buy stuff from!

3) The Open Graph protocol benefits the web, not just Facebook: At f8, Facebook made two technology announcements using the term “Graph”, in addition to talking about the Open Graph as a bi-directional combination of many different social graphs. The first is Facebook’s Graph API and the second is the Open Graph protocol.

Here’s what I wrote yesterday when Chris Messina asked me what “open” meant in regards to the Open Graph protocol:

First of all it is designed to increase openness between people based on being able to connect with things all around the web. Within Facebook this means that people can like any web page anywhere, not just those on facebook.com.

Second, the Open Graph protocol increases the amount of semantic data on the web in a manner that isn’t specific to Facebook or any single social network. While we can all disagree about where the quotes and angle-brackets should go, at the end of the day I think we all can agree that this sort of metadata is good for the web.

Third, it was created and implemented by more than one company. We’re now broadening that group of people (right here) and are interested in evolving the spec in a meritocratic fashion.

Finally, it’s licensed from day one under the Open Web Foundation Agreement. As Jesse Stay wrote, this means that it, “is under a completely open license agreement that other platform creators can adopt, use, and freely distribute.”

While the technology is still evolving, it dramatically increases the amount of semantic data on the web and does so in a fashion which builds on RDFa and Microformats that anyone – including Google, Twitter, and the OpenLike project – can make use of.

4) OAuth 2.0: Back in January I wrote What’s going on with OAuth? where a few of us laid out the path toward OAuth 2.0. Last week Twitter used OAuth 2.0 under the covers of @anywhere. At f8, Facebook shipped OAuth 2.0 as the only way to interact with the new API. Earlier today the chairs of the OAuth working group within the IETF asked for a consensus call to publish the first official draft.

While I was involved in creating OAuth 1.0, I’m even more excited about 2.0. It’s so simple! No signatures. No request tokens. And distinct flows for web browsers, traditional web applications, living room devices, etc versus one flow that tries to do everything. Want my public data, fetch http://graph.facebook.com/davidrecordon. Want private data, just switch to using SSL and add access_token as a parameter. That’s how it should be.

I don’t think we could have picked a more interesting time to work on the web than during its transformation to being about people at the core.

tags: ,
  • Brett Slatkin

    Hey Dave,

    I agree with your #1, 3 & 4.

    Regarding #2:

    “Given that PubSubHubbub models a feed of public entries, it doesn’t work for subscribing to arbitrary social data”


    Actually, you can use PubSubHubbub with OAuth-protected feeds without any modification to the protocol. This gives you private, fully authenticated feeds in real-time. It’s true that no vendor has done this yet at scale, but Nikita from MySpace documented the approach 3 months ago:


    re:”social data”

    You can encode social objects and search filters in PuSH topic URLs with little difficulty. At the end of the day the only thing that needs a URL is your subscription. The rest of the person-oriented fields are arbitrary.


    “I think this is another example of how Google thinks so differently from Facebook”

    It is, but maybe not for the reason you’re suggesting. To me this highlights the technical challenge of addressing privacy concerns in a federated system. Maintaining privacy across multiple, *equal* providers is very hard to do; we’re making progress towards it. But life is a lot easier for engineers when you can hardcode the center of the universe.

    Anyways, I’m happy Facebook borrowed what they could. I’m hopeful we can line all these parts up eventually. Thanks for the post.


  • bruce wayne

    Mr. Recordon
    You are a sell out and a shill …You have helped a company build tools to close off the internet….You know that ….Your FB Closed Graph is not bi directional….You have to be a member of FB to take advantage of the FB closed graph…..I m even sickend that you have been given any media space to defend your sad and despicable activity…As a developer and ex proponent o of the open interent I find your defense of FB hollow and laughable…..I know that you cannot possibly believe that what you are saying is true or that any good will come from it….As for the 24 hour caching BS that you are spewing…since when does a company have the right to decide how long members information are cached….Members should have a say in this….You nor FB should have the right to decide anything concerning members content without the members approval….and I dont mean the draconian approval process that you and FB have force down members throats….The issue for me is that FB is a closed silo and will continue to be closed….the “open” graph is not open….you have to be a member of FB to use it….so its not “open”……I come from a time where “Open” had a meaning that was not bent and shaped by companies….For me “Open” means that no company “Owns” either end the process….In the case the the FB Graph…..(Note I m calling it the FB graph as this is what it is…..) FB owns the entier process….Its interesting to note how times have changed in my opinion for the worse….At one time Microsoft attempted to do the same thing that FB is attempting to do….and then developers and the tech “community” were up in arms….Why would we allow a company like MS take control of our identities and the internet ? Well then we said that we would not allow this and it did not happen…..I think that some the reason that FB has been able to continue to push their attempt to close off the internet is that when journalist write about or repeat the FB pr line, their is not context given….If the current coverage of the FB Closed Graph included the “Facts” concerning FB’s total lack of respect for member privacy as well as for third party developers, I think that the outcome and perspectives would be very different……As for the developers inside and outside of FB that are building and extending FB’s attempt to close off the internet….you are all complicit, and as a developer myself….I know that all of you know the implications of what you are doing….Mark Zuckerberg cannot close off and pollute the internet without the participation of developers……You can pretend you set silently at your computers writing code without understanding the very real implications of what you are doing….but we all know that this is not true…Developers have always been the vanguard of an open internet and we need to continue with this fight……….As developers we have allowed a company with the track record of zealous tyrannical dictator to steal a “standard” that should be owned by the internet community at large…There is no magic in what the litter dictator is proposing…..A group of developers could and should create a truly open graph so that any one can create and consume the data….The sad and horrible fact is that instead of doing this the very developers that have been entrusted to keep the internet open have created the tools that will be used to close it off….


  • Martijn Linssen

    It amazes me how great the lack of criticism is all around these wild plans, but, you can’t bite the hand that feeds you in this case

    The fact that it is dubbed Open (Graph) is misleading, the promise of it increasing the amount of semantic data is ridiculous, but the biggest problem is: no one will use it. Facebook people don’t go out on the web and share. They (maybe?) go out on the web, then back to Facebook, and then share there

    http://www.martijnlinssen.com/2010/04/face-off-for-facebook.html contains my more elaborate thoughts on, and proof of that

  • David Recordon

    @Bruce, one of the very first things I said was that some things Facebook launched were more open than others. I decided to write about four things which I really believe are open and in the best interests of the web.

    I’m confused by your critique of what I wrote about removing the 24 hour caching limit. As a developer it annoyed me in the first place and now the limit no longer exists.

    I’d also recommend Dare Obasanjo’s post on why the Open Graph protocol is a good thing. http://bit.ly/9nwoKg

    @Martijn, read your post and there are a lot of people beyond Twitter users who share content on the web. Emailing links is still one of the most popular ways for non-geeks to share things. Taking http://bit.ly/cpTtzx as an example. Facebook’s Like button shows 1,821 people clicked it and a call to Facebook’s links.getStats API (http://bit.ly/aqktfC) shows another 22,478 shares, likes, and comments across the site.

  • William Sullivan

    The disclosure of the author’s employment at Facebook belongs at the top of this blog post. It is, as it stands, misleading.

  • PB

    I think you’re making a mistake already at defining “the openness”. Open Software – is about making software reuse easy and possible, not making software developers give up their rights on their intellectual property. Same is for Open Data, only worse. Whereas, open source use id limited by definition, open data can be abused without limits! Let’s say 1) I got your email, 2) track you IP address and web activity in real-time, etc. The least harmful thing I can think of is, that in short time you will find yourself spammed by all those that bought your lead from me for 10$ a piece. But, assume, I got your phone, address, information about your friends, and occupation. Ha! Now things get really messy!
    So, what Facebook does is great… for Facebook. Just read all the comments of Facebook users to understand 1) how short the way from email/web-tracking to more sensitive information, 2) how few do Corporations do to protect our privacy while striving to increase their profits.

  • dont_drink_the_koolaid

    did someone forget about the users of the service when considering ‘open’? if these moves are so great, why are you being so deceptive with the people who put food on your table and have the most to win/lose in these changes? why are you opting all users in without their consent and burying opt-outs several clicks deep (or not allowing opt-outs for some stuff at all)? why was the 24hour cache limit imposed for privacy reasons previously, but now it is about developers and openness? how were you not embarrassed by the closing statements in your CEOs keynote where he made some fake reference to being inspired by openness and transparency as a child and that motivated him to start facebook, followed by some phony call to lets all join together and make the world a better place, and the social graph turning into a peace sign and such?

    i think the most important aspect about ‘open’, is communicating clearly with your customers to make sure they understand the implications of what you are doing to/for them. sure, its very easy to justify it that it is the responsibility of people to understand the terms, or most people don’t care, or its a free service so that’s the cost, or everything is (currently) legal so its not a moral issue. but so did subprime mortgage brokers, who gave contracts to people who didn’t understand the implications and were certain to face serious negative implications in the near future…..but hey, its their fault for being ignorant and i’m just here to close the deal and get my bonus.

    facebook is a company, whose mission is to make a profit, i don’t hold it to a higher standard than anyone else. but on a personal level, you are effectively making yourself an organ of their propaganda. please consider the implications.

  • Mac Slocum

    @William Sullivan: Excellent point. The post has been updated with the disclosure at the beginning.

  • Martijn Linssen

    Thank you Dave, for reading my post and commenting back. Let me take that very comment then:

    …there are a lot of people beyond Twitter users who share content on the web

    …Emailing links is still one of the most popular ways for non-geeks to share things

    …Taking http://bit.ly/cpTtzx as an example

    …a call to Facebook’s links.getStats API (http://bit.ly/aqktfC) shows another 22,478 shares, likes, and comments across the site

    Last but not least: if Facebook really adores an open button, why not just allow TweetMeMe access to FB?

  • David Recordon

    TweetMeme can make use of the Open Graph protocol metadata just like Facebook does. When someone clicks the retweet button, they can extract the web page’s title, description, category, image, etc.

    TweetMeme can also access interest data – including likes – for users which have signed into their application assuming their privacy settings allow it. See http://factoryjoe.com/blog/2010/04/22/understanding-the-open-graph-protocol/#comment-117979 for a longer description of how that would work.

  • Martijn Linssen


    looks like the good parts of my comment didn’t make it there… trying again now:

    …there are a lot of people beyond Twitter users who share content on the web

    …Emailing links is still one of the most popular ways for non-geeks to share things

    …Taking http://bit.ly/cpTtzx as an example

    …a call to Facebook’s links.getStats API (http://bit.ly/aqktfC) shows another 22,478 shares, likes, and comments across the site

    There is no need whatsoever for a Faecbook Like button all over the web. There is no demand for that. But, regardless of need and demand, there will never be any supply driving that…

    (hoping this one makes it unedited, would be grant)

  • Martijn Linssen


    I got it now. I used a < sign in my comment, that apparently got interpreted qnd made the rest of the sentence disappear

    Final try now!

    …there are a lot of people beyond Twitter users who share content on the web — sure, didn’t state the opposite. But you don’t deny Tweeps leading by example, do you?

    …Emailing links is still one of the most popular ways for non-geeks to share things — if you say so! Isn’t that another reason not to have the Facebook Like button?

    …Taking http://bit.ly/cpTtzx as an example — not really fair, you can only Like that post, not Retweet it. I used 40+ examples, I’m sure you can find a few that favour Facebook?

    …a call to Facebook’s links.getStats API (http://bit.ly/aqktfC) shows another 22,478 shares, likes, and comments across the site — like I said in my blog post, Facebook people share stuff within Facebook compounds (accidentally typed Safebook there)

    There, I’m fairly sure this one will make it through