Unless you've been living under a rock, you've heard about Cambridge Analytica and the unauthorized use of user data coming from the Facebook Platform. In response to this, Facebook is rapidly making multiple changes to their platform. JFBConnect integrates with many different social networks, but Facebook is the most used of them all. Because of that, we want to make sure all of our users are aware of the changes we know of, the actions we'll be taking, and how to make sure Facebook integration continues working as expected on your site.
There's plenty of details out there about this, so this will be brief. Basically, up until 2014, Facebook had a 'friends' permission. If you logged into a website and granted this permission, that website was able to get full profile information about you *and* your friends, even though your friends likely never used that site. This caused an exponential increase in the amount of profile data a site could get by having users grant that permission.
The 'friends' permission was controversial, even then, which is why Facebook disabled the permission when Graph API v2.0 became a required update. TechCrunch had a good writeup at the time of the shutdown of the previous Facebook API that allowed this data collection through the friends permission. That article was from 2015, way before the Cambridge Analytica debacle was public knowledge.
So Facebook removed that 'friend' permission back in 2015. However, there's still quite a few ways that apps can get at a lot of user data using the Facebook API. To be on the correct side of public opinion, Facebook looks to be making sweeping changes to getting profile data. Some things have already been implemented, and more are on the way. Here's a quick list of changes implemented so far.
We'll continuously be making changes to JFBConnect to keep up with any changes from Facebook. We'll be removing the profile data selectors they can no longer be imported and be updating for some minor changes in how the Page and Group API's work. As Facebook rolls out their new review policy or revises how apps are created, we'll update Autotune and our documentation accordingly to make the setup process as smooth as possible.
We have always taken a very conservative approach with JFBConnect. It was obvious that the Facebook platform could be easily abused by pulling down excessive data. We intentionally built JFBConnect so that it wasn't too agressive in taking profile information, even if we had many requests to gather as much as we could. That conservative approach is paying off now as very little change should be required, and those that are made, shouldn't affect your website's authentication or social network integration experience in a meaningful way.
