I have had several interesting requests for my NameGen program, including the much maligned desktop application that is not really active development (pending future grant money). What is interesting is the sorts of requests that come in based on misunderstandings of what Facebook provides to an application developer.

So, what can and can’t you get from the Facebook API about an individual and their friends?

I. You can get a list of a user’s friends, their names, and their profile pic.
Here is the FQL:

SELECT user,name FROM user WHERE uid IN (SELECT uid2 FROM friend WHERE uid1 = $user_id)

If the user has made other information public, that is often accessible as well, such as gender, date of birth and hometown. Some protected information such as relationship status is never available to the API for anyone other than the user. You can customize what information is available to others through Privacy Settings -> Applications, Games and Websites -> Information Accessible through your friends. This figure shows what I have set. I believe it is the default.

The friend sharing customization screen

The customization screen for Facebook’s information sharing between friends via the API

II. You can get a 1.5 degree personal network. (Please note – this is a simplified and suboptimal query that will not return a complete network in most cases where the network is larger than 200 nodes).

SELECT uid1, uid2 FROM friend WHERE uid1 IN (SELECT uid2 FROM friend WHERE uid1 = $user_id ) AND uid2 IN (SELECT uid1 FROM friend WHERE uid2 = $user_id)

This will return a list of friend links. There is a more inefficient way of querying this information using the get_friends() query. It requires you to send all possible friend combinations, and it will return, for each one, whether the two users are friends. So the list length will be n(n-1)/2 where n is the number of friends. That’s approximately 125k elements for a 500 person network. Those elements have to be sent in batches of 5k max (as far as I recall).

III. You can get the links between friends in a group.
I don’t have this query on hand, partially because Facebook will not return a complete list of group members (at least through FQL), but if you are in a group, you can ask if other group members are friends. The same cannot be said of a fan page (i.e. The ones where you ‘like’ rather than the ones where you join). One attempt to explore this network is in http://apps.facebook.com/netvizz

Click for book

An example showing the 1.0, 1.5 and 2.0 ego nets (taken from my chapter in Analyzing Social Media with NodeXL – click pic for book

What can you view through Facebook (and theoretically spider) but not get through the API:

1. The 2-degree network: If you can view a friend, you can view all of their friends. That said, the API will not return these people. It only will return the friends of a single user.

2. All members of a group.

3. All members of a page (if you are a page administrator).

So…what does this mean? It means that basically, Facebook allows people to learn about the network immediately surrounding them and that’s it. It similarly means Facebook will not allow you easily to learn the personal network for someone else. So consider the following requests that won’t work:

The personal network of a person’s friend. Being able to access this would be a problem as a clear form of surveillance. So if you want to view a friend’s network, you should ask them to download it themselves.

This also holds for parents – no I will not help you download your teenager’s network just because she put you on limited profile. Moreover, this is not even possible unless you and your daughter and all of her friends are in a group and you can get the complete list of people in the group. And recall, while it is possible to add other people to a group, those people must already be your friend, so you can already access those ties anyway.

The personal network of someone you are investigating. If you do not have a warrant to download this network (or to compel a suspect to download their own network), and you want this information, this again, is surveillance. Also, I’m pretty sure that taking the network of someone else would be a breach of the terms of use. And as for the warrant – I would tread carefully, as this will probably involve all sorts of legalistic red tape (especially in privacy friendly countries such as Germany).

This also holds for people curious about the personal network of anyone they are not friends with. A Facebook friendship is a form of information access and redistribution. If you are not friends with someone, they have not granted you this access. This is the sort of notion that got Pete Warden into legal hot water with his 200 million-strong global Facebook network that he was planning on releasing.

Personally, I think that data portability is a good thing, and I am currently following the debacle between Google and Facebook rather closely, but I also think this needs to be a carefully metered out. And I don’t think that Facebook is a sinkhole of data – in fact, their API is very liberal. In some cases, perhaps too liberal. This is especially considering the perennially evolving terms of use. But they have made some careful decisions that I tend to agree with (such as limiting the 24-hour caching requirement), and while I wouldn’t give them carte blanche support, I think they are making baby steps in the right direction. Thankfully, those steps do not involve downloading the networks of others without their permission and collecting friends of friends of friends.


Note: This post was originally published on Bernie Hogan's blog on . It might have been updated since then in its original location. The post gives the views of the author(s), and not necessarily the position of the Oxford Internet Institute.