It appears that Facebook has taken the Higher Ground. I also warned on Twitter that when Facebook opens up, they also innovate. That, they did today as they launched their new “Facebook Messages” product, a “Social Inbox” intended to change the way you communicate with your close friends and family. The new service also creates a new e-mail address for each Facebook user allowing those outside the network to still communicate to those within. There’s an additional benefit to the new e-mail addresses though. The benefit is that now any person with your Facebook username has the potential ability to now have your e-mail address as well. If you send me an e-mail to “email@example.com”, I will get your e-mail in my Facebook inbox. Facebook actually makes this very easy with their Graph API – in fact, you don’t even have to be a programmer to do it (although a little programming skills will make it easier). Here’s how you can get the person’s username, effectively having the e-mail address of the user. I’ll explain later why I think it’s a misdirected focus for people to want this in the first place.
Getting the Username
Facebook makes a base set of information available to any application that wants the information, without that individual user actually having to get that data. For instance, if I wanted to access a user’s friends, I could just send https://graph.facebook.com/jessestay/friends?oauth_token=17106374525|TNfJ9ow2J0t0jc-AVwMW9_ZRb4s to the browser, and I would get a list of each of the friends for the user, “jessestay”, with just their username and Facebook ID (the number). Notice there’s no username included in that information. I can get more information about each user though. Again, without any permissions from the user I can pull a base set of information about each user.
So, to get each user’s additional information I would just iterate through the friends list I showed you above, and make a call on each ID like this: https://graph.facebook.com/683545112?oauth_token=17106374525|TNfJ9ow2J0t0jc-AVwMW9_ZRb4s. Again, note Facebook still protects the user’s username – with just a simple call on the user I’m given the id, name, first name, last name, a link to the profile, the gender of the user, and their locale (meaning what language are they viewing Facebook under).
Side note: How did I get the oauth_token value above to get this information? To get the oauth_token, you’ll need to register your application using default value (you can leave most the fields blank) at http://facebook.com/developers. Then, place your application id and application secret in this url and load it in your browser: https://graph.facebook.com/oauth/access_token?client_secret=(secret goes here)&client_id=(app id goes here)&grant_type=client_credentials
You’ll be presented with the text, “access_token=17106374525|TNfJ9ow2J0t0jc-AVwMW9_ZRb4s” (the value being a value Facebook provides, not exactly as you see here). Use that number as your oauth_token!
So, the key piece of information you should be interested in is the “link” value in each user’s profile data. If they’ve selected a username, that username will be in the link. All you need to do is parse out the username, add it to an “@facebook.com” e-mail address, send your e-mail, and voila, if that user wants their friends to e-mail them from outside Facebook, that e-mail will go through to them! I think Google and others that want this information are smart enough to do this.
The “Higher Ground”
Here’s where Facebook took the Higher Ground. In my previous article I mentioned Facebook needed a privacy setting allowing users to choose if they want their friends to e-mail them from outside of Facebook. If I want other apps to have access to my e-mail address in a friend’s list of friends, I should be able to specify that. The new Facebook Messages forces each user to choose if they want a Facebook e-mail address, and that e-mail address then becomes “firstname.lastname@example.org”, but only if they choose to enable it. Not only that, but any e-mail sent gets automatically placed in an unprioritized box, keeping out the spam in the event the e-mail address does get abused. I think this is a very powerful form of messaging – it means, ideally, assuming you’re only allowing real people into your friends list, only real friends will be able to send messages to you that get prioritized.
So now, Google, if they wanted to, could collect all your friends’ e-mail addresses (the @facebook.com ones), and still respect the desires of your friends as they do so. The caveat is Facebook’s new developer Terms of Service surrounding these e-mails say that apps can’t send messages to these e-mails. That’s beside the point of what Google’s trying to do though – they just want access to the e-mail addresses, so they can now match them to users in their system, and so that their users can import new ways to contact Facebook users into their Gmail contact lists. The way I mention above solves that problem, in a very simple manner. The TOS, ideally, keeps out the spammers.
Why None of This Matters
Here’s the deal – none of this really matters. Facebook has reinvented the game here. They’ve killed the concept of an “e-mail address”, and have instead turned communication into another dimension, one with real people and real individuals communicating. One of profile-to-profile communication instead of IP to IP communication (which the e-mail address tries to solve). The e-mail address only gives me one way to identify a user’s profile (Identity) on that network – it doesn’t give me any access to the actual Social Graph of that Individual, especially on Facebook. What the Googles and Yahoos and others should really want is how do you associate the individuals with other people on the Google and Yahoo and other networks. Knowing just the e-mail doesn’t open up any data at all when it comes to a real Social Graph.
Here’s what I would do if I were Gmail: I would allow each Google Account user to associate a Facebook account with their Google Account. Work out a deal. Do whatever you need to make this happen. Nothing is impossible – do it. Your competitors have, as has your own property, Youtube. Then, as they register for Gmail, or want to associate new contacts, have them authorize the Gmail application on Facebook to access e-mail and other information for that user. Or, just leave it to the basics (again, e-mail really doesn’t matter in this case – you just want to access a user’s Social Graph). Now do a lookup on each and every user in the Gmail database that has an ID in that user’s friend list on Facebook. Add that individual to their contacts list. Also, as new members join that are in that user’s Social Graph, add them automatically to the user’s contact list. Yelp does this. Digg does this. Quora does this.
Now, instead of just a bunch of names and e-mail addresses, you’ve opened up an entirely new world of communication for your users. You’ve opened up a way for those users to communicate via their traditional e-mail. You’ve opened up a way for them to post to each other’s Facebook wall, right inside Gmail (because remember you have their Facebook ID). You’ve opened up a way for those users to truly communicate with their close friends and family in many ways, that aren’t just limited to Gmail.
E-mail, and profiles are Apples and Oranges. Yes, Facebook did just make it possible for anyone to access your Facebook.com e-mail address. No, that doesn’t really mean anything unless you’re willing to truly look at what that e-mail address represents. It represents a real individual with a real Social Graph inside Facebook. A Contact List is not a Social Graph! I hope people can start realizing this and we can see others innovate in this space way beyond just what Facebook is doing.
I’m rooting for you. Just do it.