Feeds

Facebook claims mail API less intrusive than Gmail

This sh*t right here is tight

Choosing a cloud hosting partner with confidence

Facebook has defended plans to open up members' inboxes to application developers as a technology designed to spur for innovation in areas such as mobile messaging.

The social networking site said security consultant concerns that development of the technology makes for an unacceptable privacy risk are misplaced. In particular, Facebook said its Mailbox API plans poses less of a privacy risk than Gmail, which scans email messages to serve targeted ads.

Facebook users who sign up to applications that make use of Mailbox API give permission for applications to scan the contents of messages sent through the social networking website.

In answer to our questions about what privacy controls would be applied to the delivery of this functionality, Facebook offered a response that also sheds light on how the Mailbox software hook-ins might be developed to offer push email style-functionality for messages sent through the social networking website.

We are looking at ways of opening up Facebook to make it more accessible to users in the ways they want to access it, but we aren't the ones that decide how they want to use the tools we can provide, only the users can choose.

A good example of how we think it could be used is getting your Facebook Inbox on your Blackberry through POP similar to how Gmail is brought to you on your Blackberry. This type of API is standard for email providers across the Web and benefits users because it allows them to access their messages off of Facebook.

Doesn't allowing third-party app developers to hook into user's mailboxes go further than Gmail's scanning of emails to display targeted ads, we asked. Not so, a Facebook spokeswoman responded, arguing that users will have to give "explicit permission" for an app to access their inbox.

I was interested by your thought that it was potentially more contentious than Gmail? We believe it is much safer for a number of reasons. Facebook will be white-listing individual applications and the user must give explicit permission for the app to access the Inbox. I'm not aware of any webmail service that does any vetting for applications that use their POP features. And unlike Gmail, we don't have to share username and password for it to work which we believe makes it more secure.

This is also different to the regular API for applications, and importantly there are no advertiser implications either. We would, of course advise any users to always be cautious when interacting with applications.

Facebook's response follows our earlier article on the potential privacy concerns of allowing applications to hook into inboxes. Graham Cluley, senior technology consultant, described the development as a "privacy nightmare waiting to happen" and worried that a road-map for the technology may include plans to integrate functionality which would allow application developers to send mails from their users' inboxes. ®

Internet Security Threat Report 2014

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Whistling Google: PLEASE! Brussels can only hurt Europe, not us
And Commish is VERY pro-Google. Why should we worry?
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
First in line to order a Nexus 6? AT&T has a BRICK for you
Black Screen of Death plagues early Google-mobe batch
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.