Running with Code Like with scissors, only more dangerous


Facebook Security Concerns

Posted by Rob Paveza

I logged into Facebook today and I saw a new person under "People You May Know."  This person is someone I know from refereeing hockey here in Arizona.  It turns out that I only have one person on my friends list who I know happens to be an ice hockey referee, someone I know from not only refereeing but also playing hockey, more than 10 years ago.  When I clicked on Jeff's profile (the new person Facebook suggested), I saw he only had two friends - his is a very new profile!

Jeff and I haven't ever emailed back and forth directly.  I've sent a couple email blasts, and he probably has as well.  But that's the extent of it.

My best conclusion is that Jeff allowed the Facebook friend-finder application to have access to his email.  Because I'm on the same refereeing email distribution list as Jeff, I can only assume that Facebook has looked at his email and decided to inform me that I might know Jeff.

I do appreciate the flexibility of Facebook's find-a-friend tool.  But for it to be telling me that Jeff might be my friend based on data he provided seems to be a mild form of information leaking.

I'm only hoping that he provided his information to the Facebook friend finder tool.  I never did.  And if he didn't, well, now I'm concerned that Google and Facebook have been sharing that kind of information anyway...


Launching OpenGraph.NET

Posted by Rob Paveza

Tonight I’m publishing to Codeplex a project that I’ve been working on for about a month, that I’ve called OpenGraph.NET.  It’s a C# client for Facebook’s still-new Graph API.  It currently supports regular desktop applications, web sites (using Web Forms and ASP.NET MVC), and to some extent, Silverlight.  All of the groundwork is there – it’s just going to take a bit more work to get it across the finish line.  I’m calling it version 0.9.1 "Beta”.  (Maybe I’ll come up with some clever name like “Froyo,” like the operating system on my phone).


OpenGraph.NET’s documentation is available at and the project can be downloaded from CodePlex at  There are also a couple demos on the CodePlex site within the download.

OpenGraph.NET is licensed with the new BSD license – basically, you can use it for whatever you want, but if you hand out the project publically, either compiled or as source code, you should include a copy of my copyright notice and license terms.  I’m not an advocate of copyleft, but I would certainly welcome patch submissions.  Over the weekend, I’ll be porting the source code repository from my web server onto CodePlex.

One more note – it IS indeed working out there.  We’re using it on a currently-undisclosed project at Terralever for an event being hosted by one of our clients, and I am using the Real Time Updates handler for it as well.

Over the coming weeks, I’ll be talking about the internals of how this works, including dynamic methods.

I’d like to mention a big thank-you to James Newton-King, for the awesome Json.NET library which is used extensively throughout OpenGraph.NET.