未经所有必要许可(GRAPH API)无法访问 Facebook 相册和照片

发布于 2024-11-30 08:29:02 字数 358 浏览 0 评论 0原文

在我的 Android 应用程序中,我下载用户指定朋友的专辑列表。

我获得的权限如下:friends_about_me、friends_photo_video_tags、friends_photos、user_photos。

对于一些朋友来说,它工作得很好,我可以下载完整的列表和所有照片。但对于某些它返回空数组。这是朋友隐私政策的问题还是 FB 的错误?

如果我尝试通过 FB 页面或通过 FB Android 应用程序查看这个朋友的相册,效果很好。

编辑:我确实从 FB 页面的 URL 获取了用户相册 ID,并将其粘贴到 GRAPH API 资源管理器,它向我返回 false。

问题是:如何获取相册列表和相册照片?

In my android application I download album list of specified friend of user.

I've got permission as follows:friends_about_me, friends_photo_video_tags, friends_photos, user_photos.

For some friends it works perfectly and I am able to download full list and all photos. But for some it returns empty array. Is this a case of friend privacy policy or this is FB bug?

If i try to view this friend albums via FB page or via FB android app it works fine.

Edit: I did get user album id from URL from FB page and paste it to GRAPH API explorer and it returned false to me.

Question is: what to do to get album list and album photos?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

煞人兵器 2024-12-07 08:29:02

帐户 > 下的隐私设置

(当前)隐私设置>应用程序和网站“编辑您的设置”,用户可以通过一种方式设置您的应用程序可以通过他们的朋友访问哪些信息,无论他们的朋友授予该应用程序什么权限。

可通过您的朋友访问的信息

如果您尝试查看相册的人未选中“我的照片”,那么他们必须直接授予应用程序权限(如下所述)。默认情况下它是选中的,并且您的应用程序可以访问用户的照片。如果未选中该框,那么如果他们不添加您的应用程序并授予您访问权限,您的应用程序就无法获取他们的照片。

随着 Facebook 隐私设置的更改,这些设置可能会被更改已移动,但希望该功能仍然存在。

更新 8/30 - 我的 Facebook 帐户刚刚通过上述更改启用。该对话框是相同的,只是在不同的标签下: Account >隐私设置>应用程序和网站>人们如何将您的信息引入他们使用“编辑设置”的应用。一些文本已更新,一些选项略有不同,但其他设置是相同的。

测试

配置两个帐户,如下所示:

帐户 1:

  1. 两个朋友群组,其中一个称为“受限”
  2. 相册(“个人资料照片”除外),设置为“仅限朋友”;除了“受限组”可以看到它们。个人资料照片设置为仅限好友。
  3. 在“通过朋友访问的信息”中未选中“我的照片”
  4. 对应用程序的权限非常宽松(friends_about_me、friends_photo_video_tags、friends_photos、user_photos 等)

帐户 2:

  1. 拥有帐户 1 的朋友
  2. 向应用程序授予了相同的权限

通过切换隐私 控件(选中/取消选中相关复选框、授予/撤销帐户 1 上应用程序的权限以及将帐户 2 添加/删除到帐户 1 上的“受限”组)并尝试访问该帐户的相册,您会发现帐户 1 中的我的照片复选框:

  • 已选中
    • 任何具有帐户 2 使用的 friends_photos 权限的应用都可以查看帐户 2 可见的任何照片
  • 任何具有
    • 帐户 1 的好友使用的应用无法访问任何照片,除非......
    • 除非帐户 1 已添加您的应用并授予 user_photos 权限。在这种情况下,应用可以访问帐户 2 可见的任何相册。

因此,帐户 2 可以在未选中“我的照片”框的情况下访问帐户 1 的相册 (//albums) 的唯一方法是指帐户 2 不在“受限”组中,并且帐户 1 通过 user_photos 权限启用了该应用。当帐户 2 受到限制时,它可以看到的唯一相册(如预期)是“个人资料图片”相册。当账户 1 删除应用或在未授予 user_photos 权限的情况下启用该应用时,/albums 连接将返回一个空数组。

因此,虽然返回空数组看起来像是一个错误,但它实际上是完全确定性和预期的行为。最重要的是,从用户隐私的角度来看,Facebook 让用户控制此设置是件好事。

那么如何获取他们的照片呢?

你不知道。或者,无论如何,你不应该这样做。如果他们花时间禁止通过朋友访问他们的照片,您应该尊重他们的隐私。

也就是说,从技术上讲,仍然可以以朋友之一的身份登录 facebook.com 并查看他们与朋友共享的照片,但不能通过朋友的应用程序查看。理论上,您可以编写一个网络爬虫来自动执行此类任务,尽管这违反了 facebook 服务条款 这样做你就会成为一个坏人:

[3.2] 未经我们许可,您不得使用自动化手段(例如收获机器人、机器人、蜘蛛或抓取工具)收集用户的内容或信息,或以其他方式访问 Facebook。

Privacy Settings

(Currently) under Account > Privacy settings > Apps and Websites "Edit your settings", there is a way for users to set what information your app can access through their friends, regardless of what permissions their friends grant to the app.

Info accessible through your friends

If the person you are trying to see albums from has unchecked "My Photos", then they have to grant the app permission directly (described below). By default it is checked, and your app can access the user's photos. If the box is unchecked, then there is no way for your app to get their photos without them adding your app and giving you access.

With the changes that are being rolled out to facebook's privacy settings, these settings are likely to be moved, but hopefully the functionality will still be around.

Update 8/30 - My facebook account was just enabled with the changes referred to above. The dialog is the same, just under a different label: Account > Privacy Settings > Apps and Websites > How people bring your info to apps they use "Edit settings". Some of the text was updated and some options are slightly different, but otherwise the settings are the same.

Testing

Configure two accounts like so:

Account 1:

  1. Two groups for friends, one of which is called "restricted"
  2. Photo albums (except for 'Profile pics') set so that 'Friends only; except Restricted group' can see them. Profile pics is set to friends only.
  3. "My photos" unchecked in "Info accessible through friends"
  4. Very liberal permissions to app (friends_about_me, friends_photo_video_tags, friends_photos, user_photos among others)

Account 2:

  1. Friends with account 1
  2. Granted same permissions to app

By toggling privacy controls (checking/unchecking the checkbox in question, granting/revoking privileges for the app on Account 1, and adding/removing Account 2 to the "Restricted" group) on Account 1 and trying to access that account's photo albums, you will find that with the My Photos checkbox in account 1:

  • Checked
    • Any app with the friends_photos permission used by Account 2 can see any photos visible to Account 2
  • Unchecked
    • Apps used by friends of Account 1 cannot access any photos, unless...
    • UNLESS Account 1 has added your app and granted the user_photos permission. In this case the app has access to any albums visible to Account 2.

So the only way Account 2 can access Account 1's albums (/<userid>/albums) with the "My photos" box unchecked is when Account 2 is not in the "restricted" group and Account 1 has the app enabled with the user_photos permission. When Account 2 is restricted, the only album it can see is (as expected) the 'Profile pictures' one. When Account 1 either deletes the app or enables it without granting the user_photos permissions, the /albums connection returns an empty array.

So while it may seem like an error that you get an empty array back, it's actually completely deterministic and expected behavior. On top of that it's good from a user privacy standpoint that Facebook gives users control over this setting.

So how do you get their photos?

You don't. Or, you shouldn't, anyway. If they've taken the time to disable access to their photos through their friends, you should respect their privacy.

That said, it is technically still possible to log in to facebook.com as one of their friends and see the photos they've shared with their friends but not with their friends' apps. In theory you could write a web crawler that would automatically perform such a task, although it is against facebooks terms of service and you would be a Bad Person for doing so:

[3.2] You will not collect users' content or information, or otherwise access Facebook, using automated means (such as harvesting bots, robots, spiders, or scrapers) without our permission.

江南烟雨〆相思醉 2024-12-07 08:29:02

你应该进行测试,
创建 2 个 Facebook 测试配置文件(或使用朋友帐户)
将一个设为私有,另一个设为公开,然后查看结果,

我愿意打赌这是隐私设置,

如果无论隐私设置如何它都有效,那么也许您同时发出许多请求并因此而被丢弃。

u should run a test,
create 2 facebook test profiles (or use friends account)
make one private and the other public and see the results

i would be willing to bet it is the privacy settings

if it works regardless of the privacy settings then maybe your making to many request simultaneously and getting getting dropped because of it.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文