Ramblings of a Tampa engineer

An phone with the Facebook app open next to Scrabble pieces arranged in the words “social media”
Photo by William Iven / Unsplash

On April 4, 2018 while sitting at work, I began getting alerts of raised error counts on one product I manage. A few minutes into my investigation, I realized I was dealing with a larger problem.

Facebook has been in the news lately, not for connecting people, but for crossing the line in terms of what it shares with 3rd parties. Many wondered how they would respond with this huge breach of privacy. The stock market already reacted with millions bleeding from the stock, but the world was still waiting on Facebook's response.


April 4 was the day Facebook took a step in the right direction. With their post titled "An Update on Our Plans to Restrict Data Access on Facebook" they begun what they believed was right restricting access and removing some data from what they gave out to API consumers.

An API consumer is the reason you can sign into applications or websites with Facebook. These applications are all over the world from Tinder to MapMyFitness. This is a preferred method for some users as you maintain one source of username/password and just sign into other products with that Facebook account.

Jumping back to the above linked article, we see this snippet of text:

We will also no longer allow apps to ask for access to personal information such as religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity.

I can think of three applications off the top of my head that survive and depend on these fields of information. There was no warning, there was no deprecation plan. These fields were just gone as of the release of this news post. A great win for consumers, but an absolute nightmare for developers.

I opened up Tinder and to my suspected guess, I could not sign in. I assume the application was trying to obtain my Facebook education/work history, but that information was no longer available.


It seemed the dependency Tinder had on Facebook for some specific information was now gone. In the development world, this happens all the time. Data is added and removed, but usually in a large company there are deprecation warnings. Those are just a nice programming way of saying, "Don't do this anymore, we will turn this feature off in a few months"

Instagram is a product of Facebook and Facebook has slowly been moving the Instagram API endpoints over to the Facebook world. We received notice of this move in the beginning of 2018 with this post titled "Instagram Graph API Launches and Instagram API Platform Deprecation" which gave us a solid 6-12 months to update to the newest API as our old one would be going away. This in the business world allow you to schedule meetings, approve the work and do the engineering. Unfortunately for us, that removal day turned out to be April 4th.

These capabilities will be disabled immediately (previously set for July 31, 2018 or December 11, 2018 deprecation).

Along with the Facebook news, Instagram additionally retired data and endpoints that we depended on. There was no longer time to slowly plan a method of resolution. Our features were broken and the clock had started. It was a scary sight as endpoints we were using in a production website were left with:

    "meta": {
        "code": 400,
        "error_type": "APINotAllowedError",
        "error_message": "This endpoint has been retired"

We aren't Cambridge Analytica taking as much data as it can extract from the service and using it to create a scary profile of 87 million users. We are using a small amount of endpoints to create a beautiful service that users enjoy using. Bad actors abused Facebook and by extension Instagram resulting in it being crippled, but should they have had the chance to do so?

The developer in me loves services with data as there is no end to the conclusions you can draw from it. Charts, graphs and more are fun to build with already collected and organized data. I see the value in the information for various reasons, but the end user in me strongly dislikes how much of my information is released in APIs, which is then pooled and used for endless reasons.

We are at an interesting time in the ecosystem of the Internet as companies are understanding the risk of sharing and profiting from collected information. None of those companies want to be the next site published on Have I Been Pwned?.

You’ve successfully subscribed to Connor Tumbleson
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Success! Your email is updated.
Your link has expired
Success! Check your email for magic link to sign-in.