Today, strength comes from understanding the connected world. Earlier this year, Facebook announced that each person in the world is connected to every other person by an average of three and a half other people. Facebook also understands the strength of these connections through its feed algorithm, which measures the frequency and recency of our engagement with each other through our actions (likes, checkins, views, photos, ...). If we change our perspective of this network to a piece of content's point of view, any piece of content has multiple connections to users and to other pieces of content. Content can be anything from a page for the local bar to a book to someone's latest run. This makes Facebook the largest network of connections between people, businesses, locations, ideas and products, but its information is not publicly available. However, Facebook left a backdoor open that they cannot easily close.
Despite being the login of choice for both companies and users, most apps are unaware that they can use login permissions to access Facebook's content and the connections between. It is possible to measure these connections to determine the network strength of any content the same way Klout gives users a "Klout score". A company can plot changes in this score over time to predict the future of a user, business, or industry. I believe this ability is particularly useful in predicting popular neighborhoods or other small locations by monitoring the average score for a type of business in a defined area. This is even more interesting when event attendance data is combined. There are many correlational relationships to be discovered that can help understand and predict city growth and development because Facebook's data is not used this way today.
For Facebook to continue to grow it needs to show that it keeps users information safe as well as help developers understand what users want. As a result, Facebook has left room for a third party service to provide data between its anonymized data and the content available through its API. Facebook will not chase after smaller opportunities outside of their scope that might potentially lead to a public image problem.
In the following blog I discuss the content that can be gathered from the Facebook login and the difficulties in doing so. I hypothesize a third party service that handles this difficulty for companies interested in tapping into the largest social network. I brainstorm a few uses of this content and I am curious to hear additional uses of this service.
Our networked world
The Facebook login is the login of choice for both users and companies, but companies fail to use it to its fullest potential. Few ask for permissions and rarely use the information they collect for more than light personalization or target marketing. Gathering information connected to only the users that log in incorrectly treats Facebook as a one-to-many relationship which only scratches the surface of the connections and other information available.
Facebook is a much larger network of many-to-many relationships. Everything a user is connected to also has relationships with other users and other things. The Facebook API allows us to go far deeper within a single connection from the user. For only one of a user's likes, Facebook's API can return all the information about that page as well as all of the connections from that page to thousands of other pages, posts, photos, videos, events, and articles. Each of these pages can then return many more pages and so on. By gathering and storing this information as it is returned, it is possible to gain whole cities of information from a single user.
Today, having a Facebook page is a necessity for running a business. With 50 million businesses on Facebook, you can gather and store information about any individual business in any industry or any location using a Facebook login. Using a Facebook login you can measure changes in a business's connections and engagement over time to plot where it has been and possibly predict its future.
Logins are our keys to the internet
Logins create a stable persistent ID across devices so users have a seamless experience. Having a login protects users' content by preventing unauthorized access and makes it difficult for users to create multiple accounts to game websites. Implementing secure logins costs time and money while creating a risk of data breaches. Developers do not want to develop their own authentication logic so they configure off-the-shelf software and trust that it is secure.
For years, logins have been dominated by a username and a matching password. Due to the rapid growth of mobile apps the number of passwords users have been asked to remember has exploded.
This explosion of passwords has led to some unfortunate consequences. 26% of people use very simple passwords like “password”. 46% write down their passwords. 55% use the same password for most or all websites. 69% forgot a password. 90% left a website because they forgot their password. If you are like me and depend on visits for revenue, passwords cost you money and lead to insecurity. 47% of US adults have been hacked within the past 12 months.
Passwords lead to a slow and inconvenient login process. Two-factor authentication and social logins allow users to securely login and avoid creating additional usernames and passwords.
Two-factor logins either use an email or telephone number to confirm the user with a one-time-valid, dynamic passcode consisting of digits. Interestingly, today internet identity comes from the phone rather than an email address, particularly in developing nations. Two-factor logins take time and the confirmation text or email could get lost or delayed.
Social logins, on the other hand, allow users to be validated in as little as two clicks. Users like it because it is fast, easy, and secure. They can control the information they share for all the apps they use through their social login provider.
In addition to account creation, social logins also provide personalization and social context. Personalization creates a richer experience which engages people early and keeps them engaged. Social context verifies that the user is using their real identity while showing the user which of their friends are using the site.
Most social media networks provide logins and implementing more than one login can be daunting. Each social login can change often and combining multiple platforms’ analytics is confusing. A few companies, like Gigya, LoginRadius, and Janrain, provide single solution login services for developers. These companies try to make it easy to provide and manage multiple social login options.
Even though we were offering multiple login options, they were not being used equally. We saw 90% Facebook, 8% username/password, 1% Twitter, and 1% Google. Time Out's user base is heavily mobile (specifically iPhone), urban, and young which leads to higher use of the Facebook login. Single solution services report similar findings.
With 1.55B monthly active users and over a billion daily users Facebook is the most used social media platform. Naturally, it should be the largest social login provider. Where the Facebook login really stands out from other social logins is in mobile where it is chosen 80% of the time.
In 2014, global mobile use surpassed desktop use and it is predicted to continue to grow. This will only strengthen Facebook and the use of its login. Facebook is actively working to grow its mobile user base in developing markets with Facebook Lite which was the fastest Facebook product to grow to 100M users. This product targets Facebook's "next billion users" in 2G networks which cover 96% of people globally. With Facebook Lite, Facebook will become the login of choice for the developing world too. Today, 85% of the top grossing apps use the Facebook login. Its ubiquity leads to 300M people logging in to a new app every month using Facebook.
At Time Out, even though most users chose Facebook to sign in, we kept our single login solution to give users an option to create a site account. Then, at F8, the Facebook Developer Conference in April, Facebook added a two factor authentication called Account Kit. The combination of Facebook login and Account Kit serves 98% of our users. I assume other companies, especially media companies, are discovering they no longer need to pay for a single login solution.
Switching from single login providers to Facebook also has the added benefit of more accurate analytics. Facebook uses third parties like Acxiom, Epsilon, and Oracle Data Cloud in combination with the Facebook Pixel to create shadow accounts for everyone whether they have an account on Facebook or not. The result is, Facebook’s anonymized and aggregated demographics do not require a sign in to work. Instead of being limited to only demographic information for some of our users that signed in now we can get it for all of our visitors. This makes Facebook analytics much deeper and more accurate than the tools supplied by single login solutions.
This had me questioning several paid services or features we had in our road map that could all be replaced by free Facebook products saving Time Out hundreds of thousands of dollars and development time.
Facebook is the chosen key to the internet
Each product Facebook releases helps them to build a holistic online experience. Their strategy is to get people to use the internet and never leave Facebook. Facebook has intelligently tied their success to the success of developers on the Facebook platform. It is in their best interest to continue to create more useful products and stronger analytics unburdening the developer and clearing the way for developers to feed Facebook even more data on their users and what users want.
A great product is all about retention. This is why developers live and die by monthly active users. We need logins to create account scarcity so we can correctly understand how many people are using our sites. Mark Zuckerberg famously said “having two identities for yourself is an example of a lack of integrity”. Other identity types can exist in public but some form of verified identity needs to exist on the backend for developers to accurately measure monthly active users.
To make sure you only have one profile, Facebook socially verifies your identity using your friends, email, text, or even have you send a picture of your driver’s license. Facebook has and will continue to be the most widespread while accurate source of digital identity. The Facebook login has become the chosen key to the internet.
Facebook is watching but they probably aren't interested
I have had many meetings with investors who expressed their concern about Facebook's visibility into my products built on Facebook's platform. Jason Calacanis wrote that the ecosystem can see everything the app is doing and all the metrics behind each feature. Facebook has used their metrics to acquire another company or just copy the entire product or feature that is working. However, this has only happened on very rare occasions.
When I visited Facebook in late 2013, with an event discovery app I thought they would be interested in, I was told "If you can’t prove that it will move the dial by $500M (or 500M MAU) today, Facebook probably is not going to be interested." We must remember Facebook's primary goal is to grow its user base and keep those users engaged. To accomplish this goal developers need to be able to work on the Facebook platform without the fear of being ripped off.
Facebook will continue to help developers with free tools and strong analytics to understand what their users want. These tools and analytics are only limited by what will not upset their user base, specifically privacy.
To show they are protecting user information, Facebook will not step beyond aggregated and anonymized demographics on any of their products or through their partnerships even if users have agreed to share their information with your app.
Facebook partners with data companies like Factual and Datasift, but their partnerships are also limited to protect user information. Factual has access to all Facebook location information but it is primarily used to make sure their location's general information is accurate. Factual filters out all engagement or connection data. It is simply an index of places by category similar to the Google Places API.
Datasift was originally built to analyze posts on Twitter but Twitter bought their rival Gnip. Datasift had to pivot and partnered with Facebook. As a result, Datasift tries to simplify Facebook to a feed of posts they use to measure user sentiment. Through the partnership, they have access to all public post data but they must stay far away from being able to identify a specific user. This means Datasift is anonymous and restricted from exposing information in smaller areas than a country or a state.
You can gather and store as much information as the Facebook API will let you, but you must do it yourself. Through login permissions we can go far beyond anonymized demographics to access the people, the content and the businesses our users interact with. Facebook's self imposed limits between anonymity and its API expose an opportunity for a third party service to fill.
How it works
The Facebook API allows you to gather content from achievements to users. Each type of content is comprised of a different set of attributes. For example, the attributes that make up an exercise are start/end time, course, message, location, tags and image. The easiest way to understand what data is returned for each attribute is to experiment with the Graph API Explorer.
Attributes are kept up to date by the creators of the content or business owners themselves. This leads to a high level of accuracy by going straight to the source of information and not relying on third parties. After an app has permission from the user it can continually access this content as long as the user doesn’t change their Facebook password. This keeps the content fresh and always up to date.
The more permissions an app asks for usually means that it will have a lower conversion rate. To get around this, many companies create games, surveys, and other sites that ask for specific permissions. It is important to remember to provide context for the user to understand why they are agreeing to specific permissions.
The amount of content in the third party app grows asymptoticly with the number of users the third party app has. The content grows very quickly with the first few signins and approaches parity with the social platform database, but never reaches a complete duplicate. This can be a lot of information gathered very quickly and a database should be prepared to store large amounts of data. This is great because an app doesn't need thousands of users to gather a decent amount of content. When only ten to twenty people logged in in one city, we realized at Time Out, we had enough connections to events to provide a decent daily event discovery service of thousands of events for that city.
Even if all permissions have been agreed to, an app can still run in to limits, both written and unwritten. We found that some of these limits would increase as we gained more active users. To help, Facebook has also exposed some of it’s rate limiting for utilization.
Unwritten limits are even more complicated. For example, we created an app to pull all of a user’s photos off Facebook. There is no written limit of how many photos you can pull from Facebook but we consistently ran into an unwritten cap of around 1,000 photos for each user. To find these unwritten limits you have to experiment. We also found that sometimes content would come back form the platform and sometimes it wouldn’t. We had to call the platform multiple times to get all attributes to a single piece of content.
Where does this lead us?
The connections and content data available through the Facebook login is valuable to many different industries. When companies realize this resource is available they will want to outsource the gathering and storing of this data due to its technical and unstable nature. This can be done while staying within the parameters of the Facebook developer terms and conditions.
When a user logs in using the Facebook login, the user token can be passed to a third party to gather and store content acquired through each permission. This content can be served through a simple CMS or API back to the app to be consumed or analyzed. Individual companies could use this service or a group of companies work together to pull and share content.
I want to start a discussion about a social login content service, what information is available, and how it can be used. I have brainstormed a few uses of this content below. Please let me know your thoughts.
Potential uses split by complexity
Social lists for entertainment
Lists can be created for any type of content from any social media login and can be regularly updated. At Time Out, we matched our data with the corresponding Facebook events and pages. This allowed us to sort our reviews by popularity or connections to each logged in user. These lists can then be sorted by any attribute, even location. The sheer size of this data was much larger than our previous database and it allowed us to expand much farther than our old footprint of only 47 cities. Today, Time Out is in 107 cities and it could easily be in 1,000 and expanding its content to socially recommend movies, articles, or even running routes.
While using our app a user can share her location with us. Using the time, her location and a list of Facebook places we can infer what she wants to do. This allows us to create better recommendations, validate that she used one of our reviews, or build a more accurate demographic profile based on the locations she actually visited.
Simple analysis of content in lists can lead to meaningful conclusions, especially when these lists are combined with external information.
- Planning: By filtering event lists by attendance and location, we helped companies like Uber preemptively send cars to locations where multiple events had high attendance.
- Identify missing objects: Bike shops could see what routes people ride their bike to identify popular routes that lacked a bike shop
- Lead generation: An alcohol distributor could overlay their customer map with the map of bars and restaurants in an area to discover new bars to start a relationship
- Fraud detection: Payment companies could use the location information in their customer’s phone to indicate potential fraud when their customer's phone was not near the location where a purchase was made
- Customer sentiment: Analyzing the posts of pages, categories or users in an location could allow you to understand what the feeling is within a neighborhood, a category or business.
Predicting the future
At Time Out, we can regularly update our data to monitor changes in attributes such as attendees, checkins, and likes. By tracking these changes over time we can infer how well an event or business will do. Using these predictions we are also able to gain a greater understanding of our users. We can identify some users as tastemakers for specific locations and categories. When these tastemakers interact with a page or event, they are able to positively influence its outcome.
Other businesses have figured this out too. Foursquare recently used its data to predict a decline in Chipotle’s sales and Kabbage uses a Facebook "reputational smell test" to determine if a business should receive financing.
The city of Atlanta is made of neighborhoods and these neighborhoods grow at different speeds. Six years ago, I moved to a neighborhood called the Old 4th Ward because I saw a strong rise in quantity and attendance of Facebook events in that neighborhood. This rise in Facebook events was followed by a rise in engagement with the Facebook pages of local businesses, like restaurants and shops. In the years since I moved, the Old Fourth Ward's housing prices have risen 70% and developers have erected multiple new commercial, apartment and office buildings. I believe there is a strong correlational relationship between an increase in Facebook events and a following success of local businesses and rise real estate prices. Today there are many neighborhoods around the city that developers have expressed interest in but only a few are seeing the rise in Facebook events that I saw in the Old 4th Ward.
These are only a few uses I have found for the content and connections available through the Facebook API. I am very interested in your thoughts or ideas.
- 2016/05/18 The Complex Relationship Between Data and Cities, Florida, Richard, Citylab
- 2016/05/17 The Seventh Sense, Ramo, Joshua Cooper, Machete Book Group
- 2016/05/17 The End of Code, Tanz, Jason, Wired
- 2016/05/02 Inevitability in Technology, Evans, Benedict, ben-evans.com
- 2016/04/16 Mobile Marketing Statistics compilation, Chaffey, Dave, Smart Insights
- 2016/04/12 Foursquare Predicts Chipotle’s Q1 Sales Down Nearly 30%; Foot Traffic Reveals the Start of a Mixed
- 2016/04/12 Account Kit: SMS and Email Login Made Easy, Facebook F8
- 2016/04/12 Improving the Facebook Login Experience in your Apps, Facebook F8
- 2016/04/12 Deeper Insights with Facebook Analytics for Apps, Facebook F8
- 2016/04/12 Facebook Pages: The Mobile Solution for Businesses, Facebook F8
- 2016/02/04 Three and a half degrees of separation Research at Facebook
- 2016/01/20 Millennials: Global Citizens First, Americans Second, Reinvent
- 2016/01/16 Who Controls Your Facebook Feed, Oremus, Will, Slated
- 2015 Consumer Privacy and Personalization, Gigya
- 2015/12/11 Factual raises $35 mln Series B funding from investor group, Chris Witkowsky, Buyouts Insider
- 2015/07 The Landscape of Customer Identidy, Gigya
- 2015/06/07 The Great Charter, Solon, Matthew, Afonica Sound Productions
- 2015/04/03 Social Login Trends Across the Web: Q1 2015, Alexandra Larralde, Janrain
- 2015/03/24 Facebook’s Timehop Clone “On This Day” Shows You Your Posts From Years Ago Constine, Josh, TechCrunch
- 2015/03/10 Topic Data: Learn What Matters to Your Audience, Facebook for business
- 2015/03/09 How we built Facebook Lite for every Android phone and network, Roy, Gautam, code.facebook
- 2014/09/14 Want a loan for your business? The loan officer is checking your Facebook and Twitter comments, Steve Viuker, The Guardian
- 2013/12/13 Giraph, Hugh Malkin
- 2013/08/08 Advice for Building a Startup Inside Someone Else’s Ecosystem: Don’t Jason Calacanis, LinkedIn
- 2013/08/01 You Might Have an Invisible Facebook Account Even if You Never Signed Up, Austin Ruthruff, GroovyPost
- 2010/08/17 The Web is Dead. Long Live the Internet, Anderson, Chris and Wolff, Michael, Wired
- 2009/06/29 The Wired Interview: Facebook's Mark Zuckerberg, Vogelstein, Fred, Wired
- Recovery, Jeff Gluck, Medium
- PYLON for Facebook Topic Data, Datasift
- Facebook Support for Gnip, Gnip
- Data Policy Facebook Developer Portal
- Rate Limiting on the Graph API, Facebook Developer Portal
- Open Graph Reference Documentation, Facebook Developer Portal
- Facebook Login Best Practices, Facebook Developer Portal
- Account Kit, Facebook Developer Portal
- Analytics for Apps, Facebook Developer Portal
- Facebook pixel, Facebook Developer Portal
- Profile Field Descriptions, Linkedin Developer Platform
- Permissions and Limits, Linkedin Developer Platform
- Getting started with the Pinterest platform, Pinterest Developer Platform
- API Overview, Twitter Developer Platform
- API Rate Limits, Twitter Developer Platform
- API Endpoints, Instagram Developer Platform
- Rate Limits, Instagram Developer Platform
- API Endpoints, Foursquare for Developers
- Rate Limits, Foursquare for Developers
- Google+ API, Google+ Platform for Web
- Quota, Google+ Platform for Web
- Social Login Providers, Gigya
- Provider Guide, Janrain
- Time Out World, Time Out
- Restaurants in Atlanta, Time Out