54 comments

[ 2.9 ms ] story [ 110 ms ] thread
Would anyone care to explain roughly what it does?
This is what it looks like when you give it permission: http://i.imgur.com/nAvhx.jpg

Pretty self-explanatory once you get to that page, but there should be an explanation on the index.

Thanks for the input...will get on that ASAP.
Without trying it for obvious reasons, going off the HTML, I'm guessing it just posts a load of status updates on various topics, eg "Posts ridiculous lyrics and statuses about love for artists like Nickelback."
And API access will be revoked in 5...4...3...2...
(comment deleted)
I call BS. There is a snowball's chance in hell Facebook have seen this, let alone approved it. One of the options is to defriend everybody. How is this not a malicious action?
That option is a joke and isn't an actual option. If you click it we give you an alert: "you can't actually be that mean."
The other options allow you to post content on someone else's behalf, without their consent. That is unauthorised access, and probably against their ToS. I would be extremely surprised, and concerned, if it was not.

Your footer is just hilarious of course. You claim that you do condone unauthorised access to other people's Facebook accounts, on a site who's only function is to let you make unauthorised access to someone else's Facebook account.

Agreed. How is this any different than taking over a friends email account or cell phone and deleting data or sending malicious messages? There is nothing interesting or clever about this.
Remove all friends sounds malicious to me. Must say that I haven't tried the app myself.
That button doesn't actually do that. It's a joke we added in.
From as many times as I've seen you have to explain it, I don't think anyone is getting the 'joke'. May be better to remove it and avoid the jabs.
For sure...we removed it right after we got the feedback from HN.
"Did a friend leave Facebook open? Mess with it now" sure sounds like encouraging unauthorized access to me, tiny "in no way encourages" message notwithstanding. If it actually removes all friends like the button says it does, that's definitely malicious.

Further, the "We only use the word Hack in our name to concisely disclaim the site's ability to mess with one's facebook account." makes very little sense at all. Did you mean proclaim instead of disclaim?

That option is a joke and isn't an actual option. If you click it we give you an alert: "you can't actually be that mean."
If it doesn't encourage, it certainly enables. The whole point of the site is to let you exploit unauthorised access to somebody else's Facebook account. The footer is a non sequitur.
Your app gives Facebook bad publicity. That's pretty much the gist of it.

See Breakup Notifier[1] and Girls Around Me[2] for services that did nothing else but highlight what the platform allowed people to do.

Breakup Notifier (later Crush Notifier) later managed to get on Facebook again, so if (when) you get shut down, try contacting the guys behind the service to see what they did. There are a couple of HN submissions about them.

[1]: http://news.ycombinator.com/item?id=2255232

[2]: http://techcrunch.com/2012/03/30/girls-around-me-creeper-app...

Hey guys - I'm one of the FB engineers at Penn. This app has a great looking design but definitely goes against the spirit of the platform as well as our TOS.

With that said, next time please seek us out at the hack (I have a hard time believing anyone OK'd this) and we can work with you to ensure that your app can be funny but still benefit users in a meaningful way.

Clarification: FB representatives here only ok'ed the use of our flavors concept, not the spirit of our app.

While setting a facebook flavor alone isn't against the Facebook TOS, we realize that directly encouraging people to jump on their friends' Facebooks is clearly against the spirit of the platform.

Facebook can't revoke the API, because the site clearly states in the footer that "Buddy Hack in no way encourages the usage of any Facebook account other than your own." That seems waterproof to me.
In the world of walled gardens like this, there is no rule of law. If they don't like it, they can revoke access.
I was making an irony.
Oh, i didn't realize. Now that you say so, it seems obvious.
Let's say your friend just left their Facebook logged in at your house or got up from their laptop to go to the bathroom for a minute. You're tempted to mess with their Facebook, but don't know where to start or don't have enough time. Just go to http://buddyhack.com, sign in with Facebook, and we will help you hilariously mess with your friend in under a minute!
Oh, high-larious. Especially "defriending every single friend". How is this non-malicious again? Is this undoable?
Click it....it tells you that you shouldn't be that mean.
(comment deleted)
I appreciate how they were mature and stayed away from inappropriate content. The hack can still be funny without the need to be gay, racist, sexest, etc. I personally like the "It's Your Birthday" one. Props guys!
That was exactly our aim.
Do everyone a favor and get rid of this. There is nothing OK with making light of identity theft. And quite trying to absolve yourself of any responsibility
It would appear it's already been blocked by FB: "An error occurred with Buddy Hack. Please try again later."
yeah....someone reported us for our defriend all button; that button is actually a joke and just gives an alert "you can't actually be that mean"
We just got reported by several users and got temporarily restricted on Facebook.
I am an engineer working on Platform Integrity at Facebook. Just as friends can't consent to transferring friend data outside of an app, they also can't consent to an app taking actions on their friends' behalf (such as posting a story when the friend didn't consent to it). Even if it's funny.
It's people taking actions on behalf of themselves.
People just happen to be using it innapropriately.
Because you're inducing them to do so. I think your app is funny, but the language makes it clear that the intent is at odds with FB's platform rules.
Yeah...we've come to see that the language was encouraging behavior that was clearly against the spirit of the Facebook platform. We have since removed most of that language.
How does changing the language absolve you from the implications of your malicious app.
It can't be used appropriately.
From the homepage: "BuddyHack: Did a friend leave Facebook open? Mess with it now."

It's an app designed to be authorized on someone else's account. You make that pretty clear.

Any way to get ahold of you guys and ask questions about ideas etc to help understand what is legal before building it?
Best ways are to check https://developers.facebook.com/policy/ thoroughly - it's actually a very well written and concise set of policies - or come see us at one of the hackathons we frequently run (such as the UPenn one mentioned in this thread).
How would you "quickly undo" an action that defriends everybody?
That would be a pretty bad joke but it someone doesn't sign out of their Facebook or email account on a share computer, they kind of deserve it.
Why on Earth would someone deserve to lose all their friends because they accidentally didn't log out on a shared computer?
That button was actually just a joke; it brought up an alert saying "Come on, you can't really be that mean!"
If you've removed any language suggesting that this should be used to gain and exploit unauthorised access to somebody elses Facebook account (I presume that means you will be registering new domain name for the app) then what is the point of it any more? Why would I want to click a button to post a bunch of fake stuff to my wall? That would be like #poopin yourself. Utterly pointless.
http://hackmyfacebook.com

People are hitting the site and using it. I wasn't sure if it was a real use case either; but our conversion rate for hitting the site and actually using it is even higher than before, so I guess some people think otherwise.