TechCrunch re-rumored the possibility of changes to Facebook Connect, including changes to FB’s data retention policy for developers, which (as the post points out) are a) onerous and b) unenforceable.
Facebook Connect’s current terms of service prevent any third-party applications from storing data obtained through the API for more than 24 hours. And what is available through the API? If you authorize a thrid-party application using FBC, then basically anything in your profile is available to that application or site, including things like your avatar, your friend network and lots of biographical data. Notably, your email address is not always directly available — developers only get access to a proxy unless you explicitly grant otherwise. In any case, all of this is cacheable for only 24 hours. After that you have to refresh the data from Facebook directly or delete it.
If this were to change, there would be much rejoicing among FB developers. Lots of effort is spent making sure that data is properly refreshed. Many would also like to see default direct access to the person’s real email address.
It’s difficult to background-spoof a local account using unstable data (which is essentially what most Facebook Connect website integrations attempt to do) especially since a real email address is not always available, and moreover cannot be relied upon for more than 24 hours. This has caused many sites (see, for example Huffington Post Social News) to ask for additional information directly from the user (and sometimes a lot of it) at the time someone connects using FB, a requirement which vastly reduces FBC’s utility as a SSO technology, but allows the site to permanently retain that data, since it did not originate from FB.
So here, O Facebook, is my wish-list: a real email address by default, and the ability to permanently cache certain data as long as the user remains connected to my app. What else should be on my wish list?