<i>I didn't sleep well that night.</i><p><i>Finding my friends' old events crossed a moral boundary I honestly didn't expect to encounter.</i><p><i>What makes this all rather chilling...</i><p>Over-dramatic much? None of this is secret, or underhanded, or arguably even a violation of privacy. If you don't want your friends to see stuff, don't post it on Facebook. And if you don't want a particular person to see it, including some guy messing around with the API, don't be friends with that person.<p>It sounds like this guy is trying to make a mountain out of a molehill for the sake of attention, to be honest.
Once you put in in the public sector of the Internet it is always there. If people always operate under this assumption they will be fine (yes I realize in certain cases information may not be cached before it is removed.)<p>You shouldn't enter any information on a social networking site that you don't want everyone to see, no matter what the privacy settings tell you. Personally I am wary of sending sensitive information of any kind to a remote machine (of course I do it anyway <i>ahem</i> Gmail, <i>ahem</i> Amazon, <i>ahem</i> etc.) But to expect that you will be able to enter information on a social network and only have a subset of that site's users have access to it is much too high an expectation. No offense to Facebook but it is a difficult enough task to implement an efficient technical solution to this problem. But that is before you take into account the difficulty of explaining complex (or even simple) privacy controls to your users.<p>This is a really great demonstration of the privacy illusion but the illusion should not even exist. We should all lower our expectation of privacy on Facebook. Again, no offense to Facebook, but they can't meet the unreasonable standard set by some.<p>[Addendum]<p>* Facebook is not a private site. The term "privacy controls" is really misleading and should really be called something else that helps people understand how short they can fall of giving you true privacy.<p>* It is called a social network but our virtual societies have different rules than the real world. One notable issue is the Whiteboard Problem (yes I gave it a stupid name): The Facebook stream is like a whiteboard that you have given your friends access to but you can write comments on your whiteboard and they can write on yours. So whoever can see their whiteboard, whether they know you, can see what you wrote and learn of your existence.<p>* Another issue, the rules of information are completely different. Referencing the hypothetical swingers in other comments on this submission if I am a) invited to my "swinger conference", b) I accept the invitation, and c) we take lots of pictures only the diffusion of that information has strict constraints in the physical world. Once it is on Facebook a) non-swingers will likely have access to my swinger invite, b) non-swingers can see my response, maybe even in their stream and c) they may find my photos (last time I checked private Facebook photos are relatively easy to access.)<p>Once again, treat Facebook like a public whiteboard that represents you. For the most part only people you know wil see it but keep it blemish free just in case. So no "swinger conferences" on FB.
> "I didn't expect it to share info when people had declined those events."<p>Just to clarify, does this mean events you replied "No" to, or events where you clicked "Remove from My Events"? If an API call surfaces the the latter, that would indeed be worrying.