Massive hat tip to Amanda Rush for pointing this out to me.
Facebook is dropping support for apps to publish. I quote their recent post on policy updates:
publish_actionspermission will be deprecated. This permission granted apps access to publish posts to Facebook as the logged in user. Apps created from today onwards will not have access to this permission. Apps created before today that have been previously approved to request
publish_actionscan continue to do so until August 1, 2018. No further apps will be approved to use
publish_actionsvia app review. Developers currently utilizing
publish_actionsare encouraged to switch to Facebook’s Share dialogs for web, iOS and Android.
What is a Publish Action? What is a Publish Action?
Facebook uses actions to do ‘things’ within Facebook itself. A publish action is, logically, an action that triggers a publish of a post. When you create a Facebook app, you grant it special permissions to do specific actions, in order to prevent people from posting to your Facebook feed when they shouldn’t. If you’ve ever seen one of those popups like this, Facebook is asking you to confirm permissions:
Most common are things that read content, like your posts and your friends, and so on. A
publish_action would be like having your WordPress site automatically make a post on Facebook when you publish a post on your blog.
Why Are They Doing This? Why Are They Doing This?
The argument is that Facebook is maturing and “taking user privacy seriously” because the majority of people never read what permissions they’re granting, or who they’re going to be spamming with the cross posts. The reality? They’re locking down Facebook so if you want to get traffic from Facebook and your articles, you have to manually post them.
Now. I hate artificial (and real) monopolies as much as the next nerd, and I do think this is a really cretinous move. But at the same time, by preventing auto-posting, they actually now have a way to combat fake news.
If you watch The Good Fight, then you may have seen an episode where a bot script auto-generated posts, purporting to be someone, using fake news sites that people spun up. In season one, that was used to discredit Maia on Twitter. In season two, they took it to Facebook and demonstrated how the fake news sites could be used to target jurors and ensure they got the news.
Seriously everyone needs to watch The Good Fight. They’re brilliant.
But the point is this, by restricting people from auto-posting, then someone has to log in and make connections and it’s much easier to track behaviour. Facebook can block a VPN, but they can’t block Amazon AWS servers, after all. And those auto-posts are going to show as coming from your server, not your personal account.
Do I Need to Care? Do I Need to Care?
Do you use Jetpack’s Publicize to post to your personal account? Then yes. Maybe. I don’t actually know what Jetpack’s going to do about this. My contact (i.e. my friend) just said they were on it, but I imagine there’s a lot of cursing in the background.
Now, notice how I said personal account? And maybe?
I noticed that Buffer, an app that auto-posts tweets and Facebook posts, said they’d be fine. On the other hand, Bridgely said they’re killing off their Facebook publish because of this. And on Facebook’s documentation for the APIs, the post to personal timelines information is gone, but the post to pages is still there.
Which means I have no idea how horrible this will be. An incomplete block means spammers and fake reporters will move to posting to pages, which many users can post to. I can’t see how that will move the needle very far at all.
Overall, I hate this and I think it’s a good thing.