kmahar
commented
7 years ago https://brid.gy/ suggestion from @karger
Open amyxzhang opened 7 years ago
kmahar
commented
7 years ago https://brid.gy/ suggestion from @karger
amyxzhang
commented
7 years ago initial tests have confirmed that technically I can do the following: 1) as an admin, I can post or reply on a FB post via API. 2) as admin, I can read all posts on a FB group via API.
Now in terms of FB's policies: There are some rules about things like autopopulating message content, which is forbidden. So an admin posting a message from someone else who emailed murmur (that we autopopulate) would not be allowed, probably. We could maybe get around this by not populating the message content but instead using a "Tag" (like what you see autopopulated under news links), which can show something like 2-4 sentences and a link to see the rest of the post.
Apps are also not allowed to post to FB automatically. Each post needs explicit consent from the user. So the admin would need to go through and manually post each post coming through email, which would probably sit in a queue.
All the above will require me to petition Facebook for permissions for this app. I need to do things like make a screencast and write down a walkthrough, so I assume they have people checking carefully how the permissions are used.
So given this it seems like this might not be feasible in the way we imagined. Let me know if you have thoughts.
karger
commented
7 years ago In other words, haystack doesn't want anyone to write bridges to their content. not surprising I guess.
I presume they are ok with outgoing (pushing from fb to email).
what if we give the admin or other delegates of a group a bookmarklet or something like that would "manually" post anything in the murmur queue for that app when they click the bookmark?
On 12/7/2016 10:27 PM, Amy Zhang wrote:
initial tests have confirmed that /technically/ I can do the following: 1) as an admin, I can post or reply on a FB post via API. 2) as admin, I can read all posts on a FB group via API.
Now in terms of FB's policies: There are some rules about things like autopopulating message content, which is forbidden. So an admin posting a message from someone else who emailed murmur (that we autopopulate) would not be allowed, probably. We could maybe get around this by not populating the message content but instead using a "Tag" (like what you see autopopulated under news links), which can show something like 2-4 sentences and a link to see the rest of the post.
Apps are also not allowed to post to FB automatically. Each post needs explicit consent from the user. So the admin would need to go through and manually post each post coming through email, which would probably sit in a queue.
All the above will require me to petition Facebook for permissions for this app. I need to do things like make a screencast and write down a walkthrough, so I assume they have people checking carefully how the permissions are used.
So given this it seems like this might not be feasible in the way we imagined. Let me know if you have thoughts.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265643606, or mute the thread https://github.com/notifications/unsubscribe-auth/ABFpXtRD6A9fHJgWTr57J9kIEz7UZ_Bvks5rF3kmgaJpZM4KFU-f.
amyxzhang
commented
7 years ago I don't see how making it a bookmarklet changes the optics. Technically, it's all possible but I have to demonstrate to FB how the messages get made and this still seems clearly to be a violation of the "autopopulate" rule. We might just not able to get away with putting that email content inside the FB post text. I think the Tag feature might be an option...but it is kind of annoying that you'd have to click to see the rest of the text in a new page on Murmur if the post is long. Another potential and kind of awful option is to turn the text into an image and post the image, since you can upload media.
As for draining a queue, yes we should try to make it easier for the admins. We could send them an email that they have messages to "moderate" and they need to go to a link to push ok for each one. I don't know if pushing 1 button to release all the emails is ok (probably is..).
On Wed, Dec 7, 2016 at 11:14 PM, David Karger notifications@github.com wrote:
In other words, haystack doesn't want anyone to write bridges to their content. not surprising I guess.
I presume they are ok with outgoing (pushing from fb to email).
what if we give the admin or other delegates of a group a bookmarklet or something like that would "manually" post anything in the murmur queue for that app when they click the bookmark?
On 12/7/2016 10:27 PM, Amy Zhang wrote:
initial tests have confirmed that /technically/ I can do the following: 1) as an admin, I can post or reply on a FB post via API. 2) as admin, I can read all posts on a FB group via API.
Now in terms of FB's policies: There are some rules about things like autopopulating message content, which is forbidden. So an admin posting a message from someone else who emailed murmur (that we autopopulate) would not be allowed, probably. We could maybe get around this by not populating the message content but instead using a "Tag" (like what you see autopopulated under news links), which can show something like 2-4 sentences and a link to see the rest of the post.
Apps are also not allowed to post to FB automatically. Each post needs explicit consent from the user. So the admin would need to go through and manually post each post coming through email, which would probably sit in a queue.
All the above will require me to petition Facebook for permissions for this app. I need to do things like make a screencast and write down a walkthrough, so I assume they have people checking carefully how the permissions are used.
So given this it seems like this might not be feasible in the way we imagined. Let me know if you have thoughts.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265643606, or mute the thread https://github.com/notifications/unsubscribe-auth/ ABFpXtRD6A9fHJgWTr57J9kIEz7UZ_Bvks5rF3kmgaJpZM4KFU-f.
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265648828, or mute the thread https://github.com/notifications/unsubscribe-auth/ABPdygySGGNVG0wbW_vB1w5ShItK_XNEks5rF4QrgaJpZM4KFU-f .
-- Amy X. Zhang | Ph.D. student at MIT CSAIL | http://people.csail.mit.edu/axz | @amyxzh
karger
commented
7 years ago On 12/7/2016 11:58 PM, Amy Zhang wrote:
I don't see how making it a bookmarklet changes the optics. Technically, it's all possible but I have to demonstrate to FB how the messages get made and this still seems clearly to be a violation of the "autopopulate" rule. We might just not able to get away with putting that email content inside the FB post text. I think the Tag feature might be an option...but it is kind of annoying that you'd have to click to see the rest of the text in a new page on Murmur if the post is long. Another potential and kind of awful option is to turn the text into an image and post the image, since you can upload media. probably I still don't get what is/isn't allowed. If the moderator clicks a bookmarklet then it's not autopopulating, right? we're just letting the moderator copy and paste.
and what is it that triggers the need to demonstrate? Note that if the bookmarklet just manipulates the page to make a post, then there is no app to be approved....
As for draining a queue, yes we should try to make it easier for the admins. We could send them an email that they have messages to "moderate" and they need to go to a link to push ok for each one. I don't know if pushing 1 button to release all the emails is ok (probably is..).
On Wed, Dec 7, 2016 at 11:14 PM, David Karger notifications@github.com wrote:
In other words, haystack doesn't want anyone to write bridges to their content. not surprising I guess.
I presume they are ok with outgoing (pushing from fb to email).
what if we give the admin or other delegates of a group a bookmarklet or something like that would "manually" post anything in the murmur queue for that app when they click the bookmark?
On 12/7/2016 10:27 PM, Amy Zhang wrote:
initial tests have confirmed that /technically/ I can do the following: 1) as an admin, I can post or reply on a FB post via API. 2) as admin, I can read all posts on a FB group via API.
Now in terms of FB's policies: There are some rules about things like autopopulating message content, which is forbidden. So an admin posting a message from someone else who emailed murmur (that we autopopulate) would not be allowed, probably. We could maybe get around this by not populating the message content but instead using a "Tag" (like what you see autopopulated under news links), which can show something like 2-4 sentences and a link to see the rest of the post.
Apps are also not allowed to post to FB automatically. Each post needs explicit consent from the user. So the admin would need to go through and manually post each post coming through email, which would probably sit in a queue.
All the above will require me to petition Facebook for permissions for this app. I need to do things like make a screencast and write down a walkthrough, so I assume they have people checking carefully how the permissions are used.
So given this it seems like this might not be feasible in the way we imagined. Let me know if you have thoughts.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265643606, or mute the thread https://github.com/notifications/unsubscribe-auth/ ABFpXtRD6A9fHJgWTr57J9kIEz7UZ_Bvks5rF3kmgaJpZM4KFU-f.
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub
https://github.com/haystack/murmur/issues/91#issuecomment-265648828, or mute the thread
-- Amy X. Zhang | Ph.D. student at MIT CSAIL | http://people.csail.mit.edu/axz | @amyxzh
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265653177, or mute the thread https://github.com/notifications/unsubscribe-auth/ABFpXl_mLdZ-CvaVQnrtz6UiEhzjj1hzks5rF45bgaJpZM4KFU-f.
kmahar
commented
7 years ago I believe we would still need an app to exist in order to pull things from a FB group back to Murmur (not sure that requires the same approval process though)
karger
commented
7 years ago On 12/8/2016 1:52 PM, Kaitlin Mahar wrote:
I believe we would still need an app to exist in order to pull things from a FB group back to Murmur (not sure that requires the same approval process though)
yes, an app to read from facebook is necessary but also easy; it's the write-back that's tricky.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265822043, or mute the thread https://github.com/notifications/unsubscribe-auth/ABFpXjZ5IL3dcDomdleYoRPnoNAcOVkyks5rGFH2gaJpZM4KFU-f.
amyxzhang
commented
7 years ago We could have a bookmarklet but basically this means obfuscating from FB's app review team the real nature of how the app will be used to write content to the group.
Yes, we still need an app and we still to request permission to be able to have an admin post to a FB group at all (or read from a FB group).
On Thu, Dec 8, 2016 at 1:55 PM, David Karger notifications@github.com wrote:
On 12/8/2016 1:52 PM, Kaitlin Mahar wrote:
I believe we would still need an app to exist in order to pull things from a FB group back to Murmur (not sure that requires the same approval process though)
yes, an app to read from facebook is necessary but also easy; it's the write-back that's tricky.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265822043, or mute the thread https://github.com/notifications/unsubscribe-auth/ ABFpXjZ5IL3dcDomdleYoRPnoNAcOVkyks5rGFH2gaJpZM4KFU-f.
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265822846, or mute the thread https://github.com/notifications/unsubscribe-auth/ABPdyia1ThI09qlAykFpdBIkbFuLzjP8ks5rGFKpgaJpZM4KFU-f .
-- Amy X. Zhang | Ph.D. student at MIT CSAIL | http://people.csail.mit.edu/axz | @amyxzh
karger
commented
7 years ago On 12/8/2016 1:59 PM, Amy Zhang wrote:
We could have a bookmarklet but basically this means obfuscating from FB's app review team the real nature of how the app will be used to write content to the group. I don't think it is obfuscation if the app is only responsible for reading from the group.
Yes, we still need an app and we still to request permission to be able to have an admin post to a FB group at all (or read from a FB book). Wait, an admin is already allowed to manually post to their own group, right?
For posting, I think of the bookmarklet as a more convenient version of copy and paste, which surely is considered manual?
On Thu, Dec 8, 2016 at 1:55 PM, David Karger notifications@github.com wrote:
On 12/8/2016 1:52 PM, Kaitlin Mahar wrote:
I believe we would still need an app to exist in order to pull things from a FB group back to Murmur (not sure that requires the same approval process though)
yes, an app to read from facebook is necessary but also easy; it's the write-back that's tricky.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265822043, or mute the thread https://github.com/notifications/unsubscribe-auth/ ABFpXjZ5IL3dcDomdleYoRPnoNAcOVkyks5rGFH2gaJpZM4KFU-f.
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub
https://github.com/haystack/murmur/issues/91#issuecomment-265822846, or mute the thread
-- Amy X. Zhang | Ph.D. student at MIT CSAIL | http://people.csail.mit.edu/axz | @amyxzh
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265823788, or mute the thread https://github.com/notifications/unsubscribe-auth/ABFpXkKjh3jA6ypPYy0-H7OqgCZaziNSks5rGFN7gaJpZM4KFU-f.
amyxzhang
commented
7 years ago Ah. You mean for a non-API usage. Yes that could circumvent FB's policies. Can bookmarklets talk to a server? If not, we could make it a browser extension. This could potentially get tricky though (people are also going to want to reply to posts and not just post things so we'll need to trigger the right reply button and populate the right text fields).
On Thu, Dec 8, 2016 at 2:02 PM, David Karger notifications@github.com wrote:
On 12/8/2016 1:59 PM, Amy Zhang wrote:
We could have a bookmarklet but basically this means obfuscating from FB's app review team the real nature of how the app will be used to write content to the group. I don't think it is obfuscation if the app is only responsible for reading from the group.
Yes, we still need an app and we still to request permission to be able to have an admin post to a FB group at all (or read from a FB book). Wait, an admin is already allowed to manually post to their own group, right?
For posting, I think of the bookmarklet as a more convenient version of copy and paste, which surely is considered manual?
On Thu, Dec 8, 2016 at 1:55 PM, David Karger notifications@github.com wrote:
On 12/8/2016 1:52 PM, Kaitlin Mahar wrote:
I believe we would still need an app to exist in order to pull things from a FB group back to Murmur (not sure that requires the same approval process though)
yes, an app to read from facebook is necessary but also easy; it's the write-back that's tricky.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://github.com/haystack/murmur/issues/91#issuecomment-265822043 , or mute the thread https://github.com/notifications/unsubscribe-auth/ ABFpXjZ5IL3dcDomdleYoRPnoNAcOVkyks5rGFH2gaJpZM4KFU-f.
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub
https://github.com/haystack/murmur/issues/91#issuecomment-265822846, or mute the thread
-- Amy X. Zhang | Ph.D. student at MIT CSAIL | http://people.csail.mit.edu/axz | @amyxzh
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265823788, or mute the thread https://github.com/notifications/unsubscribe-auth/ABFpXkKjh3jA6ypPYy0- H7OqgCZaziNSks5rGFN7gaJpZM4KFU-f.
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265824634, or mute the thread https://github.com/notifications/unsubscribe-auth/ABPdyg-vyM_E6uEsS8Ee-hvyYM5ydh9gks5rGFQ3gaJpZM4KFU-f .
-- Amy X. Zhang | Ph.D. student at MIT CSAIL | http://people.csail.mit.edu/axz | @amyxzh
karger
commented
7 years ago bookmarklets can invoke arbitrary js on the page where they are
clicked. most directly, you can use them to trigger click events on
buttons, which will then do whatever clicking the button does (though I
think there may be some ways for the page designers to block this).
Alternatively, they can call whatever js is called by widgets on the
page, though this may require prospecting through the obscured fb code
to find the right api calls.
On 12/08/2016 02:10 PM, Amy Zhang wrote:
Ah. You mean for a non-API usage. Yes that could circumvent FB's policies. Can bookmarklets talk to a server? If not, we could make it a browser extension. This could potentially get tricky though (people are also going to want to reply to posts and not just post things so we'll need to trigger the right reply button and populate the right text fields).
On Thu, Dec 8, 2016 at 2:02 PM, David Karger notifications@github.com wrote:
On 12/8/2016 1:59 PM, Amy Zhang wrote:
We could have a bookmarklet but basically this means obfuscating from FB's app review team the real nature of how the app will be used to write content to the group. I don't think it is obfuscation if the app is only responsible for reading from the group.
Yes, we still need an app and we still to request permission to be able to have an admin post to a FB group at all (or read from a FB book). Wait, an admin is already allowed to manually post to their own group, right?
For posting, I think of the bookmarklet as a more convenient version of copy and paste, which surely is considered manual?
On Thu, Dec 8, 2016 at 1:55 PM, David Karger notifications@github.com wrote:
On 12/8/2016 1:52 PM, Kaitlin Mahar wrote:
I believe we would still need an app to exist in order to pull things from a FB group back to Murmur (not sure that requires the same approval process though)
yes, an app to read from facebook is necessary but also easy; it's the write-back that's tricky.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub
<https://github.com/haystack/murmur/issues/91#issuecomment-265822043 , or mute the thread https://github.com/notifications/unsubscribe-auth/ ABFpXjZ5IL3dcDomdleYoRPnoNAcOVkyks5rGFH2gaJpZM4KFU-f.
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub
https://github.com/haystack/murmur/issues/91#issuecomment-265822846, or mute the thread
-- Amy X. Zhang | Ph.D. student at MIT CSAIL | http://people.csail.mit.edu/axz | @amyxzh
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265823788, or mute the thread
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub
https://github.com/haystack/murmur/issues/91#issuecomment-265824634, or mute the thread
-- Amy X. Zhang | Ph.D. student at MIT CSAIL | http://people.csail.mit.edu/axz | @amyxzh
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/haystack/murmur/issues/91#issuecomment-265826542, or mute the thread https://github.com/notifications/unsubscribe-auth/ABFpXgH_Vc9e_WGIbyWo2nSVHo95qIg5ks5rGFYOgaJpZM4KFU-f.
Allow Facebook Group users to also use Murmur.