Facebook Begins Prepping Developers for Its New Off-Facebook Activity Tool

Facebook Login may be impacted once people start using it

Off-Facebook Activity began rolling out Tuesday in Ireland, South Korea and Spain - Credit by Facebook
Headshot of David Cohen

Facebook began preparing developers for the Off-Facebook Activity tool it unveiled Tuesday, even though the tool is currently available only in Ireland, South Korea and Spain.

Software engineer Brad Hill cautioned in a blog post that Facebook Login may be impacted once users gain access to the Off-Facebook Activity tool and begin using it.

He wrote, “When people exercise control to clear their Off-Facebook Activity or disconnect future activity, their user access tokens for third-party applications or websites where they used Facebook Login will be invalidated, and they may be logged out of the app or website. When they do log back in, the app or website will receive the same App Scoped ID they previously had to preserve continuity.”

Off-Facebook Activity was initially called Clear History when Facebook CEO Mark Zuckerberg first discussed at the social network’s F8 developers conference in May 2018.

The tool will enable people to see and control the data that other apps and websites share with the social network via online business tools such as the Facebook pixel or Facebook Login, and all of that information can be disconnected from Facebook, covering what has already been shared and halting any future sharing.

This can be done for all activity off the social network or just for specific apps and sites.

When a user clears off-Facebook activity, their identifying information is removed from the data sent to the social network by apps and websites, so Facebook will not know which apps and websites they visited or used, or what they did on those properties.

Hill shared the following best practices for developers to ensure that they are ready for the ongoing rollout of Off-Facebook Activity:

  • When someone uses the tool and then wants to log back into an app or website, that user should be prompted to do so when that app or website is opened again. Should they choose to do this via Facebook Login, they must reauthorize any applicable permissions.
  • When someone is actively using an app or website that they logged into via Facebook Login, developers should make sure their user access token is still valid by making an API (application-programming interface) call or checking permissions. Users must be logged out if they access tokens are no longer valid.
  • Check which permissions were granted to apps or websites by active users.
  • Implement a data-deletion callback in order to respond to requests to delete data that Facebook has about people via apps and websites.

david.cohen@adweek.com David Cohen is editor of Adweek's Social Pro Daily.