Can an API Steal Data?

John Musser, October 9th, 2007

In a very lively forum thread over at Flickr there’s a discussion/debate about the Flickr API, data ownership, copyright, and mashups. In a nutshell, a Flickr member, Austen Haines, noticed that some of his photos were appearing in the mashup Adactio Elsewhere even though he had flagged them All Rights Reserved (ARR). The mashup developer, Jeremy Keith, replied and noted that this was just the behavior of the API and that it “sounds like there’s a glitch in the system”. The discussion is still ongoing, and the initial thread kicked-off a second thread, this with the provacative title Flickr photos stolen by the thousands through the Flickr API. (And interesting to note that our Adactio mashup profile is one of the earliest mashups listed on ProgrammableWeb and is consistently ranked in the top 20 of our all-time most popular mashups.)

In his own blog post on this “shitstorm”, Lock up Your Data?, Jeremy talks more about how this also becomes a Google search-related issue because his mashup gets deep-linked by the search engine which in turn makes the photos much more accessible. To address some of Flickr members’ concerns he has now blocked any indexing on pages that show their photos and then asks:

As sites like Flickr and move from having early adopters into the mainstream, this issue becomes more important. What isn’t clear is how the moral responsibility should be distributed. Should Flickr provide clearer rules for API use? Should Google index less? Should the people publishing photos take more care in choosing when to mark photos as public and when to mark photos as private? Should developers (like myself) be more cautious in what we allow our applications to do with the API?

Flickr has a good track record of supporting both their developers and their passionate community. They’re paying attention to this issue. Flickr’s Paul Hammond noted that “There’s a healthy debate going on at Flickr HQ as to what our response should be…Our hands are also tied slightly by the huge number of applications that rely on the existing behaviour of the API. If we make changes too quickly, we’d break a lot of things (like, say, fd’s flickr toys) that a lot of flickr users love…We’re interested in hearing everyone’s point of view.” [via]

Both comments and pings are currently closed.

7 Responses to “Can an API Steal Data?”

October 9th, 2007
at 1:29 am
Comment by: google » Can an API Steal Data?

[...] Check it out! While looking through the blogosphere we stumbled on an interesting post today.Here’s a quick excerptIn a very lively forum thread over at Flickr there’s a discussion/debate about the Flickr API , data ownership, copyright, and mashups. [...]

October 9th, 2007
at 5:10 am
Comment by: Fabian

Flickr users can easily opt out their pictures from being accessible by the API or public searches on Flickr – without locking away their pictures as private. It’s just one mouse click in the preferences…

October 9th, 2007
at 6:12 pm
Comment by: Gerard van Enk

@Fabian the API opt out option is only to remove your images from the API search results. It will still show your images when accessing your username directly with the API.

October 11th, 2007
at 4:04 am
Comment by: A Million Thoughts NL » APIs, Mashups en copyright

[...] las ik op een artikel met de titel “Can an API Steal Data”. Een Flickr gebruiker is erachter gekomen dat zijn foto’s in een Mashup (Adactio Elsewhere) [...]

October 19th, 2007
at 8:34 am
Comment by: / blog » Slideoo: a cool tool for displaying your Flickr-photos

[...] enter a Flickr username (Preferably your own, if you don’t want to go into lengthy arguments with Flickr-users about whether or not an API can steal data) [...]

June 9th, 2008
at 6:07 am
Comment by: "Iemand steelt mijn Flickr foto’s!" Copyright inbreuk of Flickr API probleem? | Weblog Pascal Van Hecke

[...] Eigenlijk draait alles om een dieperliggend probleem met de Flickr (zoek) API – je vindt hier de insteek van Jeremy en van ProgrammableWeb [...]

December 11th, 2010
at 9:34 am
Comment by: Tu Sakihara

Thanks for the facts!

Follow the PW team on Twitter

APIs, mashups and code. Because the world's your programmable oyster.

John Musser
Founder, ProgrammableWeb

Adam DuVander
Executive Editor, ProgrammableWeb. Author, Map Scripting 101. Lover, APIs.