Your photos are easily accessible using the Graph API[1]. I wrote a python script which downloads all your photos and saves them to your computer[2]. However, I agree that Facebook doesn't make it easy for other web services to access stored data.

[1]: http://developers.facebook.com/docs/reference/api/photo

[2]: https://github.com/derferman/scrapebook

genuine question (this sounds a little smarmy but I know nothing about Graph API or web dev at all really): How is it not easy for other web services to access this stored data when a random guy can easily throw a script on GitHub to do it?

Not sure if this is the right answer, but a guess: it's easy for other web services to access this stored data if the user provides them with their Facebook login and password, which no self-respecting service would ever ask for. Even if Google did at one point get users to give up their facebook credentials, the API's they access will probably block IP's that try to access multiple users' data in a short amount of time.

The best solution, IMO, is to use the browser as a platform: a Chrome extension can allow users to seamlessly sync data between services, because Chrome already has access both to your Facebook account and your Picasa account.

With the Facebook API, the user doesn't have to provide any third party his credentials to allow the third party to access his data. Facebook uses OAuth to securely pass an access token to the third party while protecting the user's credentials. See http://developers.facebook.com/docs/authentication/ for more info.

(I work on the Facebook platform.)

Ah, but if I remember correctly, the terms of that OAuth usage explicitly state that while data may be accessed and used, it can't be stored indefinitely (with good reason, sometimes I don't want some app toy to indefinitely store all the information I trust Facebook with). So if a third party uses that API as an export mechanism, their API access should be (rightfully) shut down.

BUT - what if I actually want to export all of my photos into SomeApp.com, and I want to give SomeApp the right to store my photos indefinitely? Is there an API they can use to pull it from Facebook directly?

It used to be the case that apps could only store your data for 24 hours, but we removed this restriction in the last f8 conference.

You can definitely export all your photos into SomeApp.com using the graph API and they can store your photos indefinitely. These APIs are documented at http://developers.facebook.com/docs/api.

Oh, cool! Big misconception on my part, thanks for clearing it up :)

@andreyf:

When Facebook switched from their old API to their new OAuth-based API they also removed restrictions on storing data.

It is perfectly easy for other web services to access the data of a logged-in Facebook user, provided that the user has granted permission via Facebook Connect. This is how Facebook's "Download your Data" product[1] works; it is entirely implemented through publicly available graph APIs.

What Google is insisting on is "download my friends' data." This is where Facebook currently draws the line; we make it easy to retrieve your own data programmatically, while retrieving your friends' data programmatically is harder.

And, whatever Google says, Facebook is right to draw the line somewhere, and probably at friends' contact info. Consider an immediate consequence of doing what Google is insisting on: Zynga (e.g.) will spam all of their users' friends' emails. Because now they can retrieve them in bulk via a Facebook API. If you use Facebook, and tomorrow you started getting reams of email from applications you do not use, would you think, "How wonderful that Facebook has finally liberated my data!"? Or would you, maybe, be annoyed, and wonder why Facebook would ever consider making such a boneheaded decision?

[1] https://register.facebook.com/editaccount.php -> "Download your Information"

Ridiculous. Facebook could whitelist only the user, not any proxy, to download whatever data friends already make available to users inside the boundaries of privacy controls. This is only sensible since it's already exposed to the user. If the user dedicated human time to archiving a bunch of web pages, they could reconstruct their contacts. But it's much simpler for the computer to do it.

The user could sell out their friends to a third party if they chose to (opt in). But Zynga would only get access if the user said so.

The reason Facebook won't do it is that it would commoditize the social graph and allow straight head to head competition on features. I think no one, even Facebook, knows how that would turn out...

Except for Google, who clearly decided to make it happen.

The Facebook API allows 3rd party applications to access most of the user's data, including the user's email, if the user grants the application the required permissions. More details are at http://developers.facebook.com/docs/authentication/permissio....

(I work on the Facebook platform.)

The script has to prompt you for access to your facebook data.

Funnily enough I checked my photos on facebook the other day and half of them have disappeared. Been deleted.

Don't rely on facebook keeping your photos, let alone allowing you to export them.

Beyond the script from derferman, you can download a copy of all of your photos (and videos, wall posts, etc) as a zip file directly off of Facebook from the bottom of your Account Settings page.