Facebook's new Graph API, released last Friday, allows users to see public events people have said they will attend or have attended - even if that person is not a "friend" of the user viewing the information, MediaGuardian reported today. The new API was just one new feature unveiled last week during F8, Facebook's developers conference.

According to Facebook, however, the API simply "attempts to simplify the way developers read and write data to Facebook. It presents a simple, consistent view of the Facebook social graph, uniformly representing objects in the graph (e.g., people, photos, events, and fan pages) and the connections between them (e.g., friend relationships, shared content, and photo tags)... All of the objects in the Facebook social graph are connected to each other via relationships. Bret Taylor is a fan of the Coca-Cola page, and Bret Taylor and Arjun Banker are friends. We call those relationships connections in our API."

Ka-Ping Yee, a software engineer for Google's charitable branch, first discovered that information about people was being made to non-"friends." He also found that this information is released randomly - in some cases you can see public events people say they will attend or have attended, but not all.

"Yesterday, I discovered something strange while playing with Facebook's new Graph API: the API was showing a list of my events, and it seemed that anyone could get this list. Today, I spent a while checking to make sure I wasn't crazy," he wrote in his blog. "I didn't opt in for this. I even tried setting all my Privacy Settings for maximum privacy. But Facebook is still exposing the list of events I've attended, and maybe your events too. What can your event list say about you? Quite a bit. It might reveal your home address, your friends' home addresses, the names and groups of people you associate with, your hobbies, or your political or religious activities, for example."

Some of those commenting on Yee's blog said none of their information was visible, while others said all their events were being shown.

New initiatives like the Open Graph API "will only serve to make Facebook more powerful and extend its reach even more aggressively outside of Facebook.com," Jessica Rovello, president and co-founder of Arkadium, wrote in a column for Huffington Post.

The new features makes one wonder whether Facebook is doing enough to ensure all its security bases are covered, according to ChannelWeb's Chad Berndtson.

PC World's Peter Smith gave the example of music and Pandora: "The idea here is that as you surf around the web and encounter bands on different sites and services, you can click a Facebook 'Like' button if you like the band. Then when you hit Pandora, it polls Facebook's new Graph API to find out all the bands you've Liked and then starts playing music it thinks you'll enjoy, based on this data. From a geek point of view that's kind of cool, but my inner privacy advocate feels a little uneasy about it. Plus, I think I'd much prefer going to Pandora and telling it what I feel like listening to, rather than vice versa."

It appears Facebook CEO Mark Zuckerberg wants users to "back up the Like buttons with metatags... and so collect more data on us than just the fact that we Liked a particular page," Smith pointed out. "Once again my techie side finds this kind of interesting but I'm uncomfortable with the privacy aspects. Will I have to view the source of a web page before I click that "Like" button just to be sure the site is accurately reflecting my opinions? Are there going to be limitations on who can poll this data? How granular will my privacy options be? Consider this feature is deployed right now, so think before you Like."