I used the app this weekend and while very basic, it is very useful and the open API will be a valuable resource to anyone looking to build a transit/travel app.

Get the app here https://itunes.apple.com/us/app/id561507659?mt=8

The API is here http://datamine.mta.info/ I have yet to play with it, but from what I remember it was pretty straight forward.

Anyone going to use the data feed for something else beside finding your next train?
I’d love to hear about it. 

Who is ultimately responsible for privacy?

Who is ultimately responsible for privacy if that privacy is violated through the use of an API? The user of the API? The owner of the API?

I was recently using a photo website that connected to various social networks to display my photos.  I found a security issue where if you change the id variable in the url, you can view another person’s pictures.  I’ll address this in a separate post.  This isn’t even a hack – it’s just changing  one number in the url.

So who is responsible for protecting my data?
Is it Facebook?  I uploaded my photos to Facebook and Facebook is the source of the third-party photo app.  Should Facebook be responsible for checking the apps that connect through it’s API?
Is it the third-party photo app? They’re the one with the security flaw that is exposing my photos.
Is it me, the user? Should I not be posting my photos knowing someone, somewhere, somehow can view them?

I’m leaning towards the third-party application, but it’s not going to look good for Facebook either.