| 11:46 am on Jul 24, 2008 (gmt 0)|
Facebook Connect [nytimes.com]
|In a speech at his company’s annual conference for developers, called F8, Mark Zuckerberg, Facebook’s 24-year-old chief executive, also demonstrated the company’s new design. He predicted that there would soon be a wave of social Web sites built on top of the information users give to social networks. |
“We are going to see the big social networks start to decentralize into a series of social applications across the Web,” Mr. Zuckerberg said. “I think we are at the beginning of a movement and the beginning of an industry.”
To carve out a piece of that future, the company announced Facebook Connect, a way that other Web sites can integrate parts of Facebook’s service. Web sites can ask users for their Facebook user name and password, instead of creating an identity verification system themselves, and offer their users the ability to import their list of friends from Facebook.
| 1:15 pm on Jul 24, 2008 (gmt 0)|
I like the idea. It's like OpenID, but with a website that people actually use.
F8 doesn't have the best reputation when it comes to privacy, so let's dig into the documentation and implementation and see if there are any flaws. Is this much different from the F8 API?
| 2:29 pm on Jul 24, 2008 (gmt 0)|
With my sceptical head on, I wonder if people would trust plugging their login details into a 3rd party site on the promise of being able to access their Facebook details.
| 2:58 pm on Jul 24, 2008 (gmt 0)|
|"Facebook Connect" will transform the social network from a private site where activity occurs entirely within a "walled garden" to a Web-wide phenomenon where software makers, with user permission, can tap member data for use on their sites. |
(emphasis by me)
I think this is a "left turn"...
[edited by: Tastatura at 2:59 pm (utc) on July 24, 2008]
| 5:38 pm on Jul 24, 2008 (gmt 0)|
Facebook user name and password
I hope they mean username and an access key or something similar (not their actual password).
| 9:26 am on Jul 25, 2008 (gmt 0)|
Hmm, MySpace just announced [webmasterworld.com] that they'll start using OpenID. Would be better if Facebook joined them...
| 9:44 am on Jul 25, 2008 (gmt 0)|
>>I hope they mean username and an access key
Probably not. There's certainly precedent for sites getting your webmail access info to import those contacts. I don't recall if Facebook is one of them. As a user, though, I'd be really careful with this - I'd provide that info only to a small number of large sites, and only with their assurance that the information wouldn't be stored.
Then again, maybe it's a generational thing. Many FB users expose huge amounts of personal info on the site. Are these people going to think twice about third party site security?
| 11:05 am on Jul 25, 2008 (gmt 0)|
I guess they wouldn't be too troubled about it. When it's easy, with a click or two, not much thought is applied to the process and access information. Risky business, imho.
I'm with rogerd, I don't like sharing that easily.
| 10:52 pm on Jul 30, 2008 (gmt 0)|
Good points. But if Facebook wants to save face regarding security issues they can do better. I.e. not allow automated logins and instead only allow companies to, for example, let users give them their Facebook username and their email. A query is then sent from the 3rd party to FB saying that this user wanted to share some FB info. FB then emails the user who clicks a confirmation link, allowing the access. Finally, FB keeps a list of companies you've allowed access in your settings area and lets you revoke that privilege at any time if you so choose.
There's my free advice to FB to the day. Mark, sticky mail me if you want to pay up ;)