Facebook Connect: Reliability?
RWW: Can websites rely on #Facebook for user logins? http://j.mp/GJuhGr #FacebookOpenGraph http://eicker.at/FacebookOpenGraph
RWW: Can websites rely on #Facebook for user logins? http://j.mp/GJuhGr #FacebookOpenGraph http://eicker.at/FacebookOpenGraph
Cubilovic: Logging out of Facebook is not enough; maybe fixed. – Arrington: brutal dishonesty; http://eicker.at/FacebookCookies
OpenID Foundation goes Account Chooser: an open standard for the next generation of web sign in; http://eicker.at/AccountChooser
OpenID: “The OpenID Foundation is launching its third OpenID Summits for 2011. … This OpenID summit gives web site developers and technologists a closer look at the OpenID Connect protocol, its use cases and adoption plans by leading companies. We will introduce ‘Account Chooser’ its implementation and user experience and provide interop testing and feedback for next generation OpenID adoption. – Please join us on Monday, September 12, 2011 from 12:00 Noon until 5:00pm PDT and Tuesday, September 13, 2011 from 10:00am to 5:00pm PDT.”
Account Chooser: “[is an] open standard and user interface guidelines for the next generation of web sign in. – If a user has been logging into a website for a long time with a password, then the account chooser experience makes it easy for the website to upgrade them to use an identity provider. … The use of identity providers not only makes it easier for people to use websites, but also makes their accounts more secure. With traditional websites, people tend to reuse password across sites. If hackers are able to compromise even a single website, they can then use that password to break into the person’s accounts on other websites. Unless a user’s password is extremely complex, there are unfortunately very simple techniques, such as dictionary attacks, that hackers can use to identity a person’s password on almost any small to medium website. Fortunately identity providers can be certified to confirm they offer protection against those types of techniques.”
Google: “In July 2011 Google started allowing limited access to a new layer on top of our login box using an industry approach called an Account Chooser. Our goal is to gather feedback to decide whether to roll this out to all users, and what modifications to make to the design.”
TC: “Essentially, Account Chooser appears to be a way for website owners and publishers to alter their traditional username/password-based login systems to one that supports multiple identity providers. – Such a system would also allow people to easily switch between accounts. – For a website owner or publisher, the system could increase sign-up and login rates, as well as reduce costs from hijacked accounts and users who have trouble logging into their account for whatever reason. To deploy Account Chooser, they can use a SaaS vendor such as the Google Identity Toolkit and Janrain Login Helper – or simply build their own.”
TR: “Ein neuer Dienst, der unter anderem von Google unterstützt wird, soll beim Nutzeraccount-Management im Web endlich den Durchbruch bringen. … Account Chooser, ein neuer Dienst der OpenID Foundation, der unter anderem Google, Facebook, Microsoft und Yahoo angehören, ist der jüngste Versuch, das Anmeldeproblem zu lösen. Dabei kann der Nutzer einen Account auswählen, mit dem er sich künftig identifizieren will – mit dem Log-in von Google Mail oder Facebook, beispielsweise. Damit lassen sich dann zahlreiche weitere Internet-Angebote nutzen. … Die Technik wurde von Eric Sachs entwickelt, einem Projektmanager bei Google, der im Verwaltungsrat der OpenID Foundation sitzt. Google unterstützt das Projekt und unterhält den Code auf seinen Servern. Account Chooser unterscheidet sich deutlich von früheren Ansätzen – darunter auch von der ursprünglichen Methodik der OpenID-Foundation selbst, deren Technik sich inzwischen als zu kompliziert erwiesen hatte.”
Facebook: You need to explicitly choose to share [address, mobile number] before [3rd parties] can access; http://eicker.at/24
Has Facebook already won the digital identity war? And, how portable are our digital identities? http://eicker.at/SingularLogin
Facebook was the top-visited site in 2010; http://eicker.at/1y Goldman invests $500M, values them at $50B; http://eicker.at/1z
Hitwise: “Facebook was the top-visited Website for the first time and accounted for 8.93 percent of all U.S. visits between January and November 2010. Google.com ranked second with 7.19 percent of visits, followed by Yahoo! Mail (3.52 percent), Yahoo! (3.30 percent) and YouTube (2.65 percent). … The combination of Google properties accounted for 9.85 percent of all U.S. visits. Facebook properties accounted for 8.93 percent, and Yahoo! properties accounted for 8.12 percent. The top 10 Websites accounted for 33 percent of all U.S. visits between January and November 2010, an increase of 12 percent versus 2009.”
TC: “Comscore also shows Facebook.com passing Google.com in visits in November but all Google sites as still having more.”
VB: “Beyond being good news from Facebook, the data seems like another sign that people are using search as their default way to navigate the Web, even when it might seem easier to just type in a URL. I would imagine that many of the people who do a search for ‘facebook.com’ probably know what Facebook’s URL is, but they typed it into a search engine (or into the search box at the top of their browser) instead.”
NYT: “Facebook, the popular social networking site, has raised $500 million from Goldman Sachs and a Russian investor in a deal that values the company at $50 billion, according to people involved in the transaction. … Goldman Sachs has reached out to its wealthy private clients, offering them a chance to invest in Facebook, the hot social networking giant that is considering a possible public offering in 2012, according to people familiar with the matter.”
RWW: “What’s most important isn’t the amount of literal control over the company that the banks bought, rather it’s the valuation this gives the company and the relationship the investment fosters between Goldman and Facebook. … Goldman’s investment in Facebook is going to be great for all the industries the company’s young leaders are likely to spend their money in, including tech startups. … Thank goodness for Google and Twitter. Without them, Facebook’s control over peoples’ identities online would be virtually unchallenged. The challenge those two companies pose isn’t very strong, either. Facebook is pushing fast to make itself the default login and identity system on sites all around the web. … More Facebook may mean better feature development for users in the short term, and it may mean more ubiquity for Facebook in the medium term, but in the long term it could mean trouble for the web in general.”
GigaOM: “It’s been over a decade since Time Warner and America Online merged in a $180-billion deal, marking the peak of the Internet bubble and the beginning of a long drought for technology stocks – a drought that has arguably been broken only by Apple and Google. Now Facebook seems to be taking the lead in the next wave of tech-stock enthusiasm… While the action for Facebook and others is focused in private and secondary markets right now, however, Goldman’s involvement virtually guarantees that this will soon spill out into the public markets – if not this year, then in 2012, when Facebook is expected to do an IPO.“
Facebook revamps the mobile log-in process with Facebook Single Sign-on, opens location APIs; http://eicker.at/SingleSignOn
TC: “Today at its mobile event, Facebook has just announced that it’s opening up its Write API and Search API to Facebook Places, in addition to the Read API that launched earlier this year. – So what does that mean? Facebook first launched its location APIs at its Places event in August, but it was split into two main sets of functionality: Read and Write access. Most developers only had access to the former – with a user’s permission, a third-party app could pull in Places data from Facebook. But only a handful of large partners had access to the Write functionality, which lets a user syndicate updates the other direction (for example, a check-in on SCVNGR also updates your Facebook Places status).”
TC: “This is a button that third-party developers can use to give users a one-click way to sign on. ‘It removes the need to ever have to type a username or password again,’ Tseng noted. This is all about ‘saving you time from things you have to do, to the stuff you want to do,’ he continued. – This is something that Zuckerberg has been talking about for a while now. And back in August, CTO Bret Taylor noted that they have a team called “Platmobile” working on this very thing. – Tseng noted that implementing this is just a few lines of code. In fact, it’s the same permission system that over a half million games and apps use today on facebook.com, he said. And with that, he invited people from Groupon and Zynga to talk about their experience implementing this.”
RWW: “Interoperability between social networks means that the social connections available are no longer scarce, and service providers must then compete based on quality and kind of service. Want the push notifications Foursquare offers from groups like the History Channel or the Independent Film Channel when you check-in near a point of interest they’ve annotated? Then use Foursquare; you don’t have to lose track of your friends on other networks when all the networks are tied into Facebook. Want the design elegance and collections of locations gathered into Trips that Gowalla offers? Then use Gowalla. You can still see where your friends are if they are using Foursquare instead. – Want to create a radically new place-based social networking experience? No longer will you need to convince potential users to leave their friends behind on more established networks and wander into your lonely wilderness. You’ll just offer them a new lens through which to view the world and their friends on other networks.”
PayPal users are now able to use their PayPal credentials to log in to sites via Janrain Engage; http://eicker.at/15
Twitter: The move to OAuth will mean increased security and a better experience; http://j.mp/clJSPd
Arrington: “‘Facebook does not track users across the web,‘ – A Facebook spokesperson on September 25, 2011 and ‘Generally, unlike other major Internet companies, we have no interest in tracking people.‘ – Facebook employee on September 25, 2011 v. ‘A method is described for tracking information about the activities of users of a social networking system while on another domain.‘ – Facebook Patent application dated September 22, 2011 – Whoops”
Cubrilovic: “[L]ogging out of Facebook only de-authorizes your browser from the web application, a number of cookies [including your account number] are still sent along to all requests to facebook.com. Even if you are logged out, Facebook still knows and can track every page [that integrate facebook] you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions. … To clarify, I first emailed this issue to Facebook on the 14th of November 2010. I also copied the email to their press address to get an official response on it. I never got any response. … I have been sitting on this for almost a year now. The renewed discussion about Facebook and privacy this weekend prompted me to write this post.”
Cubrilovic: “My goal was to both identify bugs in the logout process and see that they are fixed, and to communicate with Facebook in getting some of the unanswered questions answered so that the Facebook using public can be informed of how cookies are used on the site – especially with regard to third-party requests. – In summary, Facebook has made changes to the logout process and they have explained each part of the process and the cookies that the site uses in detail. … Facebook has changed as much as they can change with the logout issue. They want to retain the ability to track browsers after logout for safety and spam purposes, and they want to be able to log page requests for performance reasons etc. I would still recommend that users clear cookies or use a separate browser, though. I believe Facebook when they describe what these cookies are used for, but that is not a reason to be complacent on privacy issues and to take initiative in remaining safe. – I discovered a lot of other issues and interesting areas ripe for further investigation while researching the cookie logout issue – and I will be taking each one of them up on the blog here in the near future.”
BBC: “Facebook has said that it has ‘fixed’ cookies that could have tracked users after they logged out of the site. … In a statement, the firm told the BBC that it had done nothing wrong. ‘There was no security or privacy breach-Facebook did not store or use any information it should not have. Like every site on the internet that personalises content and tries to provide a secure experience for users, we place cookies on the computer of the user.’ … Most cookies perform basic tasks like storing your login details or personal preferences. – But some track the sites users visit, which means that they may be presented with adverts for products or services they researched on the web once they visit other unrelated sites. Consumer concerns over this type of cookie led to a new EU directive, with online firms across Europe currently working out how they can allow users to opt out of these bits of code.”
SEW: “It was recently discovered that some Facebook cookies were left in-tact after logout. While the issue has since been resolved, select data is still tracked and recent Facebook patent information indicates that all logged-out tracking may be intentional. … Facebook reports that the remaining cookies exclude personal identifiers and are completely benign in nature; they serve functions such as generating timestamps, contributing to Facebook’s page reporting, and helping to keep public computers secure. … Facebook isn’t the only one facing privacy and tracking issues, either. Marketers should give note to a couple other stories, including The Wall Street Journal’s recently revised privacy policy (which permits WSJ to track personally identifiable behavior without user consent) and the FTC probe into undeletable ‘supercookies‘ used by Hulu and MSN.com.”
SMH: “On Friday, 10 public interest groups asked the US Federal Trade Commission to investigate Facebook’s tracking of internet users after they log off. They urged the commission to examine whether Facebook’s new ticker and timeline features increased privacy risks for users by combining biographical information in an easily accessible format. … The lawsuit – filed by Perrin Aikens Davis, of Illinois – seeks class status on behalf of other Facebook users in the US. Davis seeks unspecified damages and a court order blocking the tracking based on violations of federal laws, including restrictions on wiretapping, as well as computer fraud and abuse statutes. – ‘We believe this complaint is without merit and we will fight it vigorously,’ Andrew Noyes, a Facebook spokesman, said in a statement.“