Facebook Connect: Scary but good
One of the companies adopting Facebook's new log-in system, Facebook Connect, is CBS, parent company of CNET and publisher of Webware. I'm glad we're on board with this program, even if I do feel it's a bit of Faustian deal. Here's why.
First of all, CNET's own log-in system (which you see when you want to leave a comment on a CNET blog post, write a user review, or participate in other CNET community features) is not universally loved inside CNET. There are factions here at the company who want it changed, or even eliminated in some cases. There are also people who think we could be collecting more data from our registered users. The log-in system here is a political hot potato.
The conflict shows how important the log-in/registration system is, here and elsewhere. The value of a Web service lies in its users. More users means more opportunities to profit--by selling advertising based on what you know about your users, by selling the users services directly, by skimming a portion of the revenues users generate by traveling through your site, and by selling information about the users. If a site doesn't "own" its users, how can it profit?
It can, of course. You don't need to chain your customers to your store to get them to buy things from you. That is the realization creeping across the Web in the guise of new identify and registration systems, of which Facebook Connect is one.
Kinds of identity
Facebook Connect is a centralized identity service. That's not the only model. OpenID is a federated identity play--no one owns the database of users, and anyone can set up or use the standard. Functionally these distinctions are important, but asking users to understand them is a losing game. Users just want easy access to sites they like, and they want to trust that the sites they use won't steal their identity or use it in ways that are damaging to them.
That's why it's good to offer users more than one way to access a Web service. It's great if users can get into CNET services the old-fashioned way, with a CNET ID and password. But if we make it easy for Facebook users to come inside, that's great, too. How about OpenID? Sure, why not? It's a completely different architecture than Facebook's authentication system, but it's the job of people running Web sites to make access to services easy for users, which means supporting as many as possible and making it simple for users to choose the one they want to use.
No one here could look at Facebook Connect and turn down the opportunity to bring new registered users into our network. Even if they are registered elsewhere.
The downside, of course, is that we no longer "own" these users. If Facebook wants to turn off CNET, they can do it. Facebook also now gets monetizable information about the Facebook-registered CNET users. Not necessarily what the users do on CNET, but what they do elsewhere--valuable behavior data. The convenience of using Facebook log-ins has a price for both CNET and users: Facebook knows a lot more about you now.
But this is where we're going. Sites like ours will do what they do: create content and online services, and offer users community around those services. Users' identities are becoming untethered from the sites they use. More and more, services will be giving new visitors options for signing in to access the "registered" features of the sites.
Users get convenience. Sites get more users. Central registration authorities get incredibly valuable user behavior data. I do think everyone wins. Although nothing is free: there's more potential for abuse, on the part of sites and identity providers, than ever.
CNET is scheduled to launch support for Facebook Connect tomorrow.
Further Reading:
Facebook Connect appears set for expansion.
New York Times: Facebook Aims to Extend Its Reach Across the Web.
TechCrunch: Biggest Battle Yet For Social Networks: You, Your Identity And Your Data On The Open Web.
Rafe Needleman writes about start-ups, new technologies, and Web 2.0 products, as editor of CNET's Webware. E-mail Rafe. 
My Facebook profile is for people I know. I wouldn't use it for public forums. And even though I keep my Facebook private, I still never put anything on it that I wouldn't want future employers (or voters, now that I think of it :) to see.
For sites like Cnet I choose a random name that has nothing to do with the real me, or even the fake me, and as for your extra user data, my policy is: Don't ask me no questions and I won't tell you no lies.
Data mine that, Sunshine!
Sincerely,
Lord Neville Tweakbottom
Any site that wants users to log in must allow them to set up a legitimate ID. An E-mail address is NOT a suitable ID, for several reasons. First, most people have more than one E-mail address at this point, and they should not be expected to remember which one they used (perhaps years ago) to sign up at a Web site. Second, E-mail addresses change over time with job changes, ISP changes, cable-company mergers, whatever. Third, they're simply cumbersome.
Users should be able to set up the ID of their choice, so they can use the same one at all the sites they frequent.
Nothing marks a site as amateur-hour like trying to use an E-mail address as a log-in ID. Just don't do it.
"
Users should be able to set up the ID of their choice, so they can use the same one at all the sites they frequent.
that's just plain stupid.
it makes no difference.
use whatever you want. If you patronize the site and have something invested in it, you will remember and maintain your log in credentials. If you dont, then forgetting wont have a cost - you simply create a new account. Or not. Use bugmenot (the site) to find a login
Contrary to this article and the video report in particular, Live ID is very much a standard employed on numerous websites - and can be very easily integrated into virtually any kind of web application. It's most useful when integrated into a .NET application (it is Microsoft's baby after all), but why an alternative as popular as Live ID went unmentioned in this course of researching this story is quote beyond me.
You guys can do a lot better job than this, surely. Especially if you want to. ;)
Don't be fooled into thinking that your Mac address can't be matched up in a few minutes if you do something illegal on the web, and the guys in black want to talk to you. Thisis just another tool for some people to track your online business easier. IP address, Mac Address, email address, cookies, temp files, the list goes on...Yes, they help us surf easier, but they also give away so much about ourselves to anyone who is watching.
- by BobCozzi September 19, 2009 8:59 AM PDT
- I don't get it? Facebook Connect? Is their database encrypted? Is there data mirrored and regularly distributed via HA services to backup systems? Is there data in something other than PHP and mySQL? I sure hope so or any site using Facebook Connect better be ready when (A) the data is lost or corrupted, or (B) is stolen.
- Like this Reply to this comment
-
(11 Comments)Using what I would call "toys" such as PHP and mySQL for a website is great when you're in your basement developing the next hot website, but continuing to us it for high-volume production work or security oriented data is just illustrating a dangerous trend in the world of IT in the U.S. and that is using hobby tools at home and then projecting that into a small to medium (or worse) a large business/company database.
No wonder DOS and hacking is so easy on these sites.