Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Will Facebook Become the Net's SSO?

CmdrTaco posted more than 3 years ago | from the how-about-no dept.

Facebook 314

lordDallan writes "Simson Garfinkel at MIT Technology Review muses on the idea of your Facebook account becoming an 'Internet Driver's License', ruminating on the idea of an individual's Facebook login becoming their single sign on for the web. I say NO THANKS!!"

Sorry! There are no comments related to the filter you selected.

Simson Garfinkel? (0)

webbiedave (1631473) | more than 3 years ago | (#34767882)

Coolest. Name. Ever.

Re:Simson Garfinkel? (2)

TaoPhoenix (980487) | more than 3 years ago | (#34767940)

(Satire)
I think his name might manage to infringe copyright on the Simpsons and Simon&Garfunkel at the same time.

(Satire)

OT (your sig) (3, Insightful)

mcgrew (92797) | more than 3 years ago | (#34768074)

Web 1.0 didn't sell much of anything; it was OUR web. Web 2.0 is when the corporations took over.

Re:OT (your sig) (2)

Jeff DeMaagd (2015) | more than 3 years ago | (#34768342)

[quote]Web 2.0 is when the corporations took over.[/quote]

I'm not convinced that this is necessarily causal, it is probably a coincidence. Most corporate web sites aren't what I think of as Web 2.0. There were plenty of corporations running the show with "Web 1.0", you couldn't get on the web without using products and services provided by corporations then either. Web 1.0 was also the era of Geocities, Tripod and the like, which wasn't a good thing either.

Before anyone starts getting confused.... (1)

Senes (928228) | more than 3 years ago | (#34768410)

Web 1.0: some guy uploads content, everyone else just watches quietly as if it were TV.

Web 2.0: some guy uploads a set of scripts, which receive and display content passed contributed by end users.

The big money takeover is just a fact of life. All of the older media had their own time before big money; just because George Lucas can top the charts by passing gas into a microphone doesn't mean the common producer can't make his own movies.

Re:Before anyone starts getting confused.... (1)

mini me (132455) | more than 3 years ago | (#34768446)

Web 1.0: Content is formatted for human consumption

Web 2.0: Content is formatted for machine consumption

- HTML, JPEG, PNG, GIF, PDF, etc. served over HTTP is Web 1.0.

- XML, JSON, RSS, ATOM, etc. served over HTTP is Web 2.0.

Re:Before anyone starts getting confused.... (1)

AuMatar (183847) | more than 3 years ago | (#34768550)

Web 1.0- the web
Web 2.0- a buzzword with no meaning at all.

Re:Before anyone starts getting confused.... (1)

mini me (132455) | more than 3 years ago | (#34768628)

Sites serving data, as opposed to content, to the public over HTTP was a fundamental shift. We can debate the name, but "Web 2.0" was a change in the way the web was used. A name of some sort is warranted.

Re:Before anyone starts getting confused.... (2)

ron_ivi (607351) | more than 3 years ago | (#34768738)

"Web 2.0- a buzzword with no meaning at all."

I thought it was a trademark of O'Reilly Media for hyping one of their internet conferences. Why people used it beyond that, I still don't understand. People have been doing "web-2.0"-like-stuff on the internet (user-contributed content on mailing lists & public FTP sites; appliances on the internet (like the CMU coke machines, where even the softdrink delivery guy could update the internet)) long before HTTP was invented.

Re:Simson Garfinkel? (0)

Anonymous Coward | more than 3 years ago | (#34768002)

Coolest. Name. Ever.

Yeah but his career kinda fell apart after he broke up with Saul Pieman.

Re:Simson Garfinkel? (0)

Anonymous Coward | more than 3 years ago | (#34768140)

Simple Simson left the Pieman?

Re:Simson Garfinkel? (1)

Dunega (901960) | more than 3 years ago | (#34768288)

Yea he was cheating with Jack's beanstalk.

Re:Simson Garfinkel? (0)

Anonymous Coward | more than 3 years ago | (#34768600)

And his Tech Review article is as timely as A Fridge Over Bottle Waters.

Valid Info (0)

Anonymous Coward | more than 3 years ago | (#34767926)

Just because you use it as your login, does not mean you have to use legitimate information to sign up. Get with the program.

Re:Valid Info (1)

TaoPhoenix (980487) | more than 3 years ago | (#34767970)

Watch out for that new California law though.

Re:Valid Info (1)

Anonymous Coward | more than 3 years ago | (#34768146)

Yes, if you impersonate another person. If you just put bad information, you are not impersonating someone else, you are simply staying anonymous.

I'll Never Join Facebook (0)

droidsURlooking4 (1543007) | more than 3 years ago | (#34767962)

so it's fine with me. The chumps will be lining up.

Re:I'll Never Join Facebook (2)

icebike (68054) | more than 3 years ago | (#34768544)

We've already seen Peak Facebook.

From here on, it is on its way to becoming another My Space for the meat market crowd. It will always be around I suppose, sort of like AOL.

Whatever is next is will be far more mobile device oriented, far more secure, and sign-on will be handled by credentials management in the device itself.

No need for a single sign for anything on the web any more. The concept is flawed, risky, and un-needed.

Like a bridge over troubled water... (5, Funny)

Anonymous Coward | more than 3 years ago | (#34767964)

My single-site login would be the sound of silence, as I have no Facebook account.

Re:Like a bridge over troubled water... (0)

Anonymous Coward | more than 3 years ago | (#34768272)

A sound-of-silence single-site login sure sounds spectacular.

Re:Like a bridge over troubled water... (0)

Anonymous Coward | more than 3 years ago | (#34768422)

I have a facebook. When I login I use a separate browser (Firefox instead of Safari) with its own profile (Facebook) so if I ever use Firefox its not with the Facebook profile.

I want a browser that does this by default - gives me profiles that I can associate with common URLs - that is automatically sandboxes too based on the URL so I'm still signed into facebook, or gmail, or whatever but nothing else knows it. Then a dumping ground sandbox for unknown URLs that is cleaned out each time I exit.

I never understood the mark of the beast folks, (3, Interesting)

Haven (34895) | more than 3 years ago | (#34767968)

...but I kind of do now.

Re:I never understood the mark of the beast folks, (0)

Anonymous Coward | more than 3 years ago | (#34768366)

So the mark of the beast is Mark Zuckerberg?

Re:I never understood the mark of the beast folks, (4, Informative)

dreamchaser (49529) | more than 3 years ago | (#34768486)

So the mark of the beast is Mark Zuckerberg?

No he's the Antichrist. Try to keep up. The Mark of the Beast is having a Facefuck account.

I don't care what Simon & Garfunkel think (0)

Anonymous Coward | more than 3 years ago | (#34767972)

I'm still not using Facebook.

If FB does become the SSO, at least do it right... (5, Insightful)

mlts (1038732) | more than 3 years ago | (#34767974)

If FB becomes the Net's SSO, it better have the following features, or else people are betting their privacy and reputation on something quite unproven:

1: Ability to have two factor authentication. OpenID isn't perfect, but one can use a VASCO token with it. The cream of the crop would be SecurID tokens. Of course, using SMS or apps on Android/iOS/BlackberryOS/etc. would be useful too.

2: If a site asks for authentication via FB, a way to ensure that the login page is genuine. PayPal is good at this. I worry about people getting spoofed by a SSL page with a FB login that isn't really from FB proper.

3: Better password recovery in case tokens get lost/stolen. At the minimum, better questions than "what is your dog's name?" Of course, the answers to these are stored as mentioned in #4 here.

4: Solid password storage. Crypto 101 here: You never store a password. Ideally, you never store a result value. What you store is some known text encrypted with the password hash (hashed a number of times to slow down brute forcing). TrueCrypt's password mechanism is the best out there.

5: A third party vetting this security mechanism. This doesn't need to be FIPS compliant (it should be though), but at least have some validation from an independent source that the authentication is done right, the data center is secure, etc.

6: SSL with all contact throughout the authentication process. This is a basic thing, but for performance reasons, sites don't like using SSL unless forced to.

7: Ideally, posting the SSL keys on some other source, so one can tell if a CA is spoofing the cert or not.

8: It's corny, but consider a unique login picture per user that is used at some sites, Yahoo being the most widely used. This way, when you enter your username, if you don't get the picture, you likely got phished.

9: Store passwords of unlimited length. I've seen too many sites which ignore any characters after the eighth one.

10: Have the ability to turn off third party logins either temporarily or permanently. For example, if one is going on vacation with no Internet connections, the ability to disable SSO logins until they come back is a solid security measure.

Re:If FB does become the SSO, at least do it right (1)

Anonymous Coward | more than 3 years ago | (#34768038)

11. Allow multiple accounts/personalities. Currently Facebook's terms of services do not allow this, and this is a must for an internet SSO in my opinion.

Re:If FB does become the SSO, at least do it right (0)

Anonymous Coward | more than 3 years ago | (#34768542)

*** Seconded. Most websites (eg, slashdot) do not need to be tied to my "real" self, but rather just a unique id. I will NOT subscribe to an online verification system that always gives my full identity. I don't do it in real life, I certainly would never even consider it for every website that decides that I need to register to look at their stuff.

Re:If FB does become the SSO, at least do it right (3, Insightful)

Intrepid imaginaut (1970940) | more than 3 years ago | (#34768060)

If FB becomes the Net's SSO, it better have the following features, or else people are betting their privacy and reputation on something quite unproven

So we can pretty much assume that people will sign up for this by the million...

Re:If FB does become the SSO, at least do it right (5, Insightful)

golden age villain (1607173) | more than 3 years ago | (#34768134)

Why the hell would you give a privately owned company, based in a single country, the right to hold Internet users' single login "license"? Why? Even with the all those features you require.

Re:If FB does become the SSO, at least do it right (0, Funny)

Anonymous Coward | more than 3 years ago | (#34768294)

Why the hell would you give a privately owned company, based in a single country, the right to hold Internet users' single login "license"? Why? Even with the all those features you require.

Because Facebook is a magnet for fucktards and attention whores who don't use logic like you just did. They're sensitive about that in fact and will probably feel some serious butthurt and hate you for pointing out that there are serious flaws in this scheme. They just want to feel popular and special like Mommy always told them they were and you're a big meanie for having a grasp of the obvious and asking questions like "why". You might as well ask a Scientologist why they are a member of Scientology, you'll get an answer that makes about as much sense. They desperately need to feel like they are part of a big bandwagon and they need to feel like the bandwagon gets shiny new rims every now and then so they keep trying to find new uses for the site that provides them a phony sense of self-worth. It's sort of like the people who think the gossip covered by Entertainment Tonight is important and significant and deep while those with two brain cells to rub together wonder why anybody gives a shit about any of it.

Re:If FB does become the SSO, at least do it right (5, Insightful)

Lando (9348) | more than 3 years ago | (#34768450)

Especially considering that FB is one of the most unethical companies out there.

Re:If FB does become the SSO, at least do it right (0)

Anonymous Coward | more than 3 years ago | (#34768160)

That you would even consider allowing any entity (especially FB) to be the chokepoint for internet access means you should have your internet drivers license revoked, your internet driving privileges suspended indefinitely and your peepee should be whacked. Hard. Please turn your computer off, go away and don't come back.

~ Posting A/C ever since /. mods went to shit

Re:If FB does become the SSO, at least do it right (4, Insightful)

mlts (1038732) | more than 3 years ago | (#34768356)

Personally, I'd never want one entity to have the keys to the kingdom. Not MS with Passport/.NET, not FB, not OpenID, nobody. I'd rather use passwords that can be memorized, a password list stored on my smartphone, or passwords stored in Firefox. I rather pack my own parachute than have not just my ID from FB connected with tons of sites, but possibly my password.

However, if people want a SSO, with their eggs in one basket, lets at least have the basket made from something stronger than crepe paper strips and a generic white glue.

This is already happening where sites depend on another for authentication. If you want Cydia to recognize you and allow you access to purchased apps, you have to authenticate from Google or FB. Someone hacks the account that the Cydia stuff depends on, they can lock a person out of hundreds of dollars of purchased items, or even possibly rack up significant charges if an Amazon login is tied in with that.

Ideally, if a website is constructed from scratch for others to use it as a SSO, it should have not just top notch security (goot luck with this, as most PHBs view security as having no ROI), as well as allow for multiple personas with no way that subscriber sites, either by ad cookies, Flash shared objects or other means can tie the personas together. If a site can't offer this, they at least need to be able to deal with multiple users from the same person.

Re:If FB does become the SSO, at least do it right (1, Funny)

Anarki2004 (1652007) | more than 3 years ago | (#34768728)

Hehe...."Bailiff, whack his peepee". I use that phrase all the time. Nice to know I'm not the only one.

Re:If FB does become the SSO, at least do it right (1)

Xugumad (39311) | more than 3 years ago | (#34768194)

Way overcomplicating things...

Add RSA key generation and X.509 issuing as standard on all browsers. Provide easy tools for copying these keys & certificates around. Present them when connecting to a web site. Bingo, website knows you're the same person that last presented that certificate, in a secure fashion, with no/minimal user interaction required.

Oh, and the remote site can't fake your credentials from what you sent them.

Re:If FB does become the SSO, at least do it right (1)

mlts (1038732) | more than 3 years ago | (#34768526)

Client cert security is great in that respect. A website can keep track of the cert ID by itself, and it doesn't really matter what the CA says, wrong cert == no access. Plus, no passwords are ever exchanged, so all a blackhat can do is just grab your public key, and hope for a quantum computing breakthrough.

The downside of client cert security are two factors: First, one doesn't want to tie all their stuff to one cert, so one needs to have the ability to make multiple certificates. Second, is moving the certs in a secure fashion from place to place. If this isn't done right, the blackhat can slurp up the decrypted private key material, or tell a smart card to do signing/decryption for it, and do a MITM on the victim's computer.

One of the best proposals I've seen on /. for authentication would be a little bit awkward, but beats passwords. Enter your username at a site. The site presents a serial number. The user selects the serial number, signs it with their PGP/gpg key, and pastes the signature. The server validates the file against the key and grants/denies access. With this method, the server doesn't need to maintain much state (other than the serial number to prevent replay attacks), and no sensitive material is exchanged.

Re:If FB does become the SSO, at least do it right (5, Interesting)

BitZtream (692029) | more than 3 years ago | (#34768216)

8: It's corny, but consider a unique login picture per user that is used at some sites, Yahoo being the most widely used. This way, when you enter your username, if you don't get the picture, you likely got phished.

I wish people would stop thinking this is useful.

Any phishing site worth its weight in salt will simply pull in your picture from the real site and display it to you.

I've created example sites to demonstrate this very issue with Bank of America's system which does this.

The picture is essentially public information since you don't have to actually authenticate in order to see it so anyone can see it and redisplay it too you.

Re:If FB does become the SSO, at least do it right (1)

SanityInAnarchy (655584) | more than 3 years ago | (#34768360)

In fact, if they spent half the time they did on that idea instead convincing people to use better browsers and pay attention to the address bar and SSL warnings...

Re:If FB does become the SSO, at least do it right (5, Insightful)

rolfwind (528248) | more than 3 years ago | (#34768238)

It won't become the internet's SSO, simply because it requires way too many companies to willingly put way too much power into the hands of a partner that probably does not have their interests at heart. Microsoft already tried a passport years back.

At best, it will become a secondary feature on some websites, but not a required one.

I don't even trust OpenID, much less Facebook. Plus, I'm not going to let a host of important accounts be compromised by a single sign in -- it would be fine for forums and the like, but not anything of even moderate importance.

Re:If FB does become the SSO, at least do it right (1)

SanityInAnarchy (655584) | more than 3 years ago | (#34768374)

Out of curiosity, why don't you trust OpenID? What is there to trust?

Re:If FB does become the SSO, at least do it right (1)

SanityInAnarchy (655584) | more than 3 years ago | (#34768304)

Erm... nearly all of that can be done with OpenID/OAuth. Why have a single point of failure when we don't have to?

Re:If FB does become the SSO, at least do it right (0)

Anonymous Coward | more than 3 years ago | (#34768394)

12: Allow registered sex offenders to have Facebook accounts, otherwise they'll be shut off from logging in anywhere on the 'net.

Facebook Soaks Up More Free Publicity! (5, Insightful)

Anonymous Coward | more than 3 years ago | (#34767982)

Getting tired of facebook and the attention whores who live there. Now they want it to be an SSO. Hey let's put all our eggs into a single basket, make everything depend on this single site that we don't actually control that can delete our accounts or pull its content anytime they want. Oooh ooh, and you surrender all control of anything you upload to it as a bonus which you'd know if you actually read its ToS/privacy policies! What could possibly go wrong if we used this as our SSO? Not a damn thing that's what. Proceed. Carry on. When it blows up in your face or an outage proves to you why over-reliance on a single site is a Bad Idea(tm) you'll understand why the rest of us didn't want to.

There's nothing novel or technically interesting about Facebook. It is not the be-all and end-all of useful tools. It's a way to build a vanity page for people who are too lazy to learn HTML. The appeal to lazy stupid people who hate learning something new is the only reason it became known to the mainstream popular media. That's all it is and ever was. End of fascination. Can we stop trying to find uses for it that have nothing whatsoever to do with its intended purpose? I mean hammers make wonderful paperweights but they're a lot more useful for driving nails.

Re:Facebook Soaks Up More Free Publicity! (0)

Anonymous Coward | more than 3 years ago | (#34768166)

I have to disagree. If you look at Meltcalfe's law then the value of facebook, and especially its use as a SSO is obvious. http://en.wikipedia.org/wiki/Metcalfe%27s_law

Ask yourself, what other site that you know has accounts for your mom, grandma, kids, friends, high school buddies, etc. The real value of facebook is it is the most likely source to contain the maximum number of your connections. Even more, now that it has been running for a while it contains a huge amount of history, data, etc on you. I won't sign up for another service to provide similar because it's just too much work. (only exception being linkedin, which I primarily use to keep work folks from seeing my banter with family/friends.

Personally... (0)

Anonymous Coward | more than 3 years ago | (#34767994)

I look forward to the day when conscious thoughts will be relegated only to those with thought licenses. Everyone else will be given a continuous IV drip of Lunesta.

Re:Personally... (1)

omnichad (1198475) | more than 3 years ago | (#34768244)

Great, so the ones with thought licenses get run over by the sleep-driving Lunesta users?

Driver's License Photos (3, Insightful)

BJ_Covert_Action (1499847) | more than 3 years ago | (#34768010)

Hehe, and we will look fondly back on the days when we thought having an embarrassing DMV picture on your driver's license was a problem.

I don't know if we could honestly implement this in any serious way. I know that 90% of what I post to Facebook is little more than crap, lies, and flamebait to prank my friends on the internet. There's nothing like watching one of your good buddies get all worked up over a Youtube video that doesn't really mean anything. Most of my FB contacts are aware of the nature of my profile, and, therefore, take my senseless BS tongue in cheek so it works out okay. If that profile starts being used as some sort of license (to do what exactly, access internet content?) then that license is going to be issued to a person that is fundamentally different in all dealings, social or otherwise, than the person that I am face to face, or, hell for that matter, different than even my Slashdot user account.

One of my coworkers likes to say that the thing people tend to forget is that the internet isn't real. I would say that goes doubly so for user made pages like Facebook, where you can post whatever you want after a healthy dose of Photoshop, trolled Wikipedia references, and sketchy video editing techniques.

Re:Driver's License Photos (0)

Anonymous Coward | more than 3 years ago | (#34768270)

I don't really understand why you felt the need to write that... maybe because you don't know what SSO is for?

SSO is about "logging in to the internet" only once instead of doing it twenty times a day and having to input different passwords on various devices or saving lots of passwords in various pieces of software in all your devices -- so this has nothing to do exposing your bad manners on the internet as such. There are several reasons why SSO as an idea is nowadays more important than it used to be:
A) inputting data on mobile devices is more difficult
B) we tend to own a lot more internet devices so the number of logins multiplies

Letting Facebook do SSO sounds like a really bad idea that a lot of suits are going to absolutely love.

Re:Driver's License Photos (1)

BJ_Covert_Action (1499847) | more than 3 years ago | (#34768626)

Meh, I don't really understand why you feel the need to post AC, but that didn't stop you did it?

My intentions for posting were basically: I read the summary. I had an idle thought where I fondly remembered how bent out of shape some people would get over embarrassing driver's license pictures. My brain made the connection that there are a lot more embarrassing pictures on people's facebooks account. It amused me to think about being an old codger one day and looking back on the good ol' days of crappy driver's license pictures. Then, as I wrote that first line, it dawned on me that using Facebook as a single credential login, or license, or whatever the hell you want to call it, is retarded because, basically, anyone can pretend to be anything they want to be on the internet. If they put enough effort into it, they can even make a fake identity convincing enough to dance around Facebook's, "Only use a real name and information..." clause in their terms of use. So I proceeded to ramble, using my own various web experiences as an example of something similar.

So there yah go. Now you know why I wrote what I wrote. Feel free to judge me as you see fit. I couldn't really give a less of a damn, I'm just trying to pass the time. ;)

Re:Driver's License Photos (0)

Anonymous Coward | more than 3 years ago | (#34768432)

"I know that 90% of what I post to Facebook is little more than crap, lies, and flamebait to prank my friends on the internet. "

It's so fun to see all those clueless people together on one site, like AOL of the golden days.

It's rather creepy (0)

Anonymous Coward | more than 3 years ago | (#34768014)

Following RSS feeds to various tech, entrainment and news sites and various links out from them has shown an alarming increase in my FB account effectively logged in to sites I've never been to before. I've no idea what kind of tracking the host site has and what level of info FB's APIs are giving them. Hmm, no thank you, but thanks! Seeing this alarming trend finally gave me the drive to disabled the FB account. Funnily enough, I've not missed it and no longer bother wasting time viewing irrelevant posts from "friends".

Re:It's rather creepy (0)

Anonymous Coward | more than 3 years ago | (#34768612)

Or use a different browser profile for your facefuck account and for all other browsing.

It ain't that difficult.

it almost is already... (1)

Anonymous Coward | more than 3 years ago | (#34768028)

Last I heard there were over 500 million Facebook users, including something like 85% of everyone in the united states.

I've found that when I talk to younger people now and we will exchange contact info, they don't want my email address. They want my Facebook contact, which I don't even *have*, and then they look at me like I'm from Mars. Who doesn't have a FB page these days? It's like not having a computer, almost, as far as they are concerned.

Increasingly FB is becoming the de facto standard way for people to communicate online. Do I like that? Not really, but that doesn't make it any less true. People keep in contact with friends, family, professional contacts, and more on FB. For better or worse, that's the reality of it.

Re:it almost is already... (1)

omnichad (1198475) | more than 3 years ago | (#34768260)

And how do you "give" them your Facebook contact? An email address can just be dumped into the search box and you'll usually get exactly one result if the person is on Facebook. If they're not, you still have their email.

Re:it almost is already... (1)

siddesu (698447) | more than 3 years ago | (#34768638)

FB has had a "permalink"-like feature for over a year now.

Re:it almost is already... (1)

nospam007 (722110) | more than 3 years ago | (#34768498)

"Who doesn't have a FB page these days? It's like not having a computer, almost, as far as they are concerned."

I don't. I wasn't on AOL either nor on Geocities, Second Life or any other of those 36 month wonders.
My Great-Grandmother joined FB last week, that usually means the kids will run as hell RSN.

Only a driver's license? (2)

blair1q (305137) | more than 3 years ago | (#34768066)

Microsoft issued me a Passport [passport.net] in about 1995.

It gets me into everything...that Microsoft controls that links up with it. Which is to say, a lot of stuff I haven't logged into since about 1995.

Re:Only a driver's license? (0)

Anonymous Coward | more than 3 years ago | (#34768204)

You're not an Xbox owner, then?

Yes, let's give FB the power to be *the* SSO (0)

Anonymous Coward | more than 3 years ago | (#34768072)

It's not like there have ever been privacy concerns about FB, and it has never sold us out to advertisers (or anyone else for that matter), right?

Re:Yes, let's give FB the power to be *the* SSO (1)

Alumoi (1321661) | more than 3 years ago | (#34768192)

Right. FB is the only site I would trust with valid info. I mean, I just love the way every freak(ing) company/individual was able to contact me, without my prior consent, after creating an account on FB.

Facebook?! Really?! (3, Insightful)

TaoPhoenix (980487) | more than 3 years ago | (#34768078)

"...whether the Internet needs an "identity layer"—a uniform protocol for authenticating users' identities..."

Supplied by a top-5 candidate for privacy destruction? So we've had big computing companies battling it out to be the Web Gatekeeper, and they want to go "C-Other-Give it to Facebook" ?!

Re:Facebook?! Really?! (1)

siddesu (698447) | more than 3 years ago | (#34768696)

Supplied by a top-5 candidate for privacy destruction?

Naturally. Which respectable, honest and sane company that delivers a product to YOU would build their business model on the concept of letting you build Stasi-like files online for you and your friends with them?

Simson is no expert (5, Insightful)

Anonymous Coward | more than 3 years ago | (#34768080)

I am posting anonymously because he knows me and I know him

Simson is brilliant and understands technology well, but he is one of those people for whom you "have to hold the bus" as another article puts it.

He tends to get too excited about technology and he misses many of the human factor issues.

For example here he gets all excited about using Facebook as a form of identification, but then he points out that Facebook is very quick to revoke your account. What good is identification if it can be revoked? If it really is "identification" then everyone needs to have it. Hey Simpson, did you forget about that?

Yeah, right. (4, Insightful)

Jawnn (445279) | more than 3 years ago | (#34768096)

The entire user-base of the Internet actually includes a significant number of people with clue. They are not going to go for this. So, a SSO for the clueless? Maybe, but nothing approaching the "driver's license" bar for credibility.

Re:Yeah, right. (1)

jcoy42 (412359) | more than 3 years ago | (#34768158)

You have confused me. Your UID makes me think you've been around for a while, but your post makes me think you are very young.

Never underestimate the power of stupid people. There is strength in numbers, and they certainly have the numbers on their side.

As a web application developer... (5, Insightful)

Xugumad (39311) | more than 3 years ago | (#34768130)

HELL NO

NO.

No, no, no, no, no, NOOOOOOO NO.

NO!!!!

I'd argue against this, but it's just such a giant pile of fail I don't know where to start.

How about this; like hell am I handing Facebook access to every other account I own.

Did I mention... NO?

Re:As a web application developer... (1)

Anonymous Coward | more than 3 years ago | (#34768282)

We'll count your response as "Remind me later".

- Marketing Guy

Re:As a web application developer... (5, Funny)

TheL0ser (1955440) | more than 3 years ago | (#34768300)

I sense apprehension. But that's ok. You'll grow to love Facebook. Everyone loves Big Br.... I mean, Facebook.

Re:As a web application developer... (1)

apoc.famine (621563) | more than 3 years ago | (#34768688)

I have a very minimal presence on facebook. But I'm about to drop even that, as it seems half the sites I go to regularly have facebook hooks. I need to take another look at NoScript and see how "allow domain" and then removing Facebook from my whitelist works. I don't want facebook tracking me everywhere I go, and if I'm allowing their scripts by default, that's pretty likely.

Re:As a web application developer... (1)

Anonymous Coward | more than 3 years ago | (#34768760)

If I had any karmapoints to give out, you would have alot of them.

I agree wholeheartedly.

Microsoft already tried that (3, Insightful)

StillNeedMoreCoffee (123989) | more than 3 years ago | (#34768162)

Did't Microsoft already try this idea, but the other social networking sites have just left them in the dust. This is almost like Microsoft's VM's . When I heard of that I said, yeh we call that time sharing and we had it in the early 70's with Mini Computers. Now that micro processors grew into that power footprint, they re-discovered an old technology. History does repeat itself in a never ending spiral. One hopes not a death one.

Facebook is too low quality a product. (1)

gurps_npc (621217) | more than 3 years ago | (#34768170)

There is no way it could become a necessity. Way too much moronic invasions of privacy and poorly programmed stuff.

The idea that it might become in any way necessary is ridiculous.

That would kind of be like some one deciding that all tolls should now be paid by text messaging. Yeah, a lot of people text while driving, but not those that know what they are doing. You don't empower an idiotic action.

Not no but HELL NO. (2)

BitZtream (692029) | more than 3 years ago | (#34768172)

Seriously? On what planet do you live in which anyone with even a quarter of a clue would entrust their entire authentication service to Facebook?

You want single sign on? Its already there. Its called Kerberos, when coupled with a proper DNS setup it provides global SSO, in a secure manner, without handing it all off to one company that everyone has to depend on and everyone gets fucked when they break or get hacked.

Browsers support Kerberos.

Many apps (at least the ones where security actually matters) support Kerberos.

Its cross platform.

It requires practically 0 setup for a user NOW and with even slightly better application integration it can be brought down to 0.

It doesn't require that I trust people trying to authenticate me with my password. If I want to login to Facebook using my work user account, Facebook never gets my authentication tokens or anything even remotely resembling them, they just get a ticket we share for that session.

Its tried and true and was designed for this purpose.

Again, it doesn't depend on any one provider, it works the way the net was supposed to work.

Kerberos is the net's SSO, its just ignorance like this article and companies who want to keep you locked into their systems are trying hard to ignore it.

We already have SSO, no one uses it.

Mark of the Beast! Mark of the Beast! (5, Insightful)

Caerdwyn (829058) | more than 3 years ago | (#34768184)

This would be a very bad thing, for so many reasons.

  • One-stop shopping for identity thieves
  • Ubiquitous Facebook tracking bugs associated with login objects which would more-or-less require that browsers accept third-party cookies. You thought Doubleclick was bad? Try putting them INSIDE your login sessions.
  • Zuckerberg holds privacy in contempt. He's said so, many times.
  • Facebook has repeated violated its own privacy policy, and will do so again. Your privacy is guaranteed to be broken with Facebook.
  • Facebook has a poor security record. See previous reference to identity theft.
  • Facebook has made it as difficult as possible to get out. Leaving Scientology is easier.
  • Facebook, as a for-profit company,is incentivized to pimp out your profile to anyone, for any reason, as long as there's a dollar to be made. If their balance sheet starts to look bad, all principles (such few as they already have) will go out the window.

I created a FaceBook account just to prevent others from doing so with my name, with no intention of using it. I never posted a thing, never "friended" anyone, never engaged in any activity whatsoever. Yet all of a sudden when I visit unrelated sites, I'm being greeted by the Facebook account name in various banners, etc. through Facebook's tracking. Deleting the account was a nightmare. I've had to use AdBlock and other anti-spyware software to block *.facebook.com, and I'm sure that even that is insufficient. Facebook has a profile on me, and you just and simply cannot opt out.

In absolute seriousness. I'd sooner trust Ballmer or Ellison than Zuckerberg, and I'd rather not have to trust any of them.

Ballmer (1)

bsDaemon (87307) | more than 3 years ago | (#34768312)

I saw a video of a talk Ballmer had given about a year ago, that was linked on Slashdot. One of the things he said in there was that he and people of his generation are a lot more reluctant to give their personal information out on line, but that his son has no issue putting whatever out on facebook or twitter. The problem is, Zuckerberg is of Ballmer's son's generation (so am I, although I don't fit the mould) and has no problem asking for people's personal information.

I think one of the reasons that MS always seems "late to the party" with this sort of thing is that they just don't think that way -- they come from an age where products are things, and it was revolutionary that bits of magnetic material would be considered a product. So yeah, Ballmer or Ellison, while they may be pretty ruthless and cut throat as businessmen are at least old school enough that the current trend doesn't really seem like a great idea to them as much.

That's my interpretation of it, though. Your mileage may vary.

SINGLE SIGN ON?! (0)

Anonymous Coward | more than 3 years ago | (#34768230)

Is it really that much work to expand the acronym SSO so people know what it is?

This is an advertiser's wet dream. (2)

chemicaldave (1776600) | more than 3 years ago | (#34768236)

I don't know what's worse, having a web SSO service offered by a for-profit, or having one operated by the government.

I love it (1)

Fuzzums (250400) | more than 3 years ago | (#34768248)

when a site I never visited before gives me a personal welcome.

NOT.

facebook? (1)

tyroney (645227) | more than 3 years ago | (#34768290)

I thought that's what Google was already going for. They practically own search, and my email, most of my video consumption, and my cloudified docs. If someone ever releases a google tablet, I'll probably wind up worse than those rabid Apple fans.

Granma, what big information gathering you have! (1)

oic0 (1864384) | more than 3 years ago | (#34768302)

The better to track you with *cue evil laugh*

This is hardly news (1)

Richy_T (111409) | more than 3 years ago | (#34768316)

It seems obvious that this is the way Facebook has begun to position itself. It has increasingly encouraged the integration of its features with external websites while simultaneously removing features that allow external sites and applications to integrate with them (boxes and tabs). They already provide an API for sites to use Facebook logins for authentication.

It's either rather short sighted or an extremely wise move. I'm not as concerned about Facebook as some but personally, I hope it fails.

Re:This is hardly news (1)

Dunbal (464142) | more than 3 years ago | (#34768500)

Facebook and Zuckerberg have been on a non-stop PR campaign for close to a year now. Co-incidentally this started right after the mass hacking of Facebook, and their unpopular changes to their privacy policy. While being perhaps the second most overrated company today (after Apple), I have to admit that this Zuckerberg guy can muster a pretty decent PR/marketing machine. It's been a year of non-stop Facebook, in the news, in the movies, in magazines and even here on Slashdot. Too bad that buzz like this can't last forever. When it's over, it will be really over. And good riddance.

With all the viruses facebook spreads... (0)

digitaldc (879047) | more than 3 years ago | (#34768320)

...I, for one, do NOT welcome our new facebook overlords.

In a word: NO (1)

sstamps (39313) | more than 3 years ago | (#34768338)

I'm sure they dream of it (or will now), along with every other scheme/scam they've dreamed up, but it Ain't Gonna Happen.

They're riding high right now, on top of a giant bubble. All that means is when it bursts, they have that much farther to fall, taking all their users along with them.

One would think people would learn to stop putting all their eggs along with everyone else's into one giant basket, but I guess it speaks volumes as to the population of stupid people out there.

Re:In a word: NO (1)

Dunbal (464142) | more than 3 years ago | (#34768442)

I closed my Facebook account 3 years ago when I found out just how easy it was to hack into people's accounts - because my account got hacked. Honestly any company that has grown to that size and completely ignores security is more trouble than it's worth. I'll leave Facebook to middle aged spinsters and divorcees.

Just a thought (1)

SethThresher (1958152) | more than 3 years ago | (#34768372)

Throwing this out there, what if I make a multiple FB accounts for myself across different emails? What about a FB account for a person who doesn't exist? What if I made one for my dog? What if I say it's for my dog, but it's only GIS pictures of dogs that I found, what then? If this "internet license" is of any practical importance at iall, it would be laughably trivial to just generate as many of these "licenses" as you want. I see this proposal and I just see massive security flaws.

FB as any sort of "license" can't be anything other than a colossally bad idea.

Don't have FB account (0)

Anonymous Coward | more than 3 years ago | (#34768378)

But have slashdot id, will that do ?

Academics (5, Interesting)

Dunbal (464142) | more than 3 years ago | (#34768388)

So some academic at MIT has "re"discovered the Microsoft Passport, huh? Microsoft wanted a piece of that action over 10 years ago. It didn't work. Everything old is new again... to some people anyway.

"internet drivers license" (1)

Anonymous Coward | more than 3 years ago | (#34768392)

facebook is basically the "new aol" (i.e. the new home of clueless masses of newbies, morons and idiots)... so if anyone should be DENIED an "internet drivers license" it should be anyone with a facebook account.

Re:"internet drivers license" (1)

Alumoi (1321661) | more than 3 years ago | (#34768492)

That would cut the internet population in half.... Hey, that's not a bad idea!

FaceBook as an SSO - I don't hink so (1)

golfnomad (1442971) | more than 3 years ago | (#34768470)

Given their *standards* for security and the model that everything should be visable by everyone, this brakes the basic rules of security. I for one would never trust FB with my private info, let alone a SSO password.

One day soon... (1)

spungo (729241) | more than 3 years ago | (#34768484)

Reality will only be available as a facebook app.

Facebook is ready to fall (4, Insightful)

dkleinsc (563838) | more than 3 years ago | (#34768490)

Seriously.

It's in the final stages of a social networking site: where the investors, including some big outside investment firms, try to "monetize" the user base by pulling out all the stops with ads, apps, and selling people's personal information. All that needs to happen is some plucky college kid making his own social networking site, just for his friends on campus, as a way to stay away from all the sillyness of Facebook, and Facebook will collapse within a couple of years. Just like MySpace did.

Re:Facebook is ready to fall (1)

RapmasterT (787426) | more than 3 years ago | (#34768700)

No way, Facebook is on top forever because they've changed the way people...uh...hell, I don't know why it is that people think facebook is different from every other come-and-gone website of the moment.

The dotcom market has seen this same behavior again and again, and everyone seems to get surprised by it every time. People time and again seem to think whatever is popular at the moment is going to be popular forever, even though history and common sense both tell us otherwise.

In the sage words of Disco Stu: "Did you know that disco record sales were up 400% for the year ending 1976? If these trends continues... AAY!"

who needs sso (1)

TravisHein (981987) | more than 3 years ago | (#34768560)

Dont' most users just choose the same username and passwords for all their accounts anyway. ?
And would it be a true SSO, that manages the "you are logged in now" state, or that every site would just ask you to login using your credentials every time.

What's the first? (0)

Anonymous Coward | more than 3 years ago | (#34768690)

What was the first SSO? Wait a minute, what does SSO even mean?

uh, already exists... (2)

alienzed (732782) | more than 3 years ago | (#34768710)

It's called OpenID, http://www.openid.net./ [www.openid.net] move along, nothing to see here.

No thanks? Not forceful enough. (5, Insightful)

Chas (5144) | more than 3 years ago | (#34768724)

How about "My Ass!"

Or "What's dumbshit for "HELL FUCKING NO" you asshole?"

Or "What kinda goddamn drugs are YOU on?"

Seriously. What sort of intellectual cripple actually thinks (and I use the term forgivingly) using a known privacy offender and security whipping boy like Facebook as a single-sign-on?

Fuck Single Sign-On. It's single point of failure.

hell (1)

circletimessquare (444983) | more than 3 years ago | (#34768748)

no

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?