×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook Launches Social Login and HTTPS

samzenpus posted more than 3 years ago | from the secure-friend-request dept.

Facebook 273

dkd903 writes "Facebook has introduced two new features. First is a really innovative way to verify real users rather than using CAPTCHAS. Using the Social Login feature (or Social Authentication as Facebook calls it), users will be shown a few pictures of their friends and then they will be asked to name the person in those photos. They've also launched HTTPS. The company says: 'Starting today we’ll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

273 comments

Facebook discovers HTTPS (2, Insightful)

nospam007 (722110) | more than 3 years ago | (#35013206)

News at 11.

Re:Facebook discovers HTTPS (2, Informative)

creativeHavoc (1052138) | more than 3 years ago | (#35013234)

HTTPS at facebook's scale is not insignificant.

Re:Facebook discovers HTTPS (3, Interesting)

Enry (630) | more than 3 years ago | (#35013272)

Wait, what?

All you're talking about is scale. Instead of having a regular HTTP site, you now have HTTPS sites, and perhaps a few more to handle the load. HTTPS is not the CPU hog it was 10 years ago, and HTTPS is not some obscure technology noone uses. Wikipedia offers HTTPS, Google offers HTTPS. What makes it so difficult for Facebook to do the same?

Re:Facebook discovers HTTPS (-1, Troll)

Profane MuthaFucka (574406) | more than 3 years ago | (#35013424)

What makes it so difficult for Facebook to do the same?

Scale. Duh, don't you fucking read?

Re:Facebook discovers HTTPS (0)

Anonymous Coward | more than 3 years ago | (#35013580)

Why? SSL is one of those things that scales linearly as opposed to just about everything else facebook does, like maintaining a gigantic set of data. Scale helps them implement HTTPS insignificantly. Just saying "they're so big!" doesn't mean shit. Thats like saying Wal-Mart is too big to stock 5 different shirts so they only have blue.

Re:Facebook discovers HTTPS (5, Interesting)

SuperQ (431) | more than 3 years ago | (#35013662)

Again, what scale? Enabling https is only a few % different in CPU time for handling the crypto overhead. I've done the math. Based on any reasonably modern server machine (say a 1U dual socket quad-core) and facebook's quoted query rate it would only require an extra half rack of CPUs to turn on https for all facebook pages, including images.

Re:Facebook discovers HTTPS (1)

steelclash84 (1129221) | more than 3 years ago | (#35013772)

The input from the user has to be decrypted on their server, but all relevant queries and data facebook acquires is most likely unencrypted as it passes their local network, and finally encrypted only on the final delivery from their servers. So it's actually easier and less intensive than stated.

Re:Facebook discovers HTTPS (1)

poetmatt (793785) | more than 3 years ago | (#35013720)

HTTPS is the modern equivalent of an on/off switch. It doesn't matter if it's for the country of USA or a single company, it is still insignificant beyond "they turned on HTTPS".

It's an authentication thing, not a total revamp of a website.

So scale doesn't mean shit, jackass.

Re:Facebook discovers HTTPS (1)

Anonymous Coward | more than 3 years ago | (#35013440)

Because it's a pain in the ass when you have lots of lbs and your site is formulated from lots of little app engines.

Totally doable with the right tech and processes.

Citrix makes it rather easy because you can stick the cert on the LB and manage everything with vanilla http on the backend.

I noticed https was mostly working several days ago for everyone, but the chat happened to be broken. For a large organization it's more along the lines of lining up the ducks and ensuring every group is running current and compatible deployments. Now, facebook being relatively new most likely doesn't have to deal with still lingering and deprecated operating systems in their environment. I suspect this is why they were able to fast track the deployment rather then beat various entities into compliance.

Re:Facebook discovers HTTPS (3, Informative)

jvp (27996) | more than 3 years ago | (#35013806)

For what little it may be worth, I've been using HTTPS w/Facebook for *months*. It's been available for general use for quite some time, it's just that no one bothered trying it. And as you pointed out, the only thing that didn't work (and still doesn't) is chat.

This isn't really news at all. It's just "news" because of what happened to Zuckerberg.

Re:Facebook discovers HTTPS (4, Informative)

icebike (68054) | more than 3 years ago | (#35013560)

One thing FaceBook has going for it is that Https impact is far less significant as a percentage of time and actual server loading on sites where content can't be (or isn't typically) cached, and delivery is more than a few words.

Setup is expensive, but once negotiated data transmission is not that bad.

Fetching a tweet would really hurt under ssl, but a facebook page is usually fairly significant in size. Making lots of short requests over HTTPS will be quite a bit slower than HTTP, but if you transfer a lot of data in a single request, the difference will be insignificant. If Facebook implements http keep-alive oh https connections you should be able to reuse the the connection.

Yes the handshake is longer (usually 5 traverses vs 2). We are talking about 200ms vs 500ms for the first connection. But during that time the web server isn't having to pound content down the pipe so it might not be as bad as it sounds.

Re:Facebook discovers HTTPS (1)

afidel (530433) | more than 3 years ago | (#35013856)

Twitter would only have a significant issue for those clients with a broken stack, HTTP1.1 means they can open the connection once and leave it open for the AJAX piece polling in the background.

Re:Facebook discovers HTTPS (1)

nospam007 (722110) | more than 3 years ago | (#35013688)

On a sidenote as I just notice when reading your post:
HTTPS seems to be working on /. again with the new 'design'.

Re:Facebook discovers HTTPS (1)

InlawBiker (1124825) | more than 3 years ago | (#35013828)

Since FB is so heavily load balanced I would expect that they're using SSL dedicaetd modules on their load balancing solution and still running their servers HTTP. Since they didn't care about privacy enough to use SSL until it became a PR issure, I doubt they care too much about encryption on their internal network.

Re:Facebook discovers HTTPS (1)

Anonymous Coward | more than 3 years ago | (#35013238)

News at 11.

Although a sarcastic comment, very few sites do allow this type of login or full browsing. With the usage Facebook gets at work, coffee shops, and other networks, I think it is a good idea.

Also, showing "friends" photos for verification will go down in flames because like most people on Facebook, they have friended everyone they have ever come across. I myself could only name about 70% of the people on my facebook. Some of my friends wouldn't even break 20%. Who actually has thousands of friends and can name them all via photo?

Re:Facebook discovers HTTPS (5, Insightful)

MysteriousPreacher (702266) | more than 3 years ago | (#35013330)

Yeah, the photo ID thing is iffy. If photos are to believed, quite a few of my friends appear to be very young babies. Another bunch are cartoon characters.

Re:Facebook discovers HTTPS (1)

MoonBuggy (611105) | more than 3 years ago | (#35013590)

I was thinking the same. Group photos are a problem, too - if five of my friends are in a picture, how am I supposed to know whose profile it came from?

Kudos to Facebook for the SSL option, though - I know they'll sell out my privacy at the drop of a hat, but any gesture that pushes pervasive SSL further into the mainstream (thus thwarting ISP-level tracking) is only a good thing.

Re:Facebook discovers HTTPS (1)

shadowrat (1069614) | more than 3 years ago | (#35013636)

I live in Wisconsin. Just recently i noticed that almost ALL my local friends bear an uncanny resemblance to Aaron Rodgers.

Re:Facebook discovers HTTPS (1)

poormanjoe (889634) | more than 3 years ago | (#35013740)

That's why my facebook page is a photo of me standing next to him so people can see the stark contrasts! Go Pack Go!

Re:Facebook discovers HTTPS (1)

Anonymous Coward | more than 3 years ago | (#35013252)

No, the time stamp clearly says 3:56PM

Re:Facebook discovers HTTPS (5, Funny)

Aerorae (1941752) | more than 3 years ago | (#35013274)

Breaking Development! Facebook introduces HTTPS after CEO Mark Zuckerbergs' facebook account is hacked!!!

Re:Facebook discovers HTTPS (1)

RollingThunder (88952) | more than 3 years ago | (#35013572)

HTTPS has been available for longer than this, just not as an option in the FB Account settings.

The "HTTPS-Everywhere" extension for Firefox (by the EFF), has had Facebook in it since the initial release, if I remember properly.

Social Login: (0)

Anonymous Coward | more than 3 years ago | (#35013224)

Because someone close to you who knows your friends may never seek revenge on you and try to get into your Facebook.

Re:Social Login: (1)

DrgnDancer (137700) | more than 3 years ago | (#35013396)

Something is better than nothing. I assume you also need your username and password. My thing is that very few of my friends use actual pictures of themselves as avatars. More than half use a favorite TV character, movie screen shot, comic frame or other mostly unidentifiable image.

Re:Social Login: (1)

icebike (68054) | more than 3 years ago | (#35013670)

That was my first thought as well.

Your stalkers probably know your friends faces and names too. And with facial recognition tools [avinashtech.com] becoming mainstream it seems this is a pretty lame time to start this approach. Yet another juvenile approach to security by a company that just would rather not be bothered with the entire concept.

Re:Social Login: (1)

digitig (1056110) | more than 3 years ago | (#35013696)

And everybody on Facebook knows all of their "friends" by sight, don't they? And all photos on Facebook are correctly tagged...

Links wrong (2)

XanC (644172) | more than 3 years ago | (#35013240)

I'm able to change the protocol to https for any page, successfully. But all the links on that page point back to http. So... That's pretty limited https support.

Re:Links wrong (5, Informative)

Jugalator (259273) | more than 3 years ago | (#35013352)

For "persistent https", I think you have to enable the new option in Account Settings -> Account Security.

I saw that one in a screenshot, but that option doesn't seem to be rolled out here yet, although I am able to manually type in "https://" in front of URL's. However, as you say, that only leads to using https temporarily.

Problem (5, Interesting)

girlintraining (1395911) | more than 3 years ago | (#35013248)

Problem: A lot of what people tag as me is to get my attention, not because it IS me. I got locked out of my account for about a week because of this mis-feature, and when I did get back in, I had to spend about three hours removing tags of things like trees, the sun, burgers, and lots of other stuff.... now it works. But the solution fails because it makes an assumption that isn't always true.

Re:Problem (1)

commodore6502 (1981532) | more than 3 years ago | (#35013302)

Or worse:

Your friends with somebody who you don't really know (like an ex-classmate) and therefore forget their name when the photo is shown to you. Stupid, stupid, stupid facebook security design.

What's that called? Security through obscurity?
Fail.

Re:Problem (1)

nolife (233813) | more than 3 years ago | (#35013344)

Or the people that use their dog, favorite football teams etc.. for their picture. Since most FB friends are probably not your real friends, you don't know a lot of that stuff.

Re:Problem (1)

Stregano (1285764) | more than 3 years ago | (#35013410)

Oh man will there be alot of people locked out of their account who are friend's with me. I dumped my entire FB profile last night and put in information about a video game character that had a live action movie. So if you were not logged into FB last night to witness me changing it, you have a picture of some pretty unknown actor in a suit and have to guess what his name was in the movie/video game. Awesome.

this will never work (1)

Thud457 (234763) | more than 3 years ago | (#35013380)

easy first-guess mismatches for every picture:

jackass
stoned
douchebag
bitch
slut
dick
asshole
drunk
party

Re:Problem (2)

by (1706743) (1706744) | more than 3 years ago | (#35013412)

Your friends with somebody who you don't really know (like an ex-classmate) and therefore forget their name when the photo is shown to you.

I'm sure they could show pictures based on activity. Do you write on this person's wall often? Do you comment on their photos, etc.? If so, then there's a reasonable chance that you know what the person looks like.

Re:Problem (1)

Tynin (634655) | more than 3 years ago | (#35013820)

I know that this authentication feature was implemented due in part to the government scale phishing scheme in Tunisia, however I've been thinking perhaps it is also a clever way to weed out all of the duplicate accounts people use to play those games on FB that give you some modicum of extra... stuff, for the number of "friends" you have. I broke free from the time vampire that is FB games over a year ago, so I'm not sure if it is still an issue. However at the time it wasn't that hard to script your way to a few thousand friends, which now would almost guarantee that I would quickly get locked out of the account because I didn't really know anyone on my "friends" list.

Re:Problem (1)

Nadaka (224565) | more than 3 years ago | (#35013376)

Doesn't removing a photo tag on facebook make it so that the friend that tagged you can never tag you in a phota again? or am I misremembering that feature?

Re:Problem (0)

Anonymous Coward | more than 3 years ago | (#35013690)

"Doesn't removing a photo tag on facebook make it so that the friend that tagged you can never tag you in a phota again? or am I misremembering that feature?"
Misremembering. Removing a photo tag will block them from tagging you in THAT photo again.

Re:Problem (0)

Anonymous Coward | more than 3 years ago | (#35013778)

If you remove a tag of yourself from a picture, I'm pretty sure it just prevents people from re-tagging you in that same picture.

Re:Problem (2)

Jesse_vd (821123) | more than 3 years ago | (#35013844)

I believe it just prohibits anyone from re-tagging you in that particular picture .....where is my submit button?

Re:Problem (1)

Bigbutt (65939) | more than 3 years ago | (#35013686)

I just started having this happen to me. One of the idiot meme things (the wikipedia random page title + google random image for an album cover). Someone tagged me in it which took a couple of views to figure out what was going on. I immediately hid their status'.

Since I have a "Local Business" (forum status page), I have almost 60 "friends" who I wouldn't recognize if they came up and said "hey".

This will work well. I'll get locked out and never be tempted to log in again.

[John]

Security, Now? (1)

jdastrup (1075795) | more than 3 years ago | (#35013258)

Facebook increasing security? Wouldn't have anything to do with Zuckerburg's page getting hacked, would it?

Re:Security, Now? (4, Informative)

creativeHavoc (1052138) | more than 3 years ago | (#35013366)

Really it has more to do with the fact that they did it for Tungsnia [theatlantic.com] , so they have now just implemented it for other countries

The evidence that accounts were being hacked remained anecdotal. Facebook's security team couldn't prove something was wrong in the data. It wasn't until after the new year that the shocking truth emerged: Ammar was in the process of stealing an entire country's worth of passwords. [...] Sullivan's team rapidly coded a two-step response to the problem. First, all Tunisian requests for Facebook were routed to an https server. [...] The second technical solution they implemented was a "roadblock" for anyone who had logged out and then back in during the time when the malicious code was running. Like Facebook's version of a "mother's maiden name" question to get access to your old password, it asks you to identify your friends in photos to complete an account login.

Re:Security, Now? (1)

Americano (920576) | more than 3 years ago | (#35013758)

Yeah, they decided, the day after Zuckerberg's page was hacked, to turn on HTTPS across their entire server farm for all users.

Just like that - no planning, no analysis, no coordination, just a knee-jerk response.

It's a good thing(tm)! (1)

TheDarkener (198348) | more than 3 years ago | (#35013262)

Today, history has been made. A social networking site actually listened to its users and implemented a bit of security. *astonished*

Re:It's a good thing(tm)! (3, Informative)

Haedrian (1676506) | more than 3 years ago | (#35013458)

They can hardly sell your personal information if a guy at starbucks can sniff it from you can they?

Stop information piracy! Buy facebook!

Re:It's a good thing(tm)! (1)

Ancantus (1926920) | more than 3 years ago | (#35013798)

No, history has not been made, Facebook was just covering their own butts before they got too embarrassed, Mark Zuckerbergs Facebook Page Hacked [slashdot.org] . Just proving once again that to get anything done in securing sites, someone important has to be compromised.

All but mandatory for "free" wifi (3, Interesting)

davidwr (791652) | more than 3 years ago | (#35013270)

All web sites that allow logins should REQUIRE or at least STRONGLY ENCOURGE HTTPS from unencrypted WiFi hotspots such as those "found at coffee shops, airports, libraries or schools."

I may trust McStarCoffeeInn not to snoop my traffic but I do NOT trust the guy in the next booth or room much less the guy in the parking lot.

The traveling public needs to pressure these companies - especially those that charge for it like some hotels - to switch to encrypted WiFi.

Who are you? (3, Insightful)

Anonymous Coward | more than 3 years ago | (#35013278)

The "social login" is going to cause issues for people who have no idea what their "friends" look like. Or with friends with other subjects in their pictures.

Picture thing (4, Insightful)

stoolpigeon (454276) | more than 3 years ago | (#35013282)

The photo thing has been around for a long time and it sucks. I travel and have wanted to connect to facebook when in a different country, and it decides I need to prove who I am. So I have to match a certain number of pictures with the right person. The summary makes it sound clever and good, it is anything but.
 
It's been a few months since last time I did it, so I don't remember exact numbers but I had to get something like 4 out of 5 right. Then they start showing photos, and there is a list of 4 or 5 friend names below. It is up to you to pick the right friend to go with the photo.
 
What's the biggest problem? Well, you don't get pictures of the persons face as the summary says. What you get are pictures tagged with that persons name. The first one I did was their face, and I thought, "o.k. - no problem.".
 
  The next one was some kid. A relative of one of my friends? A neigbor of one of my friends? Shoot could have even be one of my friends as a kid, I have no idea. All I know is I've got a 1 in 4 chance of guessing who this belongs to and if I'm wrong I've just used up my one wrong answer.
 
Next photo is an inanimate object. I don't know remember what it was any more. A pie or some food of some kind I think. Which friend is this?! I don't know. Best guess it is something one of my friends ate once. Who does it belong to? Once again, I haven't the slightest, but as you can guess, I wasn't allowed to log in.
 
A smaller problem is that I am not super close friends with every one of my friends on facebook. My barrier to entry on the friendship front is pretty low. I'm friends with people I knew in jr. high, highschool, worked with once, went to church with them years ago, etc. I know them but am not intimately close with them. Facebook is a good way to keep in touch while maintaining a comfortable distance. But will I be able to identify them in every pic of themselves they've uploaded to facebook? I doubt it. Not to mention the fad a bit back to change your profile pic to a cartoon character. I'll bet dollars to donuts those go into the rotation. Which of your friends was underdog and which was optimus prime? I don't remember.
 
It's a horrid system. A co-worker of mine on the same trip ran into it too. He mocked me for not knowing my friends well enough and then almost put his laptop through a window when he couldn't log into facebook. He had almost an identical experience, a picture of some 6 or 7 year old kid he didn't know and a bike or something.

Re:Picture thing (1)

Prikolist (1260608) | more than 3 years ago | (#35013476)

And don't forget a few more popular things... Like promoting a pretty picture or a poster for something by tagging every single one of your friends in random spots on it even though it has nothing to do with them. Or one of those pictures with a bunch of drawn faces or characters from somewhere or some other short description where you match each one with a friend. And all of these count

Re:Picture thing (0)

Anonymous Coward | more than 3 years ago | (#35013496)

"All I know is I've got a 1 in 4 chance of guessing who this belongs to and if I'm wrong I've just used up my one wrong answer."

Did it stress you out and make things awkward, like a modern web UI should? Well then.

Re:Picture thing (2)

ctd600ftlb (1210574) | more than 3 years ago | (#35013540)

Haven't actually seen this system in action myself, but you've mentioned a lot of the issues I first thought about - pets, kids, inanimate objects for pictures and whatnot. Group pictures seem like they could be a problem, too. With two friends getting married last year, a lot of pictures they or I are tagged in are from weddings, and some of these pictures might have five people who I'm friends with on Facebook in them. I'm guessing if Alice and Bob are both tagged in a picture, either would be a correct answer, but what if Bob is in the picture but not tagged? Just seems like a system with a lot of potential problems.

Re:Picture thing (1)

oracleguy01 (1381327) | more than 3 years ago | (#35013610)

As soon as I read the summary I thought about this. People do weird stuff with tagging, I know some people that will tag someone not in the picture as a way of telling that person that they should look at it and like you pointed out people will tag pictures without people even in it.

That kind of renders the feature less than optimal. They are trying to rely data that by its very nature is unreliable.

Isn't there some way to put your friends into groups on FB? If so, if you could set the feature to only draw from certain groups of friends it would at least give you a better chance of getting it right.

Re:Picture thing (0)

Anonymous Coward | more than 3 years ago | (#35013618)

That's what happens if you have friends!

Re:Picture thing (-1)

Anonymous Coward | more than 3 years ago | (#35013646)

I have 1,500 friends that I have got from playing the games. Stupid system. I did not swear until I came across this

Re:Picture thing (1)

wile_e8 (958263) | more than 3 years ago | (#35013782)

I ran into this while abroad as well, but IIRC there was an option to skip a picture. I used that option once or twice when I was given a picture without a face.

Chat breaks (1)

Locitus (1411185) | more than 3 years ago | (#35013286)

Also, the chat-function breaks when on https. Not very surprising though.

Re:Chat breaks (1)

Anonymous Coward | more than 3 years ago | (#35013404)

Also, the chat-function breaks when on https. Not very surprising though.

I don't get it. Why is it not surprising that chat breaks? Shouldn't it work over https?

Am I missing something? (5, Insightful)

hellkyng (1920978) | more than 3 years ago | (#35013306)

This social login is supposed to increase security? What about privacy. It seems like this feature can be leveraged to harvest pics from facebook, not that they weren't already available to the highest bidder anyway. Hopefully they have something in place to prevent harvesting...

Anyone else sense ulterior motives? (3, Interesting)

Anonymous Coward | more than 3 years ago | (#35013318)

As a coincidental bonus of this new CAPTCHA, Facebook has nearly every photo stored in their library face-tagged for them, using the most powerful and accurate computers in existence - us.

Re:Anyone else sense ulterior motives? (1)

Attack DAWWG (997171) | more than 3 years ago | (#35013730)

Huh? They already know whose photo is whose. The whole point of this feature is to test whether you know. If you answer incorrectly, they know that and you fail the verification.

So how does this give them any new information?

Re:Anyone else sense ulterior motives? (0)

Anonymous Coward | more than 3 years ago | (#35013852)

Not the OP, but wrong guesses might be interesting...

Re:Anyone else sense ulterior motives? (1)

cranberryhiker (1000575) | more than 3 years ago | (#35013876)

Really, +4, Interesting? This is an inane comment, not an interesting one. They are ALREADY face-tagged, by us, before they ever enter this CAPTCHA scheme.

Unknown "friends" (2)

Esospopenon (1838392) | more than 3 years ago | (#35013340)

I'm curious about how the "Social Authentication" feature will play out, especially for the facebook users eighter view the friendslist as a sort of competition or who play games that reward users who have many friends playing the game and therefore add friends by the truckload without having any real idea of who they are. There's probably a lot of people playing the latest Zynga game or whatever is popular these days, with an extremely large list of "friend" who they don't know and don't want to know, other that they share the same game interest and it's a win-win in relation to that game. If facebook starts asking questions about these 'friends' then I fear many users will fail the social authentication and then what?

Won't work for me (2)

denshao2 (1515775) | more than 3 years ago | (#35013364)

More than half my friend list consists of people that I don't really know. Some are gamers who help me with social games that offer benefits to players that have a lot of friends who play the same game. Also, it seems to have become a fad to use weird aliases instead of real names.

Tagged pictures (2)

Mentally_Overclocked (311288) | more than 3 years ago | (#35013370)

I thought it was just a clever way for us to do work training their facial recognition algorithm ... Maybe a huge conspiracy to create a government identification database!

Social Login Flaw (0)

Anonymous Coward | more than 3 years ago | (#35013398)

Facebook and the Social Login feature make the mistake of assuming your friends will post portrait photos of themselves. I have run into this little test, and most of the random images Facebook selected for me to identify were of internet memes, lolcats, a guy on a horse in the distance whose face I could not make out, and comics/animation/tv characters my friends like. I failed the test and had to wait a couple hours and retake it twice before I could finally get a random set of images I recognized.

HTTPS on Facebook is still not 100% working (1)

watermark (913726) | more than 3 years ago | (#35013420)

HTTPS has been an option with Facebook for a while, but Facebook chat (still) doesn't work while viewing over HTTPS. And the wife needs Facebook chat...

Re:HTTPS on Facebook is still not 100% working (2)

mini me (132455) | more than 3 years ago | (#35013736)

While I am skeptical that anyone needs Facebook chat, given that it provides an XMPP interface [facebook.com] , couldn't she use Facebook over HTTPS and chat over XMPP?

Who says hackers are bad... (1)

Kildjean (871084) | more than 3 years ago | (#35013432)

It took a hacker, to force facebook into being more secure yet. Maybe someone sniffed the ports earlier today and that is how they got into Zuckerboy's account or fansite or whatever...

that's genius (2)

digitalsushi (137809) | more than 3 years ago | (#35013436)

i cant share my wife's account anymore. i gotta make my own now.

well, i needed to make one for myself just to untag my name from my ugly mug anyways. either way the machine is going to eat me. *splat* i give up. there's no way to avoid them. people i see can take photos of me and label me. i cant undo it without logging in. if i log in, it is still stored.

it's a new world i guess.

Exposing Pics and Friends (0)

Anonymous Coward | more than 3 years ago | (#35013438)

First of all this is using your friends pics without their consent. I'm sure there will be someone smart enough to use the social login to harvest someone's friends and constructing a friends list of a user.

There's a problem with this. (1)

thisisauniqueid (825395) | more than 3 years ago | (#35013446)

I had to name friends one time for some stupid facebook game that I installed. I couldn't name more than half of them from photos. Probably 1/3rd were people I didn't know that well who friended me ("sure, whatever -- click") and 1/3rd were people I knew but whom I couldn't identify based on their profile photos. => All in all, a novel but (in practice) rather stupid idea.

Security? More Like Giving Up Your Friends (0)

Anonymous Coward | more than 3 years ago | (#35013456)

Does anyone else think this is just another way to have you give them more info. Before they knew who your friends were through links and addresses. Now the are able to start putting a face to a name. Further stripping of privacy here. There are other ways to make things more secure, but to rat out your friends is really manipulative.

As a phisher looking for facebook passwords ... (1)

BitZtream (692029) | more than 3 years ago | (#35013472)

I set up a fake facebook site, when you go to login, I forward the request to face book so I get your pictures and answers, then when your done, I get your password anyway.

So anything local can steal your password and any phishing site can do it as well if they put 2 seconds of effort into it, they can also use an existing botnet to proxy the requests to the real facebook site so it doesn't all come from one phishing site host.

If this is a replacement for captchas just stop. Require a valid credit card and a sign up fee of some tiny amount one time and freaking be done with it. Requiring a credit card is less of a hassle and more reliable even for people who don't currently own a card. Effective captchas are practically unreadable to most humans and the new 'throw random friends pictures at you' is worse since it will end up throwing you pictures like the back of someones head or some random person that happens to be in one of your photos but you really have no clue who they are.

This doesn't solve any problems and makes use more annoying. Sounds like a win-win as long as it only applies to facebook.

Remember when... (4, Insightful)

Haedrian (1676506) | more than 3 years ago | (#35013486)

Someone had the 'brilliant' idea of everyone replacing their face with cartoon images from their childhood?

They pull that sort of thing now, and most people won't be able to log in...

Re:Remember when... (0)

Anonymous Coward | more than 3 years ago | (#35013546)

Yes, because I forgot that the moment you upload a picture of a cartoon character Facebook then photoshops every photo you've previously been tagged in with the characters face instead of yours.

Yet another image-based CAPCHA scheme (1)

Animats (122034) | more than 3 years ago | (#35013492)

The good news is that this will provide an incentive for producing low-cost high-quality face recognition software. There will also be face recognition outsourcing services.

And, if the Facebook account is entirely fake (created, perhaps, by Facebook Demon), this won't slow down login, since the program has already seen its own pictures.

Re:Yet another image-based CAPCHA scheme (1)

omnichad (1198475) | more than 3 years ago | (#35013680)

Furthermore, if those pictures are already public - as they'd better be if they're going to be shared by someone who only knows a username, they're being indexed by search engines. Just match up the photo with a search for similar images.

What about the friendless? (1)

nurbles (801091) | more than 3 years ago | (#35013498)

Does this mean that those of us who refuse to go anywhere near Facebook will no longer be allowed to post things? There ain't no way I'm ever going to have an account with something like that, I value my privacy (what little I have left) too much.

And anyway, I don't really *like* people and have no friends, so what would I be shown if I *did* have a Facebook account, but zero friends?

PS: apparently, one can no longer use the <i> tags to italicize words ("like" and "did" are wrapped in 'em above.) What else have we lost?

Re:What about the friendless? (0)

Anonymous Coward | more than 3 years ago | (#35013586)

Re Para 1: Wait, do you mean that you can post things on Facebook without an account? I don't think this changes anything

Re Para 2: If you don't have friends, why would you be on Facebook? The entire point is to see what your friends and acquaintances are up to. Oh, I see, you're using it as an OpenID authentication source. I suggest you find another one.

Re:What about the friendless? (1)

nurbles (801091) | more than 3 years ago | (#35013734)

Color me stupid. Somehow I missed that this was a FACEBOOK security feature and though /. was going to start tying themselves to the evil facebook. Glad to know I'm completely wrong. Oops and sorry.

What if your friends are all.. (0)

Anonymous Coward | more than 3 years ago | (#35013508)

erm.. dancers? Do you need to know their real name or their stage name? Plz clarify.

entice people to put names on the faces (1)

ciaran_o_riordan (662132) | more than 3 years ago | (#35013512)

> asked to name the person in those photos

It's also a good way to entice people to put names on the faces in their photos.

Other security suggestions include verification via mobile phone.... which just so happens to be a good way to entice people to put their mobile phone number into their profile.

Why does every feature sold as a security enhancement involve increasing the amount of personal info you hand over?

Re:entice people to put names on the faces (1)

crush (19364) | more than 3 years ago | (#35013756)

Even better, it creates an evolutionary pressure for spammers to invest in databases of peoples faces linked to names and associated face-recognition technology. Brilliant. Something else for which to thank the Facebook tards.

Re:entice people to put names on the faces (0)

Anonymous Coward | more than 3 years ago | (#35013824)

How else is facebook ever going to make money? By selling your information to highest bidder!

My congratulations (5, Insightful)

Carnildo (712617) | more than 3 years ago | (#35013614)

My congratulations to the Facebook developers. They've made a website that faceblind [wikipedia.org] people like me cannot use -- I didn't think that was possible.

I wonder if I can sue them under the Americans with Disabilities act...

I like it. (1)

Limburgher (523006) | more than 3 years ago | (#35013640)

I was traveling recently and it had me do the social login thing because I was outside the usual range of IPs. I actually liked it. It was a no-brainer for me to do, and very few people that weren't me could have done it correctly, since the pictures of people were from all over my social map. +1 to Facebook for this one.

Friends? (1)

gmuslera (3436) | more than 3 years ago | (#35013654)

Which kind? Close ones? The old schoolmates that look totally different now? Some people that you only know thru internet, never saw in real life? The anonymous faces that some collect as "friends" just to make numbers? Any of the variations of the word used in the South Park episode about facebook?

The problem with facebook is that everyone of them are just friends, not a lot of deepness there, basically all in the same bag no matter what they are, And add to that that their identifying picture could be anything.

Probably will be far less troublesome to actually pick a decent password than remembering names of random friends.

Teens will hate this (1)

Stenchwarrior (1335051) | more than 3 years ago | (#35013722)

My 15 year old daughter, and probably all other other teens/tweens out there, likes to "collect" friends, whether she really knows them or not. having tons of contacts on FB affords her bragging rights in her circle of real friends. So, if she has to name some of them before being allowed to access her home page, then I guess I can remove the time restriction to that domain from my firewall, cause she'll never get in again.

Terrible idea... (1)

Darkness404 (1287218) | more than 3 years ago | (#35013760)

This is a terrible idea for a number of reasons. First of all, how many people's friends actually simply tag themselves in photos of themselves. People tag themselves in all sorts of things, many of which are not themselves. Someone might tag themselves as George Washington, or the Mona Lisa or even just random things like a corner of a photo of a concert they attended. Secondly even if that was 100% perfect the fact still remains that the greatest threat to the average person's privacy isn't the guy who promises to 3nlarg3 y0ur p3n1s, though, that is a valid threat, but is more often it is someone with a grudge against you. While it is rather easy to laugh off the 3nlarg3 y0ur p3n1s guy and just say "sorry if you got any spam from me" but someone with a grudge against you might ruin your life, especially if you aren't on Facebook 24/7 and have added people like your boss, your parents, your in-laws, etc.

so, if I know the person I'm trying to hack (1)

way2trivial (601132) | more than 3 years ago | (#35013770)

like, you know, all the little teeny boppers that hack their 'friends' facebook pages?

what if the hacker is known to me/knows the same people I do?

Ya, real good solution-- Since before the internet was widely in use~ with my very first bank account where I could call in and ID myself to the bank for account changes, ~ my 'mothers maiden name' has ALWAYS been something my irresponsible brother does not happen to know.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...