Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook Removes Firewall from Applications

Zonk posted more than 6 years ago | from the some-of-those-things-are-pretty-cool dept.

Social Networks 72

NewsCloud writes "Last week, Facebook quietly removed sign-in restrictions that previously hid third party applications from the public Web. In other words, Facebook now allows its third party applications to be viewable on the Web by anonymous visitors and indexable by search engines. Web developers can now build an application using Facebook's platform usable by anyone on the Internet — not just Facebook members (e.g. the Lending Library). In doing so, developers can leverage Facebook's login and registration as well its other platform services, which are becoming increasingly substantial. Facebook may be trying to gain advantage as a universal authentication gateway for public Web applications. If successful, it could further hamper efforts to establish OpenID. This will also help the company break out of its earlier AOL-like walled-garden strategy."

cancel ×

72 comments

Sorry! There are no comments related to the filter you selected.

And... (5, Funny)

owlnation (858981) | more than 6 years ago | (#21618901)

Facebook users organize a mass protest against this change in 5... 4... 3... 2... 1...

They would, but... (2, Funny)

Anonymous Coward | more than 6 years ago | (#21619141)

They made the mistake of organizing the protest ON Facebook. Oops.

Now if you'll excuse me, I hear that you can make big money fast by installing this Facebook app called SendMyPersonalInfoToMotherRussia. I wonder what it does?

Re:And... (0)

Anonymous Coward | more than 6 years ago | (#21619309)

Well, yeah! Because in order to change the world we just need to get enough people to join this facebook group! And get a SUPERwall!

Re:And... (2, Funny)

Anonymous Coward | more than 6 years ago | (#21619397)

By 'organize a mass protest', I assume you mean 'create another "Facebook sucks" group'?

Re:And... (1)

AFormalEvent (966445) | more than 6 years ago | (#21620041)

I'm surprised by the replies to this. moveon and their related facebook group, 60,000+ strong, were a catalyst in the rethinking of Beacon and were successful in their cause. Belittling their efforts and any possible protest of this won't help anyone. There ~are~ security and privacy concerns surrounding this announcement too, and given facebooks track record, it could be worse than one would think.

END MODERATOR ABUSE: THE GAUNTLET IS DOWN NOW!!~!! (-1, Offtopic)

Taco Meat (1104291) | more than 6 years ago | (#21621579)

I have again been the victim of moderator abuse http://slashdot.org/comments.pl?sid=366293&cid=21424075 [slashdot.org] . MOD me up to correct this injustice. Mod me down if you think I am a moron. Of course, in the immortal words of PeeWee: "I'm rubber and you're glue, whatever you say bounces off me and sticks to you".

Too many moderators use Insightful as "I agree". Too many moderators fall for unoriginal groupthink and mod it up. People complain about trolls, but the REAL line noise on slashdot comes from the posts modded +4 or +5 that contribute NOTHING to an intelligent discussion. You can't filter that out, and even if you have your thresholds set high, you still see all the stupid stuff that you've already seen. That's why digg sucks and will never be anything but a place for 1338 high-skool haxx0rs. And it's happening here. So I used this account to call shenanigans on sucky posts. I getted modded into oblivion for pointing out truth. I guess that's how it goes. Most of you are a bunch of mindless sheeple.

You know, I once suggested that IQ tests be given to moderators to separate the wheat from the chaff. I think that wouldn't help. I kind of like having idiot moderators. MORONS! DOPES! Bring it, tubers!

Re:END MODERATOR ABUSE: THE GAUNTLET IS DOWN NOW!! (0)

Anonymous Coward | more than 6 years ago | (#21624233)

Posting AC so I won't get a Karma hit, but I think a lot of problems with mods stem from the "use it or lose it" policy. When I get mod points, I feel compelled to use all of them rather than only modding good posts. I will catch a few good posts, but probably 3 of the 5 go to modding up an already modded post, or just modding funny.

Opens security Nightmare to web (2, Interesting)

jdh41 (865085) | more than 6 years ago | (#21618909)

Now we just need one or two careless fools coding myfirstfacebookapp to make a mistake and people can cleanup on information collection...

Re:Opens security Nightmare to web (4, Interesting)

Tim Browse (9263) | more than 6 years ago | (#21620213)

Given my experience of coding a facebook app, you have to guess at so much information because it's so poorly documented (esp. the security/authentication stuff) that this is extremely likely.

hamper? (0)

Anonymous Coward | more than 6 years ago | (#21618917)

If successful, it could further hamper efforts to establish OpenID.

Wait, there were efforts? Last time I heard all users who really wanted to use OpenID were signed up. Both of them.

Re:hamper? (2, Informative)

mustpax (983305) | more than 6 years ago | (#21619095)

Yeah both "AOL, Cordance, JanRain, Microsoft, NetMesh, Six Apart, Sxip, Sun Microsystems, Symantec, Verisign, Yahoo! [and] Google." http://radar.oreilly.com/archives/2007/12/openid_20_final.html [oreilly.com] Not to mention plugins already available for open source publishing tools such as WordPress [wordpress.com] .

Scared of OpenSocial? (4, Interesting)

neuro.slug (628600) | more than 6 years ago | (#21618931)

Perhaps Facebook (backed by Microsoft $) is now looking to get its apps in other places in order to compete with Google's OpenSocial [google.com] , maybe?

Re:Scared of OpenSocial? (2, Interesting)

Shemmie (909181) | more than 6 years ago | (#21619737)

Add to that CardSpace [netfx3.com] . Facebook allowing the use of CardSpace for sign-in would give Microsoft a hell of a leg-up in the Social Login game.

Is Facebook the new AOL? (1)

SlipperHat (1185737) | more than 6 years ago | (#21618977)

The quote

AOL-like walled-garden strategy
makes me wonder. I shudder to think what MySpace would be ... the new Usenet? (NO WAY!)

Re:Is Facebook the new AOL? (1)

kihjin (866070) | more than 6 years ago | (#21619891)

Me too.

-kihjin

Re:Is Facebook the new AOL? (3, Funny)

SnowZero (92219) | more than 6 years ago | (#21627633)

Me too!
(don't forget to top post [catb.org] over a full quote)

Me too.

-kihjin

Re:Is Facebook the new AOL? (2, Funny)

ncryptd (1172815) | more than 6 years ago | (#21620737)

Nah, MySpace could never be the new Usenet. They've had idiots on MySpace from the start. Usenet actually used to be good...



Damn I feel old.

As expected (1)

mozumder (178398) | more than 6 years ago | (#21619049)

Their next steps should be to create some new secure TCP/IP protocols to replace the outdated HTTP, SMTP, FTP, and so on, while signing in at the OS level.

Facebook is pretty much going to own.

Re:As expected (1)

Drive42 (444835) | more than 6 years ago | (#21619445)

Yes. This is extremely likely and will be welcomed by everybody.

Re:As expected (1)

SnowZero (92219) | more than 6 years ago | (#21627685)

Their next steps should be to create some new secure TCP/IP protocols to replace the outdated HTTP, SMTP, FTP, and so on, while signing in at the OS level.
They could call it "Microsoft Fista".

Then again, maybe "Faceter" would be a better name, or a more-web-2.0 "MS Fistr".

Security implications. (4, Insightful)

palegray.net (1195047) | more than 6 years ago | (#21619067)

To hell with the analogy to AOL's "walled garden", I envision some more akin to a burning garden if a major security incident were to occur after widespread adoption of this platform for single-signon functionality. This is the same reason I have always been opposed to Microsoft's ambitions for using their Passport system for wide authentication; my objections had very little to do with my political opinion of Microsoft (which isn't terribly high, but that's beside the point). Diversity in any system is good for competition, and limits the damage any one exploit can cause.

Re:Security implications. (1)

icepick72 (834363) | more than 6 years ago | (#21621517)

Microsoft's ambitions for using their Passport system


Passport effectively died years ago, mostly being used on only Microsoft web properties. Microsoft is now into stuff like CardSpace [wikipedia.org]

Re:Security implications. (0, Offtopic)

websensei (84861) | more than 6 years ago | (#21621625)

MOD PARENT UP.

Security of applications (4, Insightful)

Rinisari (521266) | more than 6 years ago | (#21619071)

Does this strategy protect the Facebook users' data from being seen by non-Facebook users at the Facebook API level? By this, I mean that Joe Internet User cannot see my data on the Facebook application, and that Facebook is held liable for this, not the application developer? If this cannot be guaranteed, it looks like I might be removing most of my applications, no matter how useful they may be. I trust Facebook a whole lot more than I trust individual people.

Re:Security of applications (2, Insightful)

mozumder (178398) | more than 6 years ago | (#21619103)

Applications see people (and their data) that approve the applications.

So, if a person approves an application, then that application can go ahead and broadcast to the world that person's data.

You're wrong. (0)

Anonymous Coward | more than 6 years ago | (#21620387)

Applications are bound by Facebook's privacy policy, do not have access to your contact information (email, etc.), and are also bound by the application developer agreement which limits what they can do with your data further.

So, no, they cannot "go ahead and broadcast to the world that person's data".

Re:You're wrong. (1)

Stewie241 (1035724) | more than 6 years ago | (#21621451)

And what binds them to Facebook's privacy policy may I ask? Them checking a box saying 'I agree'? Wow... that's reassuring!

Re:You're wrong. (0)

Anonymous Coward | more than 6 years ago | (#21621737)

Yes, because clicking "I agree" is so much different than signing your name on the dotted line. Banks have no problem lending people thousands of dollars in unsecured credit with nothing more than a signature. Why is that? Oh yeah, because there are consequences to breaking the agreement.

The very same laws that bind Facebook to its own privacy policy also bind the third parties. Exposing the data even without agreeing to Facebook's privacy requirements opens third parties up to all sorts of liability. Not to mention possible legal action on the part of Facebook, criminal charges, and advertisers pulling out.

You're wrong, and so is the TOS guy. (1)

5of0 (935391) | more than 6 years ago | (#21623045)

Applications see people (and their data) that approve the applications.
True.

So, if a person approves an application, then that application can go ahead and broadcast to the world that person's data.
Not true. You, sir, are wrong. Allow me to fix that sentence for you:

that application can go ahead and broadcast to the world that person's first name and maybe profile picture, and nothing else.
Check out my other post [slashdot.org] for details, evidence, and general proof that this is all a big FUD fest.

Re:Security of applications (1)

Anonymous Coward | more than 6 years ago | (#21619269)

"Of course, we're concerned about our users' privacy, and so the only user-specific data available on public canvas pages will be first name and profile picture (and then only if the user's profile picture is already publicly searchable). But you, the application developer, need not worry; FBML tags will automatically handle privacy rules for you. "

http://developers.facebook.com/news.php?blog=1&story=57 [facebook.com]

Re:Security of applications (0)

Anonymous Coward | more than 6 years ago | (#21620039)

1: There's nothing remotely useful on Facebook.

2: Facebook is less trustworthy than anyone else.

Re:Security of applications (1)

Tom9729 (1134127) | more than 6 years ago | (#21620721)

You shouldn't trust Facebook at all.

Ever noticed the lack of a "Delete my account" button in the account settings? To get your account (and all of your private information) permanently deleted, you have to _argue with them_ over email.

I have doubts that they even deleted my information. It's more likely they just said it was all gone to shut me up.

The moral of my story is that anything you put in to Facebook might as well be viewable by the whole internet. It may not be at the immediate moment, but breaches of security happen, new privacy policies happen, etc I think you can see where I'm going with this. Not to mention you really don't know what they're doing with your data.

Re:Security of applications (1)

bigstrat2003 (1058574) | more than 6 years ago | (#21621085)

Ever noticed the lack of a "Delete my account" button in the account settings? To get your account (and all of your private information) permanently deleted, you have to _argue with them_ over email.
That's not a reason to mistrust them. Poor decision on their part to not include such a thing, but that's not the same as malice.

The moral of my story is that anything you put in to Facebook might as well be viewable by the whole internet.
Duh, that's common sense. If you put something on the internet, you should be prepared for everyone in the world to see it.

Re:Security of applications (2, Informative)

5of0 (935391) | more than 6 years ago | (#21623015)

Does this strategy protect the Facebook users' data from being seen by non-Facebook users at the Facebook API level? By this, I mean that Joe Internet User cannot see my data on the Facebook application, and that Facebook is held liable for this, not the application developer? If this cannot be guaranteed, it looks like I might be removing most of my applications, no matter how useful they may be. I trust Facebook a whole lot more than I trust individual people.
Um, no. The other replies are woefully errant and FUD. From the announcement [facebook.com] (login may be required?):

Of course, we're concerned about our users' privacy, and so the only user-specific data available on public canvas pages will be first name and profile picture (and then only if the user's profile picture is already publicly searchable). But you, the application developer, need not worry; FBML tags will automatically handle privacy rules for you.
So no. And no, I as a FB developer can't get to the data anyway. It works like this:
  1. I write code to do my normal FB app, as if it's logged in.
  2. Someone accesses my canvas page from outside of Facebook.
  3. Any reference to personal data on the page is scrubbed out, except for a) first name and b) profile picture*
*Available only if the user hasn't disabled public searchability of themselves

As a dev, I can't get any extra data outside of the "garden" of being logged in (see ** below). It's entirely done on FB's side, I don't (and can't) change anything on my end to make private data more available to non-logged-in instances.
I'm pretty sure there is a lot more info out there for a lot of us that first name and a picture. And if you're interested in privacy, you've already got the picture disabled, because otherwise it could show up with a google search.
So I call FUD. For anyone who is remotely concerned with privacy, the data miners get...your first name. Whoop-de-do. And if you're not concerned? They get a picture. Definitely going to be able to steal your credit card info now! I can run your first name through my picture-to-last-name-database and find you!!!!
Sure, Facebook has made some missteps, but they've done a good job of responding when there is an upswell of legitimate protest.
This protest is illegitimate and misinformed, and this feature provides little to no privacy risk.

To summarize: The nasty hax0rs get your first name and, if you don't care about privacy, your picture. And no, there is no way that a dev can give you that information.**
**Okay, they could cache the information from logged in sessions in their db and then present it to you, but that would be a) against the TOS and b) stupid, since only cached data would be available, and if you *really* wanted it, you could just create a FB account. You can argue obscure ways that they could present the data, but in the end, there are a lot easier ways, and this provides no additional security breach.

fb open (0)

Anonymous Coward | more than 6 years ago | (#21619353)

My read on the above article is that it looks like facebook is making their network MORE OPEN. Through this openness more apps will be able to connect and communicate -- should mean more CONTROL and better experience for people both on and off facebook. The openness should also make it easier for users to move their information to new locations, non-facebook locations -- i.e. more ownership of one's own stuff. Looks good to me -- of course, based on my current understanding. ;-)

Jeremy Horn
The Product Guy
http://tpgblog.com/ [tpgblog.com]

Profile XML standard any one? (1)

cheekyboy (598084) | more than 6 years ago | (#21622031)

What we need is a way to export your massive profile as one big XML file.

That way moving to new systems would not need to re-enter all the damn info all over again.

plaintext? (0)

Anonymous Coward | more than 6 years ago | (#21619443)

Whenever I log into facebook (and I haven't logged in for several months now) I wince, because it appears that no secure protocol is being used. Anybody know if there's SSL login?

Re:plaintext? (5, Informative)

pat mcguire (1134935) | more than 6 years ago | (#21619727)

instead of http://facebook/ [facebook] use https://facebook./ [facebook.] They don't advertise it, but there it is. It doesn't protect anything but your password, however. After sign in you're off of SSL.

Re:plaintext? (0)

Anonymous Coward | more than 6 years ago | (#21620679)

I am by no means an expert, but I looked at the traffic being sent during the login process using http://www.facebook.com./ [www.facebook.com] It appears that a secure session is made to transfer the login information. Like you said, it doesn't protect information after login, but at least the login seems to be secure.

Re:plaintext? (1)

baadger (764884) | more than 6 years ago | (#21622939)

It is irrelevant, unless the page containing the login form itself is transfered securely you are vulnerable to man-in-the-middle on-the-fly rewriting of the page.

Re:plaintext? (3, Informative)

deftcoder (1090261) | more than 6 years ago | (#21622081)

<form method="post" name="loginform" action="https://login.facebook.com/login.php" ...
You're POSTing to a secure page anyways... all that happens for me when I visit https://facebook.com/ [facebook.com] is I get warned about an invalid SSL certificate and then redirected ("Location: http://facebook.com/ [facebook.com] " HTTP header) back to the non-https site.

Re:plaintext? (2, Interesting)

lJlolel (789483) | more than 6 years ago | (#21638033)

True fact: look at the source. Even at http://facebook.com/ [facebook.com] it logs you securely in via SSL.

Re:plaintext? (1)

deftcoder (1090261) | more than 6 years ago | (#21622089)

See http://developers.slashdot.org/comments.pl?sid=383205&threshold=1&commentsort=0&mode=thread&pid=21619727#21622081 [slashdot.org]

Your (plaintext) login credentials are safe. Someone could still sniff out your cookie data and access your profile without logging in though. They'd be able to do pretty much anything but change your password and delete your account (unless they also have access to your email account to reset your password).

Re:plaintext? (1)

diamondmagic (877411) | more than 6 years ago | (#21624835)

As older siblings have mentioned, the login form data is in fact posted to https://login.facebook.com/login.php [facebook.com] .
However, since the login form is presented to you in the clear, you are still prone to a man in the middle attack - someone could intercept the login form and replace action="https://login.facebook.com/login.php" with action="http://bad.website.example/submit".

how many of you... (5, Insightful)

mathfeel (937008) | more than 6 years ago | (#21619525)

like me, started using facebook because it's a walled-garden with well segregated networks? I mean, I don't want to pervert457 or randomperson223 to be able to view my profile, or try to flood my inbox (or wall, I suppose). Maybe I am mis-informed, but that's how I perceive MySpace from a lot of media reports including here on /.. Now-a-day, facebook seems to become exceeding bloated with random apps. I just want to check what's up with my friend and his profile takes eons to load (partly his fault of course). I also start to notice that my "notification" are filled with (non-deleteable) items for ads (just saw a Blockbuster one).

Oh yeah, and this is hilarious...youtube video [youtube.com]

Re:how many of you... (1, Offtopic)

jhfry (829244) | more than 6 years ago | (#21619665)

I'm not much of a fan of YouTube... most of the crap on there is a waste of bandwidth... but this video is by far the most entertaining and well done piece of web video I have seen on YouTube. Thank you for posting the link!

Re:how many of you... (3, Insightful)

maxume (22995) | more than 6 years ago | (#21619685)

I didn't start using either of them(mostly because I'm too old to have started during school and haven't had other reason). It's getting to be pretty clear that published means just that, regardless of any promises that are made. This is an irritating lesson to learn, but it provides an easy to use guideline.

Re:how many of you... (1)

Paul Pierce (739303) | more than 6 years ago | (#21619947)

Very good video, definitely entertaining; However I don't see another dot-com crash happening. In the 1990's everyone was racing for a piece of the pie because growth was through the roof. Promises were made and money was being handed around before any stability. ATM had severe limitations that hadn't been seen, and many start-ups found out they went the wrong path. Facebook isn't going anywhere. There are so many average users using these social-networks that there is plenty of depth.

Something better will almost always come along, but I highly doubt there will be a big enough scare to get investors to jump ship as they did in the late 90's.

Re:how many of you... (0)

Anonymous Coward | more than 6 years ago | (#21620127)

like me, started using facebook because it's a walled-garden with well segregated networks? I mean, I don't want to pervert457 or randomperson223 to be able to view my profile,

Yeah, I hear the admissions process for getting a Facebook account is pretty tough.

Re:how many of you... (1)

Stewie241 (1035724) | more than 6 years ago | (#21621499)

Yeah, I hear the admissions process for getting a Facebook account is pretty tough.

Yeah... Almost as tough as it is to restrict your profile to approved friends.

Re:how many of you... (1)

Shag (3737) | more than 6 years ago | (#21622771)

like me, started using facebook because it's a walled-garden with well segregated networks?
It's a what? Since when? Or are you talking about back when you had to have an email address in one of a few hundred .edu domains to join?

I mean, I don't want to pervert457 or randomperson223 to be able to view my profile, or try to flood my inbox (or wall, I suppose)... Now-a-day, facebook seems to become exceeding bloated with random apps. I just want to check what's up with my friend and his profile takes eons to load (partly his fault of course).
So... you want better privacy/security controls, but don't want to be notified that 5 of your friends have added the OMG Ponies! app and one of their ponies wants to bite you and turn you into a pony? Read/Write Web [readwriteweb.com] just had a blurb yesterday about Multiply, suggesting that it might be a good alternative.

(I use both Facebook and Multiply, for different reasons.)

Facebook... (1)

boredMDer (640516) | more than 6 years ago | (#21619637)

A few days ago, I just deactivated my Facebook account just because of crap like this.

Wrote up a nice little thing about privacy, beacon, blahblahblah. This is yet another issue in likely a long line to come...

Frankly, IMHO their privacy setup sucks, but since no one (that the site really seems to appeal to) reads news sites that cover Facebook privacy issues, or reads the TOS about information they (the users) provide... People will continue to use it, then bitch when they show up with their personal information spread all over Google and 'affiliated sites'. Prospective employers already Google names, find MySpace sites, etc. This will be probably be just as bad.

Eh, mini-rant.

Re:Facebook... (2, Insightful)

quintessentialk (926161) | more than 6 years ago | (#21620289)

On the other hand, the sort of personal disclosure we see on facebook may grow into a cultural, society-wide phenomenon. Presumably most people are concerned about information disclosure because of consequences of that disclosure. If there are few consequences, how many people will care? Sure, the HR director who hired me probably looked for my facebook page. But I came across his facebook page entirely by accident, and his is way more revealing of his personal life than mine is. Once the college students of today rise to power, I think personal internet disclosure will be more socially acceptable.

Re:Facebook... (1)

rahvin112 (446269) | more than 6 years ago | (#21621113)

Your wrong. TMI will always dictate work relationships. In 10 years or so you will understand that you don't want to know that co-worker X (a 45 year old hairy fat man) is into BDSM and oil wrestling. You don't want to know, you don't want to imagine and you have no desire to even have the barest knowledge of certain personal aspects of the people you work with because you will know that it will impede and interfere with your ability to work with them, regardless of how good of a coworker they are. And you don't want your boss knowing that you "used a lot of hard drugs in college" or that you are an "atheist", because just like your opinion of your coworkers would be colored by that perception, so will your Bosses. For example you could have a Boss that under appearance is a friendly non-judgmental kind of person, but in fact is a radical Christian who doesn't promote atheists or drug users. And for all you know the CEO fires anyone he finds out has ever used drugs because he read some book that told him drug users cost businesses on average $10,000 per year.

People discuss far too much about their personal lives on easy to find sites that are often indexed by the major search engines. A quick search of a few major sites even without using Google could reveal information that would normally be a EEO violation for the employer to ask but is voluntarily being disclosed by hundreds of thousands of young people without the work experience to realize how damaging this information can be in the wrong hands. Not only is the disclosure voluntary but it makes it trivial to discriminate because the information is so easily obtained BEFORE being hired. The worst part is that because it's done preemployment the discrimination will be virtually untraceable and impossible to prove. You simply can't do anything but hurt yourself by baring your personal life to the world.

And it's going to be 20 years or more before Gen Y is in "control". Heck the baby boomers are still running the show with the first Gen-X'rs barely reaching that tier. And don't think for a minute that the same ideals and ideas your generation has while in college will even remotely be similar to the ones you have when you reach the peak of your influence on the nation (45-70).

Re:Facebook... (1)

Ash-Fox (726320) | more than 6 years ago | (#21624253)

In 10 years or so you will understand that you don't want to know that co-worker X (a 45 year old hairy fat man) is into BDSM and oil wrestling.
So far, knowing that doesn't bother me. I doubt my view will change in ten years to the point I find that, that bothers me.

And you don't want your boss knowing that you "used a lot of hard drugs in college" or that you are an "atheist", because just like your opinion of your coworkers would be colored by that perception, so will your Bosses.
I don't go around posting such information on Orkut, MySpace, facebook etc. I don't see the point in the first place.

Google the employers (1)

cheekyboy (598084) | more than 6 years ago | (#21622039)

Google them, find out all the dirt and print it out, so when they mention your myspace page and say "whats up with the drunk girls" eh, you can pull
out the print outs and say, "Your file is more dirty Mr, or we could just let this go under the table"

OpenID (2, Interesting)

pw201 (1081277) | more than 6 years ago | (#21619885)

What's to stop the OpenID people writing something which uses a Facebook app as an OpenID server? Best of both worlds, I'd've thought.

Re:OpenID (1)

giant_toaster (850764) | more than 6 years ago | (#21622531)

Try

http://identitu.de/ [identitu.de]

it uses your facebook profile for exactly that

What is everyone talking about??? (3, Insightful)

DeionXxX (261398) | more than 6 years ago | (#21620067)

This announcement is for APPLICATIONS. No one is going to see YOUR PROFILE! This allows people without facebook login's to see APPLICATIONS, not read your profile. If they want to use those APPLICATIONS, they will have to sign up. Even if they had a facebook profile, they still couldn't see your profile.

Ohh and another thing. Potential employers can't see your profile unless they submit a "friend request" and you accept them. So there's no issue with anyone searching google and finding your profile.

Re:What is everyone talking about??? (2, Interesting)

extra88 (1003) | more than 6 years ago | (#21621753)

This allows people without facebook login's to see APPLICATIONS, not read your profile.
But the first line of every add application agreement is:

Allow this application to...
 
    Know who I am and access my information
Does this not mean the application can read my profile and if it can, could a malicious or careless app developer expose my profile information to the world?

Potential employers can't see your profile unless they submit a "friend request" and you accept them.
Or unless you and someone at the company are members of the same network and you didn't change the default privacy settings for that network. Suddenly having an alum from your alma mater working in the HR dept. is maybe not so helpful.

Or maybe no one at the company is in your network but they pay an "information broker" who has a corral of stringers on the payroll who are members of many, many networks to view your profile.

I was wrong about the first part (1)

extra88 (1003) | more than 6 years ago | (#21625023)

Another Slashdotter [slashdot.org] who's also a Facebook app developer has explained how an app can't make your profile information available to the world.

The rest of my post about how a "friend request" is not the only way to see a profile still stands.

How much is visible? (1)

presentt (863462) | more than 6 years ago | (#21620671)

From the article:

...so the only user-specific data available on public canvas pages will be first name and profile picture...

What about information that is included from your account in part of the application? Does this mean that information from Photos, Videos, etc., which Facebook now considers "applications" are indexable in Google or available to non-Facebook users?

Cmon man... (1)

clayne (1006589) | more than 6 years ago | (#21620723)

Facebook may be trying to gain advantage as a universal authentication gateway for public Web applications.

Who WRITES these sentences? There is not an ounce of possibility of Facebook or any other private enterprise becoming a universal anything for anything but their own enterprise.

For instance, Google (not Facebook, but another intrinsically evil company) can try to scheme it all day if they want - but implementers and 3rd parties are not currently in such a sad state as to make deals with the devil without realizing it.

OpenID doesn't need facebook to fail (3, Insightful)

coryking (104614) | more than 6 years ago | (#21620751)

OpenID is an overly complex protocol that requires a bazillion interdependencies to work right. Worse, it doesn't actually solve the pain. It doesn't solve the trust problem! People want an authentication protocol that has trust. Random URL's are not trust!

Yeah, I hear you saying "Cory, OpenID isn't about trust". Well than whoopty fucking doo, go away and stop wasting my time. If I cannot have trust, what the hell is the point of OpenID?

And seriously? URL's as your unique login? What the fucking hell is that all about? 1) URLs are ugly. 2) Mom & Dad dont understand them 3) URLS!?!?

And a bonus seriously. Having the whole mess ride on top of HTTP as a friggen space age XML-RPC-SOAP-REST thing? Pick something more mature? Why not at least try to sink it down into the HTTP protocol itself? Maybe even invent a new protocol. But layering it on top of an XML RPC protocol on top of HTTP on top of TCP/IP? Are you insane?

How will this whole damn thing integrate into SMTP or IMAP - will postfix need to learn OpenID and open itself to all kinds of web base security risks? How will I use this to log into SecondLife or World of Warcraft? Do they now have to write a gog damn web stack to authenticate against OpenID? How can it integrate into LDAP or active directory?

And NONE OF THIS IS EVEN SOMETHING YOU CAN TRUST! It is all worthless!!!

OpenID does not need facebook for it to fail. OpenID will fail because it is complex, hard to explain, doesn't play with other protocols, difficult to implement, and it is misunderstood by managers, developers, sysadmins, and security experts.

Re:OpenID doesn't need facebook to fail (1)

Ash-Fox (726320) | more than 6 years ago | (#21624227)

How will I use this to log into SecondLife or World of Warcraft? Do they now have to write a gog damn web stack to authenticate against OpenID?
Funny you should say that. There is a web browser built into Second life and Linden lab has been hinting at a webpage authentication system.

facebook is a datamine (1)

SpatialVacancy (876127) | more than 6 years ago | (#21621063)

http://www.youtube.com/watch?v=OwnTWZ1-UWY [youtube.com] I recently deactivated my account, and have read concerns from several sources that facebook has strong ties with DoD and CIA investors.

Re:facebook is a datamine (3, Insightful)

Ash-Fox (726320) | more than 6 years ago | (#21624205)

I recently deactivated my account, and have read concerns from several sources that facebook has strong ties with DoD and CIA investors.
A lot of thing are funded by the DoD and CIA. In the past, I am aware of OpenBSD, Linux kernel development (SELinux), various Windows technologies, DNS, Internet infrastructure and so on.

I assume you aren't using any of those either since a lot of them have strong ties too.

Re:facebook is a datamine (1)

Blue_Bawls (1189463) | more than 6 years ago | (#21686659)

The internet is the best BIG BROTHER tool out there! I wouldnt limit or second guess that other government agencies dont have their hands in everything...I mean...EVERYTHING!

Re:facebook is a datamine (0)

Anonymous Coward | more than 6 years ago | (#21667153)

Nope. Facebook is operated by evil Jews trying to control the world. Look at the color of facebook pages. Doesn't that sounds like flag of Israel?

Microsoft Money (0)

Anonymous Coward | more than 6 years ago | (#21623643)

1) facebook
2) microsoft
3) PassportBook

Slick.

a-holes (2, Insightful)

ImTheDarkcyde (759406) | more than 6 years ago | (#21624003)

Im going to go ahead and be a troll here, so you might just want to skip this comment-

Fuck anything that throws "open" in front of the name. Fuck openID. Do you want a goddamn pat on the back because you are "open?" On top of that people of slashdot are adamantly against Real ID, which is the same thing to my uneducated eyes, except for in the real world, but hey isn't giving your single password away nowadays the same thing as handing over your social security number, bank accounts, search history, et cetera?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>