We actually implemented Facebook Connect for April Fool's back in 2010. It was a real app and posted your 4chan post(s) to your Facebook wall.
EDIT: Here's a screenshot -- http://i.imgur.com/p0peJp6.png
The best part was the reviews. They were all either 1 or 5 stars. People were shocked it actually worked.
> In a move to bolster its new 'Anonymous' strategy, Facebook has acquired 4chan for $30 billion in an all-cash deal
> "It's been an incredible journey", said 4chan founder Christopher Poole at a press conference in Menlo Park, CA. "Our anonymous users have been the driving force behind 4chan, and we look forward to bringing that experience to Facebook"
Not really. Facebook isn't giving up any information at all. So it's nothing particularly unexpected. Actually, it's kind of up FB's alley, because it allows them to gather info on web/app usage patterns of their users while leaking a lot less info to third parties. If anything this program gives FB more control over user information relative to third parties than the current FB Connect program.
This is the big question. I assume it is telling Facebook and NOT the app developer, so basically it's all win for Facebook and all loss for the developer who implements it (other than attracting the few extra users who care so much about their privacy that they won't divulge their Facebook data).
I'm curious what happens to functions inside the app that need identity. Do they work as normal but the app developer can't see the information? Or does everything the user does prompt for a login, so the app developer can be pretty assured that nobody will go for any length of time using the app before they give up and log in?
If you are getting products / services for free you have no right to demand that of them. Simply stop using facebook or any other social networking site for that matter.
I don't see the connection between direct payment for service and the right to demand things (not that the gp was 'demanding', but whatever...). I don't think that most paid apps codify a right for users to demand things of them, and actually terms of service for paid proprietary software have a tendency to be as restrictive as possible of end user rights. But Facebook is a service that monetizes user attention, and so I think that users are just as justified in complaining about, or trying to work around facets of Facebook that they see as misfeatures as they would be for software that they directly paid for. They don't have a lot of power to individually change anything, but they do have the right to complain in open forums. I don't think that the business model really has any bearing on this.
I'm just curious, what do you want to get out of using Facebook if you don't tell them anything about you? If you don't tell it who your friends are or what things you like, then what else would you do with the site?
Facebook has proven multiple times they will change settings when they please, and will do what they want with the information as they please. Platforms other than Facebook can facilitate what Facebook currently facilitates.
There's an important difference between sharing information with facebook, and allowing facebook to share your information with 3rd party developers.
Pure auth has value to developers who want to verify a user without requiring a handshake of verifying an email address, having to manage against spam accounts, and so on. Yes it's possible to have multiple facebook accounts, but there's significantly more friction in facebook's system than in any home-rolled system you're going to come up with. While at the same time, significantly less friction from a "steps the user has to take to log into your app" point of view.
Nor should they! But I don't think that's an argument against this auth product, which only works if a user has an active facebook account (ie has trusted facebook with data) to begin with.
It's another developer option, one flavor among many, that developers can use to make it easier for users to log in. Given the reality that most people actually do use facebook, I think it's kind of interesting.
Didn't everyone trust Facebook to begin with. That's how the world works. You have to trust people to begin trusting them (or an organization) - else you're going to be paranoid of the world and become sick. Facebook has violated that trust multiple times.
We are in agreement re facebook violating user trust in a variety of ways. The Anonymous Authentication product is more about what goes to 3rd party developers though.
For you, perhaps, but not for most people. There have been several occasions where I've wanted to try an app that use only FB login, but it asked for too much information, so I decided not to. Anon login would give me the ability to try these things out, and possibly give me the confidence to allow a real login. (For the record, if an app supports traditional username/email+password login, I'll prefer that, but some support only FB, and understandably so: user account management is hard.)
I'm getting a little tired with how out of touch people on HN seem, especially with regard to things like Facebook. Guess what: the majority of FB's user base does not care about privacy as much as you do. Even people who do care to an extent, and don't implicitly trust FB, are at least comfortable with some level of interaction and sharing on the platform. Anon login is targeted at people who are comfortable with what they share with FB, but are wary of giving their personal info to some random app they want to try.
Comment hating on Facebook gets upvote? Stop the presses.
Maybe I'm misreading you, but it sounds like you believe that upvotes on HN allow you to infer something meaningful about what real, normal people believe. Don't make that mistake. You'll be in for a rude awakening if you do.
Exactly this. For a site that supposedly caters to entrepreneurs, the vast majority of people here seem so out of touch I sometimes wonder how they're capable of navigating the real world.
> Guess what: the majority of FB's user base does not care about privacy as much as you do. Even people who do care to an extent, and don't implicitly trust FB, are at least comfortable with some level of interaction and sharing on the platform.
I don't mind this behavior/attitude of not caring because it has allowed many people to experiment with actively exfiltrating data out from behind these walled gardens through various means (some of which have been posted to HN from time to time over the years) without bothering going through OAuth and the like. And increasingly, users behind many of these walled gardens will see the false sense of security they have been offered when people/companies other than facebook can actively leverage and profiteer from "their" data. Once the data is out in the wild, whether facebook gives permission or not is moot.
Over the years, Facebook has dabbled with a bunch of different ways of apps requesting/handling user permissions and data.
This is not, actually, the first time Facebook has enabled this level of granularity, as far as users being able to grant permissions piecemeal.
It used to be (not sure if it still is) that an app could request one permission here, one permission there, at various points in its application flow. But with each request (in which you could bundle a bunch of different permissions) it was either an "all or none" decision for the user.
This new approach just makes things a little easier, because you can present all of the permissions and data request up front and let the user pick and choose what should be granted.
I think this Facebook thing is really going to take off one day.
IME when logging in via Facebook, I can choose to not allow that site to have the ability to do certain things (like not post to my wall etc)
I also develop an application that uses Facebook login, and we (using django-social-auth) request one set of permissions initially, and request more later if the user wants to do advanced stuff.
This seems like a fairly natural step for Facebook, as increasing app dependency on Facebook for account authorization is a step towards building a platform.
This is a horrible idea for app developers. If someone wants to sign up for my app, but doesn't want to create a real user account with an email address and personally identifiable information, then I don't have a real customer relationship or anything of value. So, why even make them log in?
I guess I just don't see the point of requiring a user account if it isn't adding value to either the user or the app creator.
One more reason not to use Facebook as a login mechanism I guess.
Because, it's a lot easier to just sign up using your Facebook account rather than trying to remember yet another password. But I don't want every little site to know my personal information. It's none of their business. I just want to log in quickly.
Logging in to a site provides more value than just sharing personal information. For me, I rarely, if ever, want a site to know my personal information. That's why I rarely use Facebook login service. Now I will.
Agreed, however, there are a few pieces of information that I find useful for Facebook to share. Namely my profile picture and sometimes my friends list. Though gravitar somewhat solves the profile picture problem.
> I guess I just don't see the point of requiring a user account if it isn't adding value to either the user or the app creator.
It adds plenty of value for the user: they get a logon to the app which allows them to keep information across sessions, while not providing the app vendor any information unnecessary to that function.
It provides a authentication as the same person without providing identification of who that person is.
Now, obviously, anonymous login provides less value to app developers who are using using logins to harvest personal information from users, but then, that's a plus for users.
> using logins to harvest personal information from users
Specifically, he wants some contact information so he can follow up with a lead, which I think is reasonable. Your average customer may not have time to put much effort into a product/service search and a (relevant, informative) follow-up email can be very helpful.
Ideally you do want what's best for the user, but if more revenue is coming in from the old, non-anonymous method, adoption of this one may be slow or limited.
Now if the app creator has a way to push a message back to the user (fb message or something) without knowing who they are, that might be a good compromise.
I never use Facebook Login for sites/apps, not because I don't trust the sites/apps with my FB data but because I don't trust FB with my app usage data.
Now, if I could log into Facebook without giving them access to my data, that would be a killer feature.
If a website loads the javascript facebook API on their site, and you're logged into facebook in general, they know who you are and what page you were on when the script was loaded whether you give the site permission or not.
When the http request is made to facebook, they get their domain cookie back which has your user info in it. On top of that, when their javascript runs they get full access to all the data of the window that made the request meaning they get the other site's cookie as well absolutely everything else.
If you don't want to be tracked by facebook online, you only have a few options. Disable cookies, disable javascript, or only login to facebook in an incognito window. Otherwise, they can track exactly who you are and where you go on any site that makes any request to facebook. Even still, if any request is made to facebook, they can still anonymously track you even if you aren't logged in.
As for apps, I don't think the facebook api would be able to find out the specific usage of the app unless the app purposefully gave it up, although they would know when you login.
It was when I started seeing pictures of my friends in ads on other sites, that's what creeped me out the most.
I logged out after that, and rarely log back in. I know that's only part of the battle, but it's something. As a result, if a platform requires a Facebook login, I probably won't use it.
Yes! If we are doing wishing thing, I wish I could install Android applications that require privileges I don't wont to give them. My system would still run the application but give it garbage for, for example, my GPS location or my camera image or my contact book. Also I'd like two sets of spoofed data. One obvious, second as realistic looking as possible, for applications that don't run with obviously spoofed data.
Well now that FB launched their own app ad network or audience network it looks like you may not have a choice in some cases whether or not your app usage is shared with Facebook.
You're only choice now is to not use apps that display FB ads.
As a developer and user, I love this. For many small apps, it just doesn't make sense to ask people to create a username/password, but I still want a way of authenticating them. This move gives me a way to leverage Facebook for that without users giving up any privacy. A total win/win.
Actually at least for me, the concerns are the opposite. I do not want Facebook to know what I am doing. I do not mind you getting my name (though I would consider it rude not not accept a pseudonym of my choice).
As a developer with a production mobile app that uses Facebook for more than just sign in, I hate this. It changes a lot of the fundamental things that we use in a way that is detrimental to our user's experience.
Before, login with Facebook provided a better and more convenient user experience. Now it just seems clunky. Without the information that we get from Facebook for a user that decides to sign in with Facebook, we don't even have a user.
The most important thing FB can do is win universal login. And the #1 thing it can do to promote that is restore some faith in its privacy commitment. This is a very smart move.
Of course let's see how they implement it. If the process is too complex, it won't work for users. Given their reputation on privacy - it will be hard to recover. But (almost) no other company has as good a shot at this opportunity.
I'm working on this problem right now at blockauth.com. Launch is still months away but its an interesting mix of Blockchain publishing, ICANN style franchising, and paranoid levels of verification. The end result
will be a federation of OpenID providers that all vouch for a user to confirm that they are a real unique person all while not giving any personal details about them unless they approve.
Basically its what Facebook is proposing but we do background checks on the accounts to ensure they aren't bots. Our privacy policy will be a lot more serious too. No marketing or targeted advertising.
I am the author of http://platform.qbix.com, and it includes decentralized identity. Each app can run on its own machine/cluster, and communicate with other apps. Each app is itself a user in Q.
When a person using a user-agent authenticates with an app, they can either do it natively (providing, say, their email address) or they can select an external app that they already logged into. The user-agent stores the domain of that app, and it's a simple matter of doing oAuth with that app. Except, of course, the user id isn't given out by the user's "home server" but instead a different "xid" (stands of external id) is given to each consumer app.
In short, an app can start life as a consumer of identity and eventually offer to provide identity. The identity provider doesn't just support oAuth, but ideally would allow the user to publish streams that others can subscribe to and view, import contacts and manage access control (privacy) based on those contacts and labels. Finally, they should be able to connect endpoints (such as their mobile phone, email, facebook account etc.) to receive notifications sent to their account by some apps they've authenticated with.
In the future we might also encrypt this stuff so governments and others can't get it by simply breaking into the database. I don't have any expertise in this last part, so if anyone does I'd be curious to learn.
Because every attempt to make decentralized standards has gradually failed in favour of private services. Reddit et al have replaced Newsgroups, Whatsapp has replaced Jabber, etc. This one will be no different, and the current approach where every users manages dozens of accounts and passwords is untenable and represents an even-bigger-security threat than trusting FB with Auth.
Facebook won universal login two or three years ago. It's offered as a login option on practically every website today. Twitter/Google+/LinkedIn offer no real threat at this point.
What is the point of this? I don't want to have to login with facebook at all. If some site has facebook login requirements I simply don't use that site anymore.
If you use facebook login for your site then you are shooting yourself in the foot if you care about users.
I'm confused. You're actually saying the exact same thing as him and assuming something in the process. You're saying that he is not considering other people when he is actually saying the opposite: that people should think of ALL users.
I'm guessing 'What is the point of this?' got you but reading that closely is more this: not everyone is sold on the idea of FB in general as the answer to anything so an alternative product doesn't do him any favors. Like trying to sell someone who doesn't want to drink a smaller bottle of alcohol.
I don't want to sign in with Facebook full stop. I really agree that you shouldn't force people to use a third party service to sign in.
If you're contemplating login, please consider people like us! Do Facebook login as your MVP but please do consider us!
Isn't that what we are doing - we are expressing our views on a site that targets startups, site and app developers
who might be considering what login technology to use?
Afterall, those sites are under construction - they have not been created and developers can weigh the pros/cons. A site that has already been created that only offers Facebook login, I cannot use. Hence our dilemma and the importance of expressing our views in this message board.
Edit: Parent deleted so this reply may not make sense.
Let me re-emphasize. That's the point you and parent are not trying to let go. FB has no part in saying sites must use us. It is a platform. If you don't want your site to offer FB login, then don't. People out there want to use it and appreciate every new bit of privacy added to fb login, great.
> I don't want to sign in with Facebook full stop. I really agree that you shouldn't force people to use a third party service to sign in.
You and parent are both thinking that it is Facebook's fault that third-party service providers are offering FB login.
Is it FB's fault that your favorite website is only accepting user comments unless you login with a FB account? No!
FB has done its good part. I am not here to argue with you or anyone about whether FB is respecting users' privacy and security demand. But now FB gives developers a new login option so that a site can allow users to do something like leaving a blog comment without revealing personal information such as name to the website. FB has done its good part as a platform.
If your website only offers facebook as the only option, that is not FB's fault. Should a website offer more login options? Why are services related to programming and source code usually come with a twitter or github login option instead of facebook? Because nowadays programmers tend to have a Github (or Bitbucket) account.
So why so much negativity around this new feature?
I don't think we're missing the point. We are not necessarily arguing that developers should not use it. We are hoping they choose not to use the platform _exclusively_ or as a substitute for their own login.
To use an analogy: we have small cars and someone is trying to sell us a big car. We're saying: 'What's the point?' because our desire and needs are already met by something else we have in mind. We see the product as missing a feature or not adding anything extra to the table. Think of it like wanting a mail provider that offers POP but not IMAP. I want one that uses IMAP - am I wrong?
I do not see this as negativity: it's just healthy disagreement. Otherwise every comment here would look the same.
It is unfortunate that the product we're talking about is offered as an alternative to the real thing (Facebook Connect) and it is what a developer would consider using to avoid writing their own login system. The offering does not meet our needs.
izzydata isn't just saying that he doesn't want a big car. He's saying that there's no point in buying a big car no matter what: "If you use facebook login for your site then you are shooting yourself in the foot if you care about users."
What is the point of this? I don't want to have to login with facebook at all. .
and then his reply,
Then use one of the other implementations. The problem is it being facebook, not the concept.
It's basically anti-Facebook login sentiment to me. Fine, I respect that. But,
If you use facebook login for your site then you are shooting yourself in the foot if you care about users.
You can't shoot yourself in the foot if your audience of your service can choose. As I said before, people who only offer FB as a login/sign up option is not FB's fault. In fact, any websites that don't offer the vanilla username/passwrod signup & login mechanism isn't FB's fault. So don't mix that issue in any discussion related to FB's new login mode here.
Now moving to yours:
We are hoping they choose not to use the platform _exclusively_ or as a substitute for their own login.
I will take it as you don't want to use any website not providing the vanilla username/password signup-login, right?
So again this has NOTHING to do with FB and its news announcement.
the product we're talking about is offered as an alternative to the real thing (Facebook Connect) and it is what a developer would consider using to avoid writing their own login system.
I am confused here. Do you like FB connect and like it over anyone's custom login system?
What exactly do you and parent want from Facebook's login and from app developers?
"If you use facebook login for your site then you are shooting yourself in the foot if you care about users." The vast majority of Internet users would disagree with you here. From the user's point of view, FB login lets you sign up to things in 2 clicks instead of having to fill out forms, most users would consider that a blessing.
This is the exact opposite of the product I want. The group I least want in control of my data is Facebook and their ever changing security/privacy policies.
1. anyone who wants to use a site has to create an account with a fb "anonymous" login. there would be no more "free" access" because then you can start to tie free user behavior to actual conversion.
2. Once the user wants to pay, this is tied to giving more information--at least name and email address.
Will be interesting to see the details, because tying free behavior to conversion is a holy grail for marketers.
Seems like an interesting choice for a demo video to showcase Flipboard (i.e. regarding their own stake in this realm of products, Paper). Granted this isn't about that, but that was fun to think about.
Wow, it seems like they finally got rid of the minimum e-mail, profile, friends and all that jazz. Just finished reading the dev docs and it seems we can finally limit the minimum scope. Facebook can now just be used as a standard login.
Though they now need to educate users so that they don't still feel that their privacy is being violated.
Corrective upvote applied. But maybe don't put a comment to your downvoter in your comments? Downvotes get fixed, and anybody can check your profile to find out whether you are associated.
You could have created another FB account just for these situation instead of waiting.
That's what I've been doing, and I will probably continue to do so since even logging in anonymously on Facebook tells Facebook, and whoever else they feel like sharing it with, e.g. advertisers, that I logged in.
Isn't that against FB TOS? Also, what a pain - at least per-site pwds are easily managed via 1Pass or LastPass, but having dozens of FB pwds sounds crazy.
214 comments
[ 3.8 ms ] story [ 383 ms ] threadEDIT: Here's a screenshot -- http://i.imgur.com/p0peJp6.png The best part was the reviews. They were all either 1 or 5 stars. People were shocked it actually worked.
> In a move to bolster its new 'Anonymous' strategy, Facebook has acquired 4chan for $30 billion in an all-cash deal
> "It's been an incredible journey", said 4chan founder Christopher Poole at a press conference in Menlo Park, CA. "Our anonymous users have been the driving force behind 4chan, and we look forward to bringing that experience to Facebook"
[edit 2:38 CDT to add the string "/app"]
Which barely more invasive than telling them you breathe air, no?
I'm curious what happens to functions inside the app that need identity. Do they work as normal but the app developer can't see the information? Or does everything the user does prompt for a login, so the app developer can be pretty assured that nobody will go for any length of time using the app before they give up and log in?
They store everything even when purporting to have deleted it and privacy is contrary to their underlying core business.
Privacy and Facebook is an oxymoron
I can only think of LinkedIn which rather fails at the family / friends segments.
Pure auth has value to developers who want to verify a user without requiring a handshake of verifying an email address, having to manage against spam accounts, and so on. Yes it's possible to have multiple facebook accounts, but there's significantly more friction in facebook's system than in any home-rolled system you're going to come up with. While at the same time, significantly less friction from a "steps the user has to take to log into your app" point of view.
It's another developer option, one flavor among many, that developers can use to make it easier for users to log in. Given the reality that most people actually do use facebook, I think it's kind of interesting.
I'm getting a little tired with how out of touch people on HN seem, especially with regard to things like Facebook. Guess what: the majority of FB's user base does not care about privacy as much as you do. Even people who do care to an extent, and don't implicitly trust FB, are at least comfortable with some level of interaction and sharing on the platform. Anon login is targeted at people who are comfortable with what they share with FB, but are wary of giving their personal info to some random app they want to try.
I'd disagree too, I know many non-HN people who would be happy to switch to something else but Facebook is the incumbent.
I don't disagree with the idea of a "Anon Login" whatsoever, that is a good idea.
Maybe I'm misreading you, but it sounds like you believe that upvotes on HN allow you to infer something meaningful about what real, normal people believe. Don't make that mistake. You'll be in for a rude awakening if you do.
I don't mind this behavior/attitude of not caring because it has allowed many people to experiment with actively exfiltrating data out from behind these walled gardens through various means (some of which have been posted to HN from time to time over the years) without bothering going through OAuth and the like. And increasingly, users behind many of these walled gardens will see the false sense of security they have been offered when people/companies other than facebook can actively leverage and profiteer from "their" data. Once the data is out in the wild, whether facebook gives permission or not is moot.
People don't tell you anything, they don't have a way to do it. Facebook just does whatever it wants without caring about the users, lets cut the BS.
This is not, actually, the first time Facebook has enabled this level of granularity, as far as users being able to grant permissions piecemeal.
It used to be (not sure if it still is) that an app could request one permission here, one permission there, at various points in its application flow. But with each request (in which you could bundle a bunch of different permissions) it was either an "all or none" decision for the user.
This new approach just makes things a little easier, because you can present all of the permissions and data request up front and let the user pick and choose what should be granted.
I think this Facebook thing is really going to take off one day.
I also develop an application that uses Facebook login, and we (using django-social-auth) request one set of permissions initially, and request more later if the user wants to do advanced stuff.
I guess I just don't see the point of requiring a user account if it isn't adding value to either the user or the app creator.
One more reason not to use Facebook as a login mechanism I guess.
Logging in to a site provides more value than just sharing personal information. For me, I rarely, if ever, want a site to know my personal information. That's why I rarely use Facebook login service. Now I will.
As a programmer, I surely hope you don't think the only purpose of user accounts is to gain personal information.
Hacker News does not ask for personal information. Does that mean we shouldn't have to log in on HN?
I think he's looking at it from a product/sales lead perspective. HN isn't trying to sell us anything.
It adds plenty of value for the user: they get a logon to the app which allows them to keep information across sessions, while not providing the app vendor any information unnecessary to that function.
It provides a authentication as the same person without providing identification of who that person is.
Now, obviously, anonymous login provides less value to app developers who are using using logins to harvest personal information from users, but then, that's a plus for users.
Specifically, he wants some contact information so he can follow up with a lead, which I think is reasonable. Your average customer may not have time to put much effort into a product/service search and a (relevant, informative) follow-up email can be very helpful.
Ideally you do want what's best for the user, but if more revenue is coming in from the old, non-anonymous method, adoption of this one may be slow or limited.
Now if the app creator has a way to push a message back to the user (fb message or something) without knowing who they are, that might be a good compromise.
Now, if I could log into Facebook without giving them access to my data, that would be a killer feature.
When the http request is made to facebook, they get their domain cookie back which has your user info in it. On top of that, when their javascript runs they get full access to all the data of the window that made the request meaning they get the other site's cookie as well absolutely everything else.
If you don't want to be tracked by facebook online, you only have a few options. Disable cookies, disable javascript, or only login to facebook in an incognito window. Otherwise, they can track exactly who you are and where you go on any site that makes any request to facebook. Even still, if any request is made to facebook, they can still anonymously track you even if you aren't logged in.
As for apps, I don't think the facebook api would be able to find out the specific usage of the app unless the app purposefully gave it up, although they would know when you login.
I logged out after that, and rarely log back in. I know that's only part of the battle, but it's something. As a result, if a platform requires a Facebook login, I probably won't use it.
You're only choice now is to not use apps that display FB ads.
Before, login with Facebook provided a better and more convenient user experience. Now it just seems clunky. Without the information that we get from Facebook for a user that decides to sign in with Facebook, we don't even have a user.
Of course let's see how they implement it. If the process is too complex, it won't work for users. Given their reputation on privacy - it will be hard to recover. But (almost) no other company has as good a shot at this opportunity.
What we really need is a decentralized identity platform.
Basically its what Facebook is proposing but we do background checks on the accounts to ensure they aren't bots. Our privacy policy will be a lot more serious too. No marketing or targeted advertising.
I am the author of http://platform.qbix.com, and it includes decentralized identity. Each app can run on its own machine/cluster, and communicate with other apps. Each app is itself a user in Q.
When a person using a user-agent authenticates with an app, they can either do it natively (providing, say, their email address) or they can select an external app that they already logged into. The user-agent stores the domain of that app, and it's a simple matter of doing oAuth with that app. Except, of course, the user id isn't given out by the user's "home server" but instead a different "xid" (stands of external id) is given to each consumer app.
In short, an app can start life as a consumer of identity and eventually offer to provide identity. The identity provider doesn't just support oAuth, but ideally would allow the user to publish streams that others can subscribe to and view, import contacts and manage access control (privacy) based on those contacts and labels. Finally, they should be able to connect endpoints (such as their mobile phone, email, facebook account etc.) to receive notifications sent to their account by some apps they've authenticated with.
Whenever an app would need to display personal information back to a user, they could do it without ever knowing their personal info: http://www.faqs.org/patents/app/20120110469#b
What do you think?
In the future we might also encrypt this stuff so governments and others can't get it by simply breaking into the database. I don't have any expertise in this last part, so if anyone does I'd be curious to learn.
If you use facebook login for your site then you are shooting yourself in the foot if you care about users.
I'm guessing 'What is the point of this?' got you but reading that closely is more this: not everyone is sold on the idea of FB in general as the answer to anything so an alternative product doesn't do him any favors. Like trying to sell someone who doesn't want to drink a smaller bottle of alcohol.
I don't want to sign in with Facebook full stop. I really agree that you shouldn't force people to use a third party service to sign in.
If you're contemplating login, please consider people like us! Do Facebook login as your MVP but please do consider us!
Isn't that what we are doing - we are expressing our views on a site that targets startups, site and app developers who might be considering what login technology to use?
Afterall, those sites are under construction - they have not been created and developers can weigh the pros/cons. A site that has already been created that only offers Facebook login, I cannot use. Hence our dilemma and the importance of expressing our views in this message board.
Edit: Parent deleted so this reply may not make sense.
Let me re-emphasize. That's the point you and parent are not trying to let go. FB has no part in saying sites must use us. It is a platform. If you don't want your site to offer FB login, then don't. People out there want to use it and appreciate every new bit of privacy added to fb login, great.
You and parent are both thinking that it is Facebook's fault that third-party service providers are offering FB login.
Is it FB's fault that your favorite website is only accepting user comments unless you login with a FB account? No!
FB has done its good part. I am not here to argue with you or anyone about whether FB is respecting users' privacy and security demand. But now FB gives developers a new login option so that a site can allow users to do something like leaving a blog comment without revealing personal information such as name to the website. FB has done its good part as a platform.
If your website only offers facebook as the only option, that is not FB's fault. Should a website offer more login options? Why are services related to programming and source code usually come with a twitter or github login option instead of facebook? Because nowadays programmers tend to have a Github (or Bitbucket) account.
So why so much negativity around this new feature?
To use an analogy: we have small cars and someone is trying to sell us a big car. We're saying: 'What's the point?' because our desire and needs are already met by something else we have in mind. We see the product as missing a feature or not adding anything extra to the table. Think of it like wanting a mail provider that offers POP but not IMAP. I want one that uses IMAP - am I wrong?
I do not see this as negativity: it's just healthy disagreement. Otherwise every comment here would look the same.
It is unfortunate that the product we're talking about is offered as an alternative to the real thing (Facebook Connect) and it is what a developer would consider using to avoid writing their own login system. The offering does not meet our needs.
What is the point of this? I don't want to have to login with facebook at all. .
and then his reply,
Then use one of the other implementations. The problem is it being facebook, not the concept.
It's basically anti-Facebook login sentiment to me. Fine, I respect that. But,
If you use facebook login for your site then you are shooting yourself in the foot if you care about users.
You can't shoot yourself in the foot if your audience of your service can choose. As I said before, people who only offer FB as a login/sign up option is not FB's fault. In fact, any websites that don't offer the vanilla username/passwrod signup & login mechanism isn't FB's fault. So don't mix that issue in any discussion related to FB's new login mode here.
Now moving to yours:
We are hoping they choose not to use the platform _exclusively_ or as a substitute for their own login.
I will take it as you don't want to use any website not providing the vanilla username/password signup-login, right?
So again this has NOTHING to do with FB and its news announcement.
the product we're talking about is offered as an alternative to the real thing (Facebook Connect) and it is what a developer would consider using to avoid writing their own login system.
I am confused here. Do you like FB connect and like it over anyone's custom login system?
What exactly do you and parent want from Facebook's login and from app developers?
Has anyone actually tried using this?
1. anyone who wants to use a site has to create an account with a fb "anonymous" login. there would be no more "free" access" because then you can start to tie free user behavior to actual conversion.
2. Once the user wants to pay, this is tied to giving more information--at least name and email address.
Will be interesting to see the details, because tying free behavior to conversion is a holy grail for marketers.
Though they now need to educate users so that they don't still feel that their privacy is being violated.
http://en.wikipedia.org/wiki/Facebook_f8
I love the name F8. It's a great play on words.
An example: I've wanted to try out https://giveit100.com/ since launch, but have been waiting for an alternative sign-in.
Thanks FB!
That's what I've been doing, and I will probably continue to do so since even logging in anonymously on Facebook tells Facebook, and whoever else they feel like sharing it with, e.g. advertisers, that I logged in.