Facebook Connect: Good or Evil?
A few of us here have been having a little debate about Facebook Connect after Will circulated a link to an article claiming that, three weeks after launch, 100,000 people have used the service to sign into participating sites such as Joost and Vimeo and suggestions were made to add this to a future version of this very website.
Er. What?
Let’s backtrack. Facebook Connect is a service that allows Facebook members to sign into other participating third-party websites using their Facebook ID; then actions taken on that site are displayed to their Facebook friends via their news feed – in effect turning the 3rd party site into a giant Facebook application.
Sounds lovely? Well yes, but it doesn’t come without niggles.
Firstly, it’s not open. As supporters of openness we should consider long and hard whether we want to introduce another closed ID system. I really wish OpenID sorted itself out in terms of user friendliness (and, in an ideal world, Facebook could use that). Facebook Connect very much reminds me of the closed-wall environments of AOL and Compuserve in the mid-1990s. I’m quite certain I, for one, don’t want to return to that era.
The problem with OpenID is that it is, arguably, complicated for the average Joe to implement with no clear value to them. Any (security unconscious) Joe with a Facebook account already would see the option and say, “Ooh, I’ve already got a Facebook login. Maybe I’ll use that.”
Which brings us onto point two: While there is no argument that Facebook Connect is a simpler experience from the user’s point of view, as Steve very rightly pointed out, Facebook Connect uses the dreaded “password antipattern” — it prompts users to log in from a third party site, therefore encouraging phishing. Yeah, that problem Twitter was having recently.
Here’s what you could have won
What Facebook should have done was implemented the login using the OAuth standard. OAuth is a 3rd party authorization pattern whereby the user authorises the third-party website on the first-party website itself. Moo.com has a very good example of this in action where it seamlessly integrates with your Flickr account. Dopplr does it too. Moo and Dopplr never ask for your Flickr username and password, they pass you over to the Flickr website first for authorisation.
My opinion? Facebook Connect probably will win out and gain a lot of users — initially — with an open standard winning further along the line. I also hope Facebook realise their phishing-endorsing ways and adopt a better method of authorisation very soon.
Early non-technically minded net users were happy to live in the simplified, “safer”, crusts-cut-off walled garden of AOL et al, but eventually learned that the real, open internet was a lot more fun.
Certainly, a decentralised, portable, ubiquitous web isn’t really such when your data is held in one place by one commercial organisation.
Trevor May wrote this on 08.01.09 – 1 comment
It's filed in the Development, Social networks, User experience box
On January 12th, 2009 at 1:34 pm, Mark responded:
Spot on. Whenever I read about a web service I try and contextualise it in terms of how I behave or know other people to behave and I simply don’t use something like OpenID. I’m too use to using the profiles I already have set up for the key sites I use and don’t appreciate the ‘benefits’ of having one ID enough to break the habit.
Wired.com commented that even savvy users just didn’t really ‘get it’:
http://www.webmonkey.com/blog/Yahoo_Users_Befuddled_by_OpenID