Facebook Connect is a great idea, but if you're using it, you should understand that it poses some risks. Essentially, Facebook connect is a service for website developers that allow them to “hook into” your Facebook account.
What the benefit? Imagine you just discover a new great forum on red-haired pets. To participate on this forum, you must fulfill a form, choose a username, a password, write your username, validate your account, blah blah blah...
Now imagine that this forum is using Facebook connect. You login inmediately using your Facebook account. No form fulfilling, no validating your account, no nothing. You saved a lot of time and boreness, and there are other extra benefits. The forum can tell you if you have friends there, for example.
Sounds great. What's the problem?
An act of trust
Essentially, when you register in a site, in any site, you're doing an act of trust. You're giving this site's owners some sensitive data they can misuse. For example, they can try to login to your email account using the same password you used for their site. An account, credit card number or Paypal login details inside this email account and you're screwed.
It's no small act of trust. And almost always, those sites are up to your trust and take responsible care over your data. But using Facebook Connect requires a higher act of trust, and puts yourself in a higher risk.
When you login in this “red haired pets” forum using your Facebook account, you're trusting Facebook even more than you do everyday, but you're also doing other thing: you're giving a complete unknown entity your Facebook login. Why this is a problem?
Scenario 1: you can't trust the forum. The admins of the forum now have your Facebook login and they can enter into your account. They now know everything about you, and a big bunch about your friends. Your photos, your comments, your “five best books of all time”, your “I'm fan of...” connections, your EVERYTHING.
Scenario 2: the site has been hacked. The admins of the forum are honest, but the forum, which is not very secure, has been hacked and someone is getting your identity details. To monetize this hack, this person locks your account and sends you a message telling you he can unlock your account... for a price.
I know it sounds scary. Don't panic yet. The probability of any of these to happen is extremely low, but if you have business presence in Facebook, if you're “playing serious” on the social networks, you have plenty to lose, and this makes you a more “tasty” victim.
OK, you scared me, you bl##&y bas*^rd :P - What should I do?
First, don't panic. Facebook connect is a great idea, and can save you time. I just want you to understand the consequences of using its services. Being screwed for using Facebook Connect is a one-in-a-million shot, but maybe you want to stay safe anyway. If you don't want to take the risk, do those two things:
1 – Change your Facebook password so it's different to the password you use for other forums and websites.
2 – Never login to any site using a Facebook connect. Use the annoying “old school” way and fulfill the registration form. If you want the safe path, there is no other way.
That simple? Well, actually yes. Most hacking attempts are not "real" hacking attempts, they are just traps to make the user give their own data voluntarily, they try to cheat the user so they think they're in a website or they are using an app they can trust (check "spoofing" in Wikipedia for more info on this). You just need to trust a bit less.
Interesting thoughts.. thanks for posting this. Stuff I never really thought about.
Post new comment