Facebook Connect is a great idea, but if you're using it, you should understand that it poses some risks. Essentially, Facebook connect is a service for website developers that allow them to “hook into” your Facebook account.
What the benefit? Imagine you just discover a new great forum on red-haired pets. To participate on this forum, you must fulfill a form, choose a username, a password, write your username, validate your account, blah blah blah...
Now imagine that this forum is using Facebook connect. You login inmediately using your Facebook account. No form fulfilling, no validating your account, no nothing. You saved a lot of time and boreness, and there are other extra benefits. The forum can tell you if you have friends there, for example.
Sounds great. What's the problem?
An act of trust
Essentially, when you register in a site, in any site, you're doing an act of trust. You're giving this site's owners some sensitive data they can misuse. For example, they can try to login to your email account using the same password you used for their site. An account, credit card number or Paypal login details inside this email account and you're screwed.
It's no small act of trust. And almost always, those sites are up to your trust and take responsible care over your data. But using Facebook Connect requires a higher act of trust, and puts yourself in a higher risk.
When you login in this “red haired pets” forum using your Facebook account, you're trusting Facebook even more than you do everyday, but you're also doing other thing: you're giving a complete unknown entity your Facebook login. Why this is a problem?
Scenario 1: you can't trust the forum. The admins of the forum now have your Facebook login and they can enter into your account. They now know everything about you, and a big bunch about your friends. Your photos, your comments, your “five best books of all time”, your “I'm fan of...” connections, your EVERYTHING.
Scenario 2: the site has been hacked. The admins of the forum are honest, but the forum, which is not very secure, has been hacked and someone is getting your identity details. To monetize this hack, this person locks your account and sends you a message telling you he can unlock your account... for a price.
I know it sounds scary. Don't panic yet. The probability of any of these to happen is extremely low, but if you have business presence in Facebook, if you're “playing serious” on the social networks, you have plenty to lose, and this makes you a more “tasty” victim.
OK, you scared me, you bl##&y bas*^rd :P - What should I do?
First, don't panic. Facebook connect is a great idea, and can save you time. I just want you to understand the consequences of using its services. Being screwed for using Facebook Connect is a one-in-a-million shot, but maybe you want to stay safe anyway. If you don't want to take the risk, do those two things:
1 – Change your Facebook password so it's different to the password you use for other forums and websites.
2 – Never login to any site using a Facebook connect. Use the annoying “old school” way and fulfill the registration form. If you want the safe path, there is no other way.
That simple? Well, actually yes. Most hacking attempts are not "real" hacking attempts, they are just traps to make the user give their own data voluntarily, they try to cheat the user so they think they're in a website or they are using an app they can trust (check "spoofing" in Wikipedia for more info on this). You just need to trust a bit less.
Interesting thoughts.. thanks for posting this. Stuff I never really thought about.
It isn't just about misuse of data, it's about online anonymity. When I create a new account for red haired pets I can optionally give a pseudonym, I don't want my comments to get traced back to me. Why would my friends care what I have to say about red haired pets? The mere fact that the site 'can' share data to my main facebook page is appalling. What if I'm doing something I'm ashamed of? like looking at porn or girly movies. What if it's a teenage kid who's gay and hasn't come out of the closet? What if I fear confrontation but still want to voice my opinion? Stupid facebook connect denies me that luxury, it strips me of getting to hide behind an IP address. facebook connect is a very large step in asking the world to hand over its anonymity, for all of their web activity to be indexable against an identity.
We're using facebook connect on our site, and I personally use it to connect to many sites. As far as we know, facebook does not provide any passwords of the connected users. If that were the case, there's no point in using it, and it would've completely failed by now! If you're not already logged in to facebook, the button takes you to the facebook login page (outside the site), you login to facebook, grant basic access to the app (which is authenticated by facebook), and then you're taken back to the original site.
The site gets as much info as the user grants, which is usually basic (name, picture, dob, friends list, etc...), and a Facebook ID number -unique to the user- so that the site can use it to get the info mentioned above, NO PASSWORDS.
The real concern is when a site PRETENDS to be facebook and asks you for your username and password to login (called phishing). That's when your account is in danger of being hacked!
Enviar un comentario nuevo