Yep. For this exact reason. I trust facebook about as much as I trust any other massive, sinister advertising company.
I am already subject to lockin purely because of the social networking aspect - all my friends use it. Why would I want to lock myself in further voluntarily?
And before anyone points out that google is also a massive sinister advertising company, they have shown their commitment to data portability in a way that I presently find satisfactory. FB go to lengths to prevent data portability.
From the user perspective, I don't use Facebook Connect because I don't think a third party site should be given access to any of my Facebook information, nor should Facebook know what other sites I visit.
I'd much rather they all stay ignorant of one another.
I neither have a Facebook account nor do I use Google search for more than hard-to-query searches.
I don't need Google Mail, and I do blog elsewhere than my (rottingly neglected) Blogspot account.
I appreciate that the author has tied himself to those services, and how problematic that becomes when a centralized service goes down for a user.
That is - partly - why I do not do that, preferring the somewhat rougher road of managing my own usernames and passwords, ensuring that my services are split across multiple providers and are not subject to the whims, failures, and vagaries of a single company.
Whether or not it's fair, most people will blame Facebook in a situations like this. Unless they can get security issues under control, they're in for an increasingly rough time ... one more reason I think they're waaaay overvalued at $70B.
there are many things that facebook can and should improve (like enabling https all the time, not as opt in, and not disabling it when you use apps that don't use ssl/tls). that said I'd love if 10% of the web services I use would take security as serious as fb does.
Anyone with some IT background should be familiar with a single point of failure concept. This is why I personally don't use FB Connect, OpenID, etc. If anything goes wrong with your single global login process, you're in trouble. It doesn't matter whether it was your fault or your provider's.
When I create web products, I don't hesitate that much. If people want it and if it can increase signup conversion, then let's roll with it. But I don't use that as an user. A good password manager is more than enough for quick and convenient logging in.
I'm not sure FB is a single point of failure - Twitter signin seems to be nearly as prevalent. In fact, you could probably do something about identity by leveraging these separate identities into one, so that if you lose one (like Om) you wouldn't be separated from your online identity. (Not to mention you could reclaim the failed point based on your other identity components.)
That's vague, but seriously - a "single" point of failure is a business opportunity waiting to happen.
I also don't think that facebook connect poses a single point of failure. If it becomes one then it is not the fault of the identity provider but the fault of the relying party, so if he only uses services that only offer auth via fb, or he did not connect his accounts with other identity providers then he should not complain right?
I liked the article, but I'm curious about the title choice. Why prepend it with 'OM:'? Because the domain is shown on the right, do I really need two sources of authenticity?
I love OM, but if he has no web without FB, than he has some serious issues. Maybe it is really time to realize there is a life away from our computers.
Side note: I am glad HN does not have a FB login rule.
[+] [-] neutronicus|15 years ago|reply
[+] [-] JonnieCache|15 years ago|reply
I am already subject to lockin purely because of the social networking aspect - all my friends use it. Why would I want to lock myself in further voluntarily?
And before anyone points out that google is also a massive sinister advertising company, they have shown their commitment to data portability in a way that I presently find satisfactory. FB go to lengths to prevent data portability.
[+] [-] joe_the_user|15 years ago|reply
I can't imagine what service that require FB Connect are thinking...
[+] [-] nickbp|15 years ago|reply
I'd much rather they all stay ignorant of one another.
[+] [-] simonw|15 years ago|reply
[+] [-] pnathan|15 years ago|reply
I don't need Google Mail, and I do blog elsewhere than my (rottingly neglected) Blogspot account.
I appreciate that the author has tied himself to those services, and how problematic that becomes when a centralized service goes down for a user.
That is - partly - why I do not do that, preferring the somewhat rougher road of managing my own usernames and passwords, ensuring that my services are split across multiple providers and are not subject to the whims, failures, and vagaries of a single company.
[+] [-] jdp23|15 years ago|reply
[+] [-] tosh|15 years ago|reply
[+] [-] racbart|15 years ago|reply
When I create web products, I don't hesitate that much. If people want it and if it can increase signup conversion, then let's roll with it. But I don't use that as an user. A good password manager is more than enough for quick and convenient logging in.
[+] [-] Vivtek|15 years ago|reply
That's vague, but seriously - a "single" point of failure is a business opportunity waiting to happen.
[+] [-] tosh|15 years ago|reply
[+] [-] joe_the_user|15 years ago|reply
And the simple answer is don't use it for anything...
I think only junkies for the latest and greatest actually do...
[+] [-] icco|15 years ago|reply
[+] [-] bhatau|15 years ago|reply
[deleted]
[+] [-] rokhayakebe|15 years ago|reply
Side note: I am glad HN does not have a FB login rule.