OpenID is the worst possible "solution" I have ever seen in my entire life to a problem that most people don't really have.
A nerd will wrinkle up his nose at these [non-OpenID] solutions and grumble about the "security vulnerabilities" (and they'll be right, technically) but the truth is that these solutions get people into the site and doing what they want and no one really cares about security anyways.
Let's think about that one for a second. I find this rather typical of Facebook's attitude in general—a monomaniacal focus on increasing engagement or whatever metrics, a complete disregard for externalities and an arrogant rejection of any sort of social responsibility. This is what makes them so successful as well as so dangerous to the rest of the ecosystem.
He talks about a problem that most people don't have, and then goes on to state nerds turn a nose up at "security vulnerabilities".
At the core, it's a problem that most people do in fact have, it just is not presented to them in a fashion that is easy to digest, or even tasty enough to consider ordering from a menu. The typical computer user doesn't think about what happens to their password in transit, they enter it, hit enter and say a short prayer that they didn't typo so they can get where they want to go, and get on with life.
If the openID marketing initiative focused MORE on the "stop remembering passwords" a little harder than they had, maybe it'd still be relevant outside of tech circles.
And furthermore, building on the "solution [...] to a problem that most people don't really have"
Didn't Facebook essentially go about solving that "problem" themselves, albeit packaged up in a nice wrapper with your friends and social profile as the adhesive tape?
A rejection that's also just flat wrong in some places. Sure, the first OpenID-enabled site you visit asks you to set up an account on a 3rd-party service. Once you've done that, all subsequent OpenID sites require no new accounts. So it's a one-time cost.
The thing that amuses me is the more Facebook attempts to become the monolithic center of identity online, the more people I know have multiple accounts or simply stop using it altogether. Of late I keep hearing of people setting up 'throw away' Facebook accounts for services that require it. A single identity is fundamentally at odds with the way people work, the more this is pushed, the more people will shy away or hack around it and in the process the more damage Facebook will do to it's much-vaunted social graph.
Is the "account" unity so relevant for Facebook? If you use the same IP and same password, and have regular login patterns, it's probably easy to identify same people having multiple accounts. I think Google already can do that BTW.
Facebook Connect is winning for more reasons than a great consumer experience. It is also a great publisher experience.
1) Facebook Connect provide access to real identity (as opposed to an anonymous token) and they actively try and weed out bad actors
2) Facebook social plugins are easier to use than OpenID
3) Facebook Connect provides distribution of content to people that trust the user (on average 150)
4) The users Facebook profile provides usable insights to the publisher for targeting and follow on marketing
In order for something like OpenID, Google Login, Yahoo Login, Twitter @anywhere, to beat Facebook they need to provide a competitive set of functionality to the publisher and equal ease of use to the end user.
I've got 34 fake Facebook accounts now, and counting. They all have "lives", they all have friends, and so far Facebook hasn't removed a single one of them. None of them are real, none of them have phone numbers. Some of them are used simply to prove a point to various friends that they don't check who they friend too closely, and I use them for websites that require Facebook logins to comment.
1) It provides access to real identity as much as a fake e-mail account. 2) There are plenty of easy to use pluggable OpenID widgets. 3) Not true. The content is just drowned out by all the other noise generated by all the other publishers clamoring for attention. 4) 5 items from my Amazon shopping list provide more insight than my entire facebook profile.
Facebook Connect is no better than the open alternatives to identity management but as usual the open alternatives have a PR problem because the user experience is just as seamless but somehow publishers are convinced that flooding the user's facebook stream is going to bring them traffic.
I intend to retain my independence on the Internet! None of this "cloud" stuff for me! I will have nothing to do with Facebook, and their identity monopoly. I would much rather just start my own blog:
My WordPress.com site can always be transferred to a host of my choosing (especially if I register a similar domain name) (and not at giant GoDaddy).
I simply will not post on sites that require Facebook, or Blogger, or Yahoo! accounts to log in. Period.
Except for banking (which I try to avoid online) and really special logins, I simply use one very-hard-to-crack password for everything, like "bluefrogsridelogsatsunset". People argue about how hard it is to crack passwords, and what kinds of passwords are secure, but I'm pretty sure that no one (except perhaps the government) can really crack a password such as the one above. This solution is good enough for me!
> I simply use one very-hard-to-crack password for everything, like "bluefrogsridelogsatsunset".
I suggest using the master password to manage other passwords (Browser might have a password manager, Keypass or other tons password managers). Sony, Newegg, Facebook and some other companies can see passwords in plain text which could be used in conjunction with your email or similar contact methods to infiltrate your account.
It seems to me that Google, with it's popular browser and web services, is ideally positioned to popularize an account manager protocol. And with the heated competition with Facebook, they've got just the right motivations.
TL;DR - agreed, I expect the government will eventually force Facebook to open up and support a common federated social networking standard.
As spullara explains below, Facebook's monopoly has come because Facebook Connect is an all-round better product. Publishers get access to easy syndication ("oh, you just joined XYZ? Here are some badges; want to share them on Facebook and let your friends know about us?") as well as higher-quality users overall (Facebook accounts tend to be real). Users get a single login from a service they (mostly) trust and easy integration with their social network ("oh, John's using turntable.fm too? Sweet!").
The brilliance of Facebook Connect is the tie-in of syndication with identity. Logging in with Facebook is a better experience than just registering, for all parties involved. This is why Facebook Connect works and why MSN Passport failed a decade ago.
The monopoly side of things is going to become a problem in the coming years; I for one expect federal intervention in the form of mandating a common federated social networking platform (a la, but not necessarily, via the protocols developed by diaspora). Federation and decentralization is what happened with phones and with email; if Facebook/social networking-style communication is the next generation, it seems like a reasonable next step.
Most users will never tell the difference, at first - Facebook will remain their default client both for login and for reading friends' profiles and news feed. With time, however, competitors will begin to emerge and offer alternate interfaces for either news feed filtration or for identity, opening up space for innovation in a place once dominated by one or more entrenched players (Firefox vs IE, Gmail vs Hotmail/Yahoo/AOL). Early adopters will be using social networking tools but will be able to seamlessly interoperate with people still on Facebook.
Perhaps I'm naively optimistic, but I'd be excited for a future like that. For now, though, I'll stick to Facebook Connect - the bigger it gets, the more likely regulation will occur.
I expect the government will eventually force Facebook to open up and support a common federated social networking standard
Seriously? This will never, ever happen.
Ever, ever, ever.
That's just not how life works. Or businesses. Or how the US government works. It's the total antithesis to the American ideals. It wouldn't even have a chance of happening in social democracies in Europe, let alone America.
I’ve always found OpenID’s lack of similarity to email adresses immensely stupid. Email adresses is infrastructure that isn’t going away any time soon, and your grandma might have had a chance of actually using OpenID if she didn’t have to type something long and completely unfamiliar that last time I checked necessarily begins with http://.
whenever possible I create a separate account for each web service. I'm very aware of the downsides of managing separate accounts and logins but I refuse to host my whole identity with one company. I just doesn't seem right to entrust most of my digital life into the hands of a single private or public company. there shouldn't be a single institution which holds that kind of information - not even a government.
One group wants Facebook to control identity, another OpenID, another Twitter, and another wants the federal government to impose identity requirements.
They all have in common that individuals no longer have control over their own identity. Instead they must cede power over their lives to others who pull the strings.
There is no need for identity providers. The entire concept is totalitarian, offensive and horrific.
If we think about real life, you need an identity for things like passports, state benefits and some other stuff but with normal things like shopping you don't need an ID at all.
So if I go to a shop and buy a tshirt then I have done that pretty much anonymously but if I buy on a website that requires a Facebook connect login then I have given way more information about myself.
Can we really say it's a "monopoly"? I would agree if users had been brainwashed to the point where they would refuse using anything else than Facebook Connect, but, as the authors mentions, there are a lot of possible alternatives for them to use (or they can roll their own).
There is no real Facebook monopoly imposed on website publishers -- there is just a monopoly imposed on the users of those websites where Facebook connect is the only option or the only visible option. I agree that it's a concern, though.
[+] [-] randomwalker|14 years ago|reply
Some quotes:
OpenID is the worst possible "solution" I have ever seen in my entire life to a problem that most people don't really have.
A nerd will wrinkle up his nose at these [non-OpenID] solutions and grumble about the "security vulnerabilities" (and they'll be right, technically) but the truth is that these solutions get people into the site and doing what they want and no one really cares about security anyways.
Let's think about that one for a second. I find this rather typical of Facebook's attitude in general—a monomaniacal focus on increasing engagement or whatever metrics, a complete disregard for externalities and an arrogant rejection of any sort of social responsibility. This is what makes them so successful as well as so dangerous to the rest of the ecosystem.
[+] [-] iamdave|14 years ago|reply
He talks about a problem that most people don't have, and then goes on to state nerds turn a nose up at "security vulnerabilities".
At the core, it's a problem that most people do in fact have, it just is not presented to them in a fashion that is easy to digest, or even tasty enough to consider ordering from a menu. The typical computer user doesn't think about what happens to their password in transit, they enter it, hit enter and say a short prayer that they didn't typo so they can get where they want to go, and get on with life.
If the openID marketing initiative focused MORE on the "stop remembering passwords" a little harder than they had, maybe it'd still be relevant outside of tech circles.
And furthermore, building on the "solution [...] to a problem that most people don't really have"
Didn't Facebook essentially go about solving that "problem" themselves, albeit packaged up in a nice wrapper with your friends and social profile as the adhesive tape?
[+] [-] elehack|14 years ago|reply
[+] [-] msy|14 years ago|reply
[+] [-] gabaix|14 years ago|reply
[+] [-] maigret|14 years ago|reply
[+] [-] spullara|14 years ago|reply
1) Facebook Connect provide access to real identity (as opposed to an anonymous token) and they actively try and weed out bad actors 2) Facebook social plugins are easier to use than OpenID 3) Facebook Connect provides distribution of content to people that trust the user (on average 150) 4) The users Facebook profile provides usable insights to the publisher for targeting and follow on marketing
In order for something like OpenID, Google Login, Yahoo Login, Twitter @anywhere, to beat Facebook they need to provide a competitive set of functionality to the publisher and equal ease of use to the end user.
[+] [-] X-Istence|14 years ago|reply
[+] [-] ddphone|14 years ago|reply
Facebook Connect is no better than the open alternatives to identity management but as usual the open alternatives have a PR problem because the user experience is just as seamless but somehow publishers are convinced that flooding the user's facebook stream is going to bring them traffic.
[+] [-] blues|14 years ago|reply
https://en.wordpress.com/signup/
My WordPress.com site can always be transferred to a host of my choosing (especially if I register a similar domain name) (and not at giant GoDaddy).
I simply will not post on sites that require Facebook, or Blogger, or Yahoo! accounts to log in. Period.
Except for banking (which I try to avoid online) and really special logins, I simply use one very-hard-to-crack password for everything, like "bluefrogsridelogsatsunset". People argue about how hard it is to crack passwords, and what kinds of passwords are secure, but I'm pretty sure that no one (except perhaps the government) can really crack a password such as the one above. This solution is good enough for me!
[+] [-] Joakal|14 years ago|reply
I suggest using the master password to manage other passwords (Browser might have a password manager, Keypass or other tons password managers). Sony, Newegg, Facebook and some other companies can see passwords in plain text which could be used in conjunction with your email or similar contact methods to infiltrate your account.
[+] [-] snprbob86|14 years ago|reply
OpenID has proven to be too damn complicated. Mortals can't understand it.
Mozilla's Account Manager seems like an awesome solution: http://hacks.mozilla.org/2010/04/account-manager-coming-to-f...
It seems to me that Google, with it's popular browser and web services, is ideally positioned to popularize an account manager protocol. And with the heated competition with Facebook, they've got just the right motivations.
[+] [-] Joeboy|14 years ago|reply
I think it's more that mortals see no reason to bother understanding it. It's conceivable that lulzsec etc might help change that.
[+] [-] AlexeyMK|14 years ago|reply
As spullara explains below, Facebook's monopoly has come because Facebook Connect is an all-round better product. Publishers get access to easy syndication ("oh, you just joined XYZ? Here are some badges; want to share them on Facebook and let your friends know about us?") as well as higher-quality users overall (Facebook accounts tend to be real). Users get a single login from a service they (mostly) trust and easy integration with their social network ("oh, John's using turntable.fm too? Sweet!").
The brilliance of Facebook Connect is the tie-in of syndication with identity. Logging in with Facebook is a better experience than just registering, for all parties involved. This is why Facebook Connect works and why MSN Passport failed a decade ago.
The monopoly side of things is going to become a problem in the coming years; I for one expect federal intervention in the form of mandating a common federated social networking platform (a la, but not necessarily, via the protocols developed by diaspora). Federation and decentralization is what happened with phones and with email; if Facebook/social networking-style communication is the next generation, it seems like a reasonable next step.
Most users will never tell the difference, at first - Facebook will remain their default client both for login and for reading friends' profiles and news feed. With time, however, competitors will begin to emerge and offer alternate interfaces for either news feed filtration or for identity, opening up space for innovation in a place once dominated by one or more entrenched players (Firefox vs IE, Gmail vs Hotmail/Yahoo/AOL). Early adopters will be using social networking tools but will be able to seamlessly interoperate with people still on Facebook.
Perhaps I'm naively optimistic, but I'd be excited for a future like that. For now, though, I'll stick to Facebook Connect - the bigger it gets, the more likely regulation will occur.
[+] [-] mattmanser|14 years ago|reply
Seriously? This will never, ever happen.
Ever, ever, ever.
That's just not how life works. Or businesses. Or how the US government works. It's the total antithesis to the American ideals. It wouldn't even have a chance of happening in social democracies in Europe, let alone America.
Ever.
[+] [-] IvarTJ|14 years ago|reply
[+] [-] jcfrei|14 years ago|reply
[+] [-] bugsy|14 years ago|reply
They all have in common that individuals no longer have control over their own identity. Instead they must cede power over their lives to others who pull the strings.
There is no need for identity providers. The entire concept is totalitarian, offensive and horrific.
[+] [-] nametoremember|14 years ago|reply
So if I go to a shop and buy a tshirt then I have done that pretty much anonymously but if I buy on a website that requires a Facebook connect login then I have given way more information about myself.
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] vnchr|14 years ago|reply
[+] [-] ddphone|14 years ago|reply
[deleted]
[+] [-] gallerytungsten|14 years ago|reply
[+] [-] a3_nm|14 years ago|reply
There is no real Facebook monopoly imposed on website publishers -- there is just a monopoly imposed on the users of those websites where Facebook connect is the only option or the only visible option. I agree that it's a concern, though.