Facebook Needs OAuth

    Newer Older

    No no no!

    Featured in Technology Review: www.technologyreview.com/player/07/12/21Naone/1.aspx

    1. gtcaz ages ago | reply

      Cancel your account. Oh, can't? Well, disable it then. (I know, this wasn't what you're getting at, but there's too much that FB got wrong. How can you so badly flub the privacy issue in 2007? Did they think no one would notice or care about the beacon?)

      That said, and to second your point, this would be a perfect application for OAuth.

    2. JosephGrossberg ages ago | reply

      I hereby propose they rename "Friend Finder" to "practice getting phished."

    3. Todd Barnard ages ago | reply

      Isn't Twitter doing the same thing here?

      Is Twitter facilitating phishing?

    4. JosephGrossberg ages ago | reply

      Yes, and Bebo does it too.

      If I'm not mistaken, though, Facebook precedes both of them with this "feature".

    5. Al Abut ages ago | reply

      A lot of sites are doing it because a lot of people have email. OpenID and Oauth both fail the mom test for me - can she grok what it is on her own and visualize exactly what would be useful about it without me sitting next to her to explain it? Email passes that test pretty easily - that's the bar for most people.

    6. factoryjoe ages ago | reply

      Tons of sites do it, and will continue to do it, until we build a better and safer way to do it. Invite by email still rules the roost and will for the foreseeable future, so it's up to us technonerds to make something better that's also EASIER and SAFER to use.

    7. Oferico ages ago | reply

      u rock dude

    8. Al Abut ages ago | reply

      @factoryjoe amen! I wonder - do you have any screenshots mocked up of how you think an oath implementation would go and/or be easier than all this email scanning that's getting more popular?

    9. tommypjr ages ago | reply

      i think that one of the first and most onerous of the instances of this kludge was actually flixster. i love joe, but they figured out early how to 'use' this feature in a less than completely open way such that if you were not very careful, instead of finding friends, the feature spammed them. of course, their early audience was so young that they didnt care so much about this. i'm psyched for openid or oauth...

    10. iamdanw ages ago | reply

      Sites like WAYN and hi5 have been doing it for 5+ years as part of the sign up process if I remmember correctly

    11. tantek ages ago | reply

      This is an example of a social network anti-pattern, in particular the third party password (3pp) anti-pattern.

    keyboard shortcuts: previous photo next photo L view in light box F favorite < scroll film strip left > scroll film strip right ? show all shortcuts