Facebook Removes Firewall from Applications 72
NewsCloud writes "Last week, Facebook quietly removed sign-in restrictions that previously hid third party applications from the public Web. In other words, Facebook now allows its third party applications to be viewable on the Web by anonymous visitors and indexable by search engines. Web developers can now build an application using Facebook's platform usable by anyone on the Internet — not just Facebook members (e.g. the Lending Library). In doing so, developers can leverage Facebook's login and registration as well its other platform services, which are becoming increasingly substantial. Facebook may be trying to gain advantage as a universal authentication gateway for public Web applications. If successful, it could further hamper efforts to establish OpenID. This will also help the company break out of its earlier AOL-like walled-garden strategy."
And... (Score:5, Funny)
They would, but... (Score:2, Funny)
Now if you'll excuse me, I hear that you can make big money fast by installing this Facebook app called SendMyPersonalInfoToMotherRussia. I wonder what it does?
Re: (Score:2, Funny)
Opens security Nightmare to web (Score:2, Interesting)
Re:Opens security Nightmare to web (Score:5, Interesting)
Re: (Score:2, Informative)
Scared of OpenSocial? (Score:5, Interesting)
Re: (Score:3, Interesting)
Is Facebook the new AOL? (Score:1)
Re: (Score:2)
-kihjin
Re:Is Facebook the new AOL? (Score:4, Funny)
(don't forget to top post [catb.org] over a full quote)
-kihjin
Re: (Score:2, Funny)
Damn I feel old.
As expected (Score:2)
Facebook is pretty much going to own.
Re: (Score:2)
Then again, maybe "Faceter" would be a better name, or a more-web-2.0 "MS Fistr".
Security implications. (Score:4, Insightful)
Re: (Score:2)
Passport effectively died years ago, mostly being used on only Microsoft web properties. Microsoft is now into stuff like CardSpace [wikipedia.org]
Re: (Score:1, Offtopic)
Security of applications (Score:5, Insightful)
Re: (Score:3, Insightful)
So, if a person approves an application, then that application can go ahead and broadcast to the world that person's data.
Re: (Score:2)
You're wrong, and so is the TOS guy. (Score:1)
True.
Not true. You, sir, are wrong. Allow me to fix that sentence for you:
Check out my other post [slashdot.org] for details, evidence, and general proof that this is all a big FUD fest.
Re: (Score:1)
http://developers.facebook.com/news.php?blog=1&story=57 [facebook.com]
Re: (Score:1)
Ever noticed the lack of a "Delete my account" button in the account settings? To get your account (and all of your private information) permanently deleted, you have to _argue with them_ over email.
I have doubts that they even deleted my information. It's more likely they just said it was all gone to shut me up.
The moral of my story is that anything you put in to Facebook might as well be viewable by the whole internet. It may not be at the immediate moment, but breaches
Re: (Score:2)
Ever noticed the lack of a "Delete my account" button in the account settings? To get your account (and all of your private information) permanently deleted, you have to _argue with them_ over email.
That's not a reason to mistrust them. Poor decision on their part to not include such a thing, but that's not the same as malice.
The moral of my story is that anything you put in to Facebook might as well be viewable by the whole internet.
Duh, that's common sense. If you put something on the internet, you should be prepared for everyone in the world to see it.
Re: (Score:2, Informative)
Um, no. The other replies are woefully erra
Profile XML standard any one? (Score:2)
That way moving to new systems would not need to re-enter all the damn info all over again.
Re:plaintext? (Score:5, Informative)
Re: (Score:2)
Re:plaintext? (Score:4, Informative)
Re: (Score:1, Interesting)
Re: (Score:2)
Your (plaintext) login credentials are safe. Someone could still sniff out your cookie data and access your profile without logging in though. They'd be able to do pretty much anything but change your password and delete your account (unless they also have access to your email account to reset your password).
Re: (Score:2)
However, since the login form is presented to you in the clear, you are still prone to a man in the middle attack - someone could intercept the login form and replace action="https://login.facebook.com/login.php" with action="http://bad.website.example/submit".
how many of you... (Score:5, Insightful)
Oh yeah, and this is hilarious...youtube video [youtube.com]
Re: (Score:2, Offtopic)
Re: (Score:3, Insightful)
Re: (Score:1)
Something bet
Re: (Score:2)
Yeah... Almost as tough as it is to restrict your profile to approved friends.
Re: (Score:2)
like me, started using facebook because it's a walled-garden with well segregated networks?
It's a what? Since when? Or are you talking about back when you had to have an email address in one of a few hundred .edu domains to join?
I mean, I don't want to pervert457 or randomperson223 to be able to view my profile, or try to flood my inbox (or wall, I suppose)... Now-a-day, facebook seems to become exceeding bloated with random apps. I just want to check what's up with my friend and his profile takes eons to load (partly his fault of course).
So... you want better privacy/security controls, but don't want to be notified that 5 of your friends have added the OMG Ponies! app and one of their ponies wants to bite you and turn you into a pony? Read/Write Web [readwriteweb.com] just had a blurb yesterday about Multiply, suggesting that it might be a good alternative.
(I use both Facebook and Multiply, for different reasons.)
Facebook... (Score:2)
Wrote up a nice little thing about privacy, beacon, blahblahblah. This is yet another issue in likely a long line to come...
Frankly, IMHO their privacy setup sucks, but since no one (that the site really seems to appeal to) reads news sites that cover Facebook privacy issues, or reads the TOS about information they (the users) provide... People will continue to use it, then bitch when they show up with their personal infor
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
Google the employers (Score:2)
out the print outs and say, "Your file is more dirty Mr, or we could just let this go under the table"
OpenID (Score:2, Interesting)
Re: (Score:1)
http://identitu.de/ [identitu.de]
it uses your facebook profile for exactly that
What is everyone talking about??? (Score:4, Insightful)
Ohh and another thing. Potential employers can't see your profile unless they submit a "friend request" and you accept them. So there's no issue with anyone searching google and finding your profile.
Re: (Score:3, Interesting)
This allows people without facebook login's to see APPLICATIONS, not read your profile.
But the first line of every add application agreement is:
Does this not mean the application can read my profile and if it can, could a malicious or careless app developer expose my profile information to the world?
Potential employers can't see your profile unless they submit a "friend request" and you accept them.
Or unless you and someone at the company are members of the same network and you didn't change the default privacy settings for that network. Suddenly having an alum from your alma mater working in the H
I was wrong about the first part (Score:2)
The rest of my post about how a "friend request" is not the only way to see a profile still stands.
How much is visible? (Score:1)
From the article:
What about information that is included from your account in part of the application? Does this mean that information from Photos, Videos, etc., which Facebook now considers "applications" are indexable in Google or available to non-Facebook users?
OpenID doesn't need facebook to fail (Score:4, Insightful)
Yeah, I hear you saying "Cory, OpenID isn't about trust". Well than whoopty fucking doo, go away and stop wasting my time. If I cannot have trust, what the hell is the point of OpenID?
And seriously? URL's as your unique login? What the fucking hell is that all about? 1) URLs are ugly. 2) Mom & Dad dont understand them 3) URLS!?!?
And a bonus seriously. Having the whole mess ride on top of HTTP as a friggen space age XML-RPC-SOAP-REST thing? Pick something more mature? Why not at least try to sink it down into the HTTP protocol itself? Maybe even invent a new protocol. But layering it on top of an XML RPC protocol on top of HTTP on top of TCP/IP? Are you insane?
How will this whole damn thing integrate into SMTP or IMAP - will postfix need to learn OpenID and open itself to all kinds of web base security risks? How will I use this to log into SecondLife or World of Warcraft? Do they now have to write a gog damn web stack to authenticate against OpenID? How can it integrate into LDAP or active directory?
And NONE OF THIS IS EVEN SOMETHING YOU CAN TRUST! It is all worthless!!!
OpenID does not need facebook for it to fail. OpenID will fail because it is complex, hard to explain, doesn't play with other protocols, difficult to implement, and it is misunderstood by managers, developers, sysadmins, and security experts.
Re: (Score:2)
Comment removed (Score:4, Insightful)
Re: (Score:1)
a-holes (Score:2, Insightful)
Fuck anything that throws "open" in front of the name. Fuck openID. Do you want a goddamn pat on the back because you are "open?" On top of that people of slashdot are adamantly against Real ID, which is the same thing to my uneducated eyes, except for in the real world, but hey isn't giving your single password away nowadays the same thing as handing over your social security number, bank accounts, search history, et cet