Forgot your password?
typodupeerror
Social Networks Programming The Internet IT Technology

Facebook Removes Firewall from Applications 72

Posted by Zonk
from the some-of-those-things-are-pretty-cool dept.
NewsCloud writes "Last week, Facebook quietly removed sign-in restrictions that previously hid third party applications from the public Web. In other words, Facebook now allows its third party applications to be viewable on the Web by anonymous visitors and indexable by search engines. Web developers can now build an application using Facebook's platform usable by anyone on the Internet — not just Facebook members (e.g. the Lending Library). In doing so, developers can leverage Facebook's login and registration as well its other platform services, which are becoming increasingly substantial. Facebook may be trying to gain advantage as a universal authentication gateway for public Web applications. If successful, it could further hamper efforts to establish OpenID. This will also help the company break out of its earlier AOL-like walled-garden strategy."
This discussion has been archived. No new comments can be posted.

Facebook Removes Firewall from Applications

Comments Filter:
  • And... (Score:5, Funny)

    by owlnation (858981) on Friday December 07, 2007 @06:47PM (#21618901)
    Facebook users organize a mass protest against this change in 5... 4... 3... 2... 1...
    • by Anonymous Coward
      They made the mistake of organizing the protest ON Facebook. Oops.

      Now if you'll excuse me, I hear that you can make big money fast by installing this Facebook app called SendMyPersonalInfoToMotherRussia. I wonder what it does?
    • Re: (Score:2, Funny)

      by Anonymous Coward
      By 'organize a mass protest', I assume you mean 'create another "Facebook sucks" group'?
  • Now we just need one or two careless fools coding myfirstfacebookapp to make a mistake and people can cleanup on information collection...
  • by neuro.slug (628600) <neuro__.hotmail@com> on Friday December 07, 2007 @06:49PM (#21618931)
    Perhaps Facebook (backed by Microsoft $) is now looking to get its apps in other places in order to compete with Google's OpenSocial [google.com], maybe?
    • Re: (Score:3, Interesting)

      by Shemmie (909181)
      Add to that CardSpace [netfx3.com]. Facebook allowing the use of CardSpace for sign-in would give Microsoft a hell of a leg-up in the Social Login game.
  • The quote

    AOL-like walled-garden strategy
    makes me wonder. I shudder to think what MySpace would be ... the new Usenet? (NO WAY!)
  • Their next steps should be to create some new secure TCP/IP protocols to replace the outdated HTTP, SMTP, FTP, and so on, while signing in at the OS level.

    Facebook is pretty much going to own.
    • by SnowZero (92219)

      Their next steps should be to create some new secure TCP/IP protocols to replace the outdated HTTP, SMTP, FTP, and so on, while signing in at the OS level.
      They could call it "Microsoft Fista".

      Then again, maybe "Faceter" would be a better name, or a more-web-2.0 "MS Fistr".
  • by palegray.net (1195047) <philip.paradis@NoSpAM.palegray.net> on Friday December 07, 2007 @07:04PM (#21619067) Homepage Journal
    To hell with the analogy to AOL's "walled garden", I envision some more akin to a burning garden if a major security incident were to occur after widespread adoption of this platform for single-signon functionality. This is the same reason I have always been opposed to Microsoft's ambitions for using their Passport system for wide authentication; my objections had very little to do with my political opinion of Microsoft (which isn't terribly high, but that's beside the point). Diversity in any system is good for competition, and limits the damage any one exploit can cause.

    • by icepick72 (834363)
      Microsoft's ambitions for using their Passport system


      Passport effectively died years ago, mostly being used on only Microsoft web properties. Microsoft is now into stuff like CardSpace [wikipedia.org]

    • Re: (Score:1, Offtopic)

      by websensei (84861)
      MOD PARENT UP.
  • by Rinisari (521266) on Friday December 07, 2007 @07:04PM (#21619071) Homepage Journal
    Does this strategy protect the Facebook users' data from being seen by non-Facebook users at the Facebook API level? By this, I mean that Joe Internet User cannot see my data on the Facebook application, and that Facebook is held liable for this, not the application developer? If this cannot be guaranteed, it looks like I might be removing most of my applications, no matter how useful they may be. I trust Facebook a whole lot more than I trust individual people.
    • Re: (Score:3, Insightful)

      by mozumder (178398)
      Applications see people (and their data) that approve the applications.

      So, if a person approves an application, then that application can go ahead and broadcast to the world that person's data.

      • Applications see people (and their data) that approve the applications.

        True.

        So, if a person approves an application, then that application can go ahead and broadcast to the world that person's data.

        Not true. You, sir, are wrong. Allow me to fix that sentence for you:

        that application can go ahead and broadcast to the world that person's first name and maybe profile picture, and nothing else.

        Check out my other post [slashdot.org] for details, evidence, and general proof that this is all a big FUD fest.

    • by Anonymous Coward
      "Of course, we're concerned about our users' privacy, and so the only user-specific data available on public canvas pages will be first name and profile picture (and then only if the user's profile picture is already publicly searchable). But you, the application developer, need not worry; FBML tags will automatically handle privacy rules for you. "

      http://developers.facebook.com/news.php?blog=1&story=57 [facebook.com]
    • by Tom9729 (1134127)
      You shouldn't trust Facebook at all.

      Ever noticed the lack of a "Delete my account" button in the account settings? To get your account (and all of your private information) permanently deleted, you have to _argue with them_ over email.

      I have doubts that they even deleted my information. It's more likely they just said it was all gone to shut me up.

      The moral of my story is that anything you put in to Facebook might as well be viewable by the whole internet. It may not be at the immediate moment, but breaches
      • Ever noticed the lack of a "Delete my account" button in the account settings? To get your account (and all of your private information) permanently deleted, you have to _argue with them_ over email.

        That's not a reason to mistrust them. Poor decision on their part to not include such a thing, but that's not the same as malice.

        The moral of my story is that anything you put in to Facebook might as well be viewable by the whole internet.

        Duh, that's common sense. If you put something on the internet, you should be prepared for everyone in the world to see it.

    • Re: (Score:2, Informative)

      by 5of0 (935391)

      Does this strategy protect the Facebook users' data from being seen by non-Facebook users at the Facebook API level? By this, I mean that Joe Internet User cannot see my data on the Facebook application, and that Facebook is held liable for this, not the application developer? If this cannot be guaranteed, it looks like I might be removing most of my applications, no matter how useful they may be. I trust Facebook a whole lot more than I trust individual people.

      Um, no. The other replies are woefully erra

  • how many of you... (Score:5, Insightful)

    by mathfeel (937008) on Friday December 07, 2007 @07:53PM (#21619525)
    like me, started using facebook because it's a walled-garden with well segregated networks? I mean, I don't want to pervert457 or randomperson223 to be able to view my profile, or try to flood my inbox (or wall, I suppose). Maybe I am mis-informed, but that's how I perceive MySpace from a lot of media reports including here on /.. Now-a-day, facebook seems to become exceeding bloated with random apps. I just want to check what's up with my friend and his profile takes eons to load (partly his fault of course). I also start to notice that my "notification" are filled with (non-deleteable) items for ads (just saw a Blockbuster one).

    Oh yeah, and this is hilarious...youtube video [youtube.com]
    • Re: (Score:2, Offtopic)

      by jhfry (829244)
      I'm not much of a fan of YouTube... most of the crap on there is a waste of bandwidth... but this video is by far the most entertaining and well done piece of web video I have seen on YouTube. Thank you for posting the link!
    • Re: (Score:3, Insightful)

      by maxume (22995)
      I didn't start using either of them(mostly because I'm too old to have started during school and haven't had other reason). It's getting to be pretty clear that published means just that, regardless of any promises that are made. This is an irritating lesson to learn, but it provides an easy to use guideline.
    • Very good video, definitely entertaining; However I don't see another dot-com crash happening. In the 1990's everyone was racing for a piece of the pie because growth was through the roof. Promises were made and money was being handed around before any stability. ATM had severe limitations that hadn't been seen, and many start-ups found out they went the wrong path. Facebook isn't going anywhere. There are so many average users using these social-networks that there is plenty of depth.

      Something bet
    • by Shag (3737)

      like me, started using facebook because it's a walled-garden with well segregated networks?

      It's a what? Since when? Or are you talking about back when you had to have an email address in one of a few hundred .edu domains to join?

      I mean, I don't want to pervert457 or randomperson223 to be able to view my profile, or try to flood my inbox (or wall, I suppose)... Now-a-day, facebook seems to become exceeding bloated with random apps. I just want to check what's up with my friend and his profile takes eons to load (partly his fault of course).

      So... you want better privacy/security controls, but don't want to be notified that 5 of your friends have added the OMG Ponies! app and one of their ponies wants to bite you and turn you into a pony? Read/Write Web [readwriteweb.com] just had a blurb yesterday about Multiply, suggesting that it might be a good alternative.

      (I use both Facebook and Multiply, for different reasons.)

  • A few days ago, I just deactivated my Facebook account just because of crap like this.

    Wrote up a nice little thing about privacy, beacon, blahblahblah. This is yet another issue in likely a long line to come...

    Frankly, IMHO their privacy setup sucks, but since no one (that the site really seems to appeal to) reads news sites that cover Facebook privacy issues, or reads the TOS about information they (the users) provide... People will continue to use it, then bitch when they show up with their personal infor
    • Re: (Score:2, Insightful)

      On the other hand, the sort of personal disclosure we see on facebook may grow into a cultural, society-wide phenomenon. Presumably most people are concerned about information disclosure because of consequences of that disclosure. If there are few consequences, how many people will care? Sure, the HR director who hired me probably looked for my facebook page. But I came across his facebook page entirely by accident, and his is way more revealing of his personal life than mine is. Once the college students o
      • by rahvin112 (446269)
        Your wrong. TMI will always dictate work relationships. In 10 years or so you will understand that you don't want to know that co-worker X (a 45 year old hairy fat man) is into BDSM and oil wrestling. You don't want to know, you don't want to imagine and you have no desire to even have the barest knowledge of certain personal aspects of the people you work with because you will know that it will impede and interfere with your ability to work with them, regardless of how good of a coworker they are. And you
        • by Ash-Fox (726320)

          In 10 years or so you will understand that you don't want to know that co-worker X (a 45 year old hairy fat man) is into BDSM and oil wrestling.

          So far, knowing that doesn't bother me. I doubt my view will change in ten years to the point I find that, that bothers me.

          And you don't want your boss knowing that you "used a lot of hard drugs in college" or that you are an "atheist", because just like your opinion of your coworkers would be colored by that perception, so will your Bosses.

          I don't go around posting

    • Google them, find out all the dirt and print it out, so when they mention your myspace page and say "whats up with the drunk girls" eh, you can pull
      out the print outs and say, "Your file is more dirty Mr, or we could just let this go under the table"
  • OpenID (Score:2, Interesting)

    by pw201 (1081277)
    What's to stop the OpenID people writing something which uses a Facebook app as an OpenID server? Best of both worlds, I'd've thought.
  • by DeionXxX (261398) on Friday December 07, 2007 @09:00PM (#21620067)
    This announcement is for APPLICATIONS. No one is going to see YOUR PROFILE! This allows people without facebook login's to see APPLICATIONS, not read your profile. If they want to use those APPLICATIONS, they will have to sign up. Even if they had a facebook profile, they still couldn't see your profile.

    Ohh and another thing. Potential employers can't see your profile unless they submit a "friend request" and you accept them. So there's no issue with anyone searching google and finding your profile.

    • Re: (Score:3, Interesting)

      by extra88 (1003)

      This allows people without facebook login's to see APPLICATIONS, not read your profile.

      But the first line of every add application agreement is:

      Allow this application to...

      Know who I am and access my information

      Does this not mean the application can read my profile and if it can, could a malicious or careless app developer expose my profile information to the world?

      Potential employers can't see your profile unless they submit a "friend request" and you accept them.

      Or unless you and someone at the company are members of the same network and you didn't change the default privacy settings for that network. Suddenly having an alum from your alma mater working in the H

  • From the article:

    ...so the only user-specific data available on public canvas pages will be first name and profile picture...

    What about information that is included from your account in part of the application? Does this mean that information from Photos, Videos, etc., which Facebook now considers "applications" are indexable in Google or available to non-Facebook users?

  • by coryking (104614) * on Friday December 07, 2007 @10:48PM (#21620751) Homepage Journal
    OpenID is an overly complex protocol that requires a bazillion interdependencies to work right. Worse, it doesn't actually solve the pain. It doesn't solve the trust problem! People want an authentication protocol that has trust. Random URL's are not trust!

    Yeah, I hear you saying "Cory, OpenID isn't about trust". Well than whoopty fucking doo, go away and stop wasting my time. If I cannot have trust, what the hell is the point of OpenID?

    And seriously? URL's as your unique login? What the fucking hell is that all about? 1) URLs are ugly. 2) Mom & Dad dont understand them 3) URLS!?!?

    And a bonus seriously. Having the whole mess ride on top of HTTP as a friggen space age XML-RPC-SOAP-REST thing? Pick something more mature? Why not at least try to sink it down into the HTTP protocol itself? Maybe even invent a new protocol. But layering it on top of an XML RPC protocol on top of HTTP on top of TCP/IP? Are you insane?

    How will this whole damn thing integrate into SMTP or IMAP - will postfix need to learn OpenID and open itself to all kinds of web base security risks? How will I use this to log into SecondLife or World of Warcraft? Do they now have to write a gog damn web stack to authenticate against OpenID? How can it integrate into LDAP or active directory?

    And NONE OF THIS IS EVEN SOMETHING YOU CAN TRUST! It is all worthless!!!

    OpenID does not need facebook for it to fail. OpenID will fail because it is complex, hard to explain, doesn't play with other protocols, difficult to implement, and it is misunderstood by managers, developers, sysadmins, and security experts.
    • by Ash-Fox (726320)

      How will I use this to log into SecondLife or World of Warcraft? Do they now have to write a gog damn web stack to authenticate against OpenID?
      Funny you should say that. There is a web browser built into Second life and Linden lab has been hinting at a webpage authentication system.
  • a-holes (Score:2, Insightful)

    by ImTheDarkcyde (759406)
    Im going to go ahead and be a troll here, so you might just want to skip this comment-

    Fuck anything that throws "open" in front of the name. Fuck openID. Do you want a goddamn pat on the back because you are "open?" On top of that people of slashdot are adamantly against Real ID, which is the same thing to my uneducated eyes, except for in the real world, but hey isn't giving your single password away nowadays the same thing as handing over your social security number, bank accounts, search history, et cet

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...