Facebook Removes Firewall from Applications 72
NewsCloud writes "Last week, Facebook quietly removed sign-in restrictions that previously hid third party applications from the public Web. In other words, Facebook now allows its third party applications to be viewable on the Web by anonymous visitors and indexable by search engines. Web developers can now build an application using Facebook's platform usable by anyone on the Internet — not just Facebook members (e.g. the Lending Library). In doing so, developers can leverage Facebook's login and registration as well its other platform services, which are becoming increasingly substantial. Facebook may be trying to gain advantage as a universal authentication gateway for public Web applications. If successful, it could further hamper efforts to establish OpenID. This will also help the company break out of its earlier AOL-like walled-garden strategy."
Re:hamper? (Score:2, Informative)
Re:plaintext? (Score:5, Informative)
Re:plaintext? (Score:4, Informative)
Re:Security of applications (Score:2, Informative)
As a dev, I can't get any extra data outside of the "garden" of being logged in (see ** below). It's entirely done on FB's side, I don't (and can't) change anything on my end to make private data more available to non-logged-in instances.
I'm pretty sure there is a lot more info out there for a lot of us that first name and a picture. And if you're interested in privacy, you've already got the picture disabled, because otherwise it could show up with a google search.
So I call FUD. For anyone who is remotely concerned with privacy, the data miners get...your first name. Whoop-de-do. And if you're not concerned? They get a picture. Definitely going to be able to steal your credit card info now! I can run your first name through my picture-to-last-name-database and find you!!!!
Sure, Facebook has made some missteps, but they've done a good job of responding when there is an upswell of legitimate protest.
This protest is illegitimate and misinformed, and this feature provides little to no privacy risk.
To summarize: The nasty hax0rs get your first name and, if you don't care about privacy, your picture. And no, there is no way that a dev can give you that information.**
**Okay, they could cache the information from logged in sessions in their db and then present it to you, but that would be a) against the TOS and b) stupid, since only cached data would be available, and if you *really* wanted it, you could just create a FB account. You can argue obscure ways that they could present the data, but in the end, there are a lot easier ways, and this provides no additional security breach.