Facebook Removes Firewall from Applications 72
NewsCloud writes "Last week, Facebook quietly removed sign-in restrictions that previously hid third party applications from the public Web. In other words, Facebook now allows its third party applications to be viewable on the Web by anonymous visitors and indexable by search engines. Web developers can now build an application using Facebook's platform usable by anyone on the Internet — not just Facebook members (e.g. the Lending Library). In doing so, developers can leverage Facebook's login and registration as well its other platform services, which are becoming increasingly substantial. Facebook may be trying to gain advantage as a universal authentication gateway for public Web applications. If successful, it could further hamper efforts to establish OpenID. This will also help the company break out of its earlier AOL-like walled-garden strategy."
Security implications. (Score:4, Insightful)
Security of applications (Score:5, Insightful)
Re:Security of applications (Score:3, Insightful)
So, if a person approves an application, then that application can go ahead and broadcast to the world that person's data.
how many of you... (Score:5, Insightful)
Oh yeah, and this is hilarious...youtube video [youtube.com]
Re:how many of you... (Score:3, Insightful)
What is everyone talking about??? (Score:4, Insightful)
Ohh and another thing. Potential employers can't see your profile unless they submit a "friend request" and you accept them. So there's no issue with anyone searching google and finding your profile.
Re:Facebook... (Score:2, Insightful)
OpenID doesn't need facebook to fail (Score:4, Insightful)
Yeah, I hear you saying "Cory, OpenID isn't about trust". Well than whoopty fucking doo, go away and stop wasting my time. If I cannot have trust, what the hell is the point of OpenID?
And seriously? URL's as your unique login? What the fucking hell is that all about? 1) URLs are ugly. 2) Mom & Dad dont understand them 3) URLS!?!?
And a bonus seriously. Having the whole mess ride on top of HTTP as a friggen space age XML-RPC-SOAP-REST thing? Pick something more mature? Why not at least try to sink it down into the HTTP protocol itself? Maybe even invent a new protocol. But layering it on top of an XML RPC protocol on top of HTTP on top of TCP/IP? Are you insane?
How will this whole damn thing integrate into SMTP or IMAP - will postfix need to learn OpenID and open itself to all kinds of web base security risks? How will I use this to log into SecondLife or World of Warcraft? Do they now have to write a gog damn web stack to authenticate against OpenID? How can it integrate into LDAP or active directory?
And NONE OF THIS IS EVEN SOMETHING YOU CAN TRUST! It is all worthless!!!
OpenID does not need facebook for it to fail. OpenID will fail because it is complex, hard to explain, doesn't play with other protocols, difficult to implement, and it is misunderstood by managers, developers, sysadmins, and security experts.
a-holes (Score:2, Insightful)
Fuck anything that throws "open" in front of the name. Fuck openID. Do you want a goddamn pat on the back because you are "open?" On top of that people of slashdot are adamantly against Real ID, which is the same thing to my uneducated eyes, except for in the real world, but hey isn't giving your single password away nowadays the same thing as handing over your social security number, bank accounts, search history, et cetera?
Comment removed (Score:4, Insightful)