Will Facebook Become the Net's SSO? 314
lordDallan writes "Simson Garfinkel at MIT Technology Review muses on the idea of your Facebook account becoming an 'Internet Driver's License', ruminating on the idea of an individual's Facebook login becoming their single sign on for the web. I say NO THANKS!!"
Like a bridge over troubled water... (Score:5, Funny)
My single-site login would be the sound of silence, as I have no Facebook account.
Re: (Score:2)
I never understood the mark of the beast folks, (Score:4, Interesting)
...but I kind of do now.
Re:I never understood the mark of the beast folks, (Score:5, Informative)
So the mark of the beast is Mark Zuckerberg?
No he's the Antichrist. Try to keep up. The Mark of the Beast is having a Facefuck account.
Re:I never understood the mark of the beast folks, (Score:4, Informative)
You do realize that there are far better places on the net to archive your images, given that you can't be bothered to do it yourself?
Also, that when you get caught peeing on a bush, drunk, or "interface" with a girl an hour the wrong way over an arbitrary age line, or just get too many spam emails with Unsavory Images in them, and consequently receive your highly coveted "sexual offender" listing, facebook will toss you out and your pictures in the trash, right?
Oh... and there's always that whole feature when "facebook goes away" due to hardware failure, natural cat-ass-trophy, EMP, solar flare, etc... that your photos will also be the first to not get restored, because they weren't, and aren't, important to facebook in any way, shape or form? Another reason to use a photo-centric site which *depends* upon keeping your photos.
Re:I never understood the mark of the beast folks, (Score:4, Funny)
what is wrong for facebook.
I, for one am happy that pictures from my teenage years will be archived.
And yes I am a teenager.. yeah typical facebook user... suck on that.
Ahh, the wisdom, careful planning and immaculate grammar of youth.
If FB does become the SSO, at least do it right... (Score:5, Insightful)
If FB becomes the Net's SSO, it better have the following features, or else people are betting their privacy and reputation on something quite unproven:
1: Ability to have two factor authentication. OpenID isn't perfect, but one can use a VASCO token with it. The cream of the crop would be SecurID tokens. Of course, using SMS or apps on Android/iOS/BlackberryOS/etc. would be useful too.
2: If a site asks for authentication via FB, a way to ensure that the login page is genuine. PayPal is good at this. I worry about people getting spoofed by a SSL page with a FB login that isn't really from FB proper.
3: Better password recovery in case tokens get lost/stolen. At the minimum, better questions than "what is your dog's name?" Of course, the answers to these are stored as mentioned in #4 here.
4: Solid password storage. Crypto 101 here: You never store a password. Ideally, you never store a result value. What you store is some known text encrypted with the password hash (hashed a number of times to slow down brute forcing). TrueCrypt's password mechanism is the best out there.
5: A third party vetting this security mechanism. This doesn't need to be FIPS compliant (it should be though), but at least have some validation from an independent source that the authentication is done right, the data center is secure, etc.
6: SSL with all contact throughout the authentication process. This is a basic thing, but for performance reasons, sites don't like using SSL unless forced to.
7: Ideally, posting the SSL keys on some other source, so one can tell if a CA is spoofing the cert or not.
8: It's corny, but consider a unique login picture per user that is used at some sites, Yahoo being the most widely used. This way, when you enter your username, if you don't get the picture, you likely got phished.
9: Store passwords of unlimited length. I've seen too many sites which ignore any characters after the eighth one.
10: Have the ability to turn off third party logins either temporarily or permanently. For example, if one is going on vacation with no Internet connections, the ability to disable SSO logins until they come back is a solid security measure.
Re: (Score:3, Insightful)
If FB becomes the Net's SSO, it better have the following features, or else people are betting their privacy and reputation on something quite unproven
So we can pretty much assume that people will sign up for this by the million...
Re:If FB does become the SSO, at least do it right (Score:5, Insightful)
Re:If FB does become the SSO, at least do it right (Score:5, Insightful)
Especially considering that FB is one of the most unethical companies out there.
Re: (Score:2)
Re:If FB does become the SSO, at least do it right (Score:5, Insightful)
Re: (Score:3)
At the risk of appearing blunt / insensitive / blablabla - you possibly would miss him much less without reconnection?
Re: (Score:2)
Way overcomplicating things...
Add RSA key generation and X.509 issuing as standard on all browsers. Provide easy tools for copying these keys & certificates around. Present them when connecting to a web site. Bingo, website knows you're the same person that last presented that certificate, in a secure fashion, with no/minimal user interaction required.
Oh, and the remote site can't fake your credentials from what you sent them.
Re: (Score:2)
Client cert security is great in that respect. A website can keep track of the cert ID by itself, and it doesn't really matter what the CA says, wrong cert == no access. Plus, no passwords are ever exchanged, so all a blackhat can do is just grab your public key, and hope for a quantum computing breakthrough.
The downside of client cert security are two factors: First, one doesn't want to tie all their stuff to one cert, so one needs to have the ability to make multiple certificates. Second, is moving th
Re:If FB does become the SSO, at least do it right (Score:5, Interesting)
I wish people would stop thinking this is useful.
Any phishing site worth its weight in salt will simply pull in your picture from the real site and display it to you.
I've created example sites to demonstrate this very issue with Bank of America's system which does this.
The picture is essentially public information since you don't have to actually authenticate in order to see it so anyone can see it and redisplay it too you.
Re: (Score:2)
In fact, if they spent half the time they did on that idea instead convincing people to use better browsers and pay attention to the address bar and SSL warnings...
Re: (Score:2)
Re:If FB does become the SSO, at least do it right (Score:5, Insightful)
It won't become the internet's SSO, simply because it requires way too many companies to willingly put way too much power into the hands of a partner that probably does not have their interests at heart. Microsoft already tried a passport years back.
At best, it will become a secondary feature on some websites, but not a required one.
I don't even trust OpenID, much less Facebook. Plus, I'm not going to let a host of important accounts be compromised by a single sign in -- it would be fine for forums and the like, but not anything of even moderate importance.
Re: (Score:2)
Out of curiosity, why don't you trust OpenID? What is there to trust?
Re: (Score:2)
OpenID lets you use _any_ provider, even own installed on your server. Google does implement their own provider, but you're not forced to use it.
For example, my OpenID URL is http://andreparames.com/ [andreparames.com], which is a website that I control.
Try StackOverflow's login system for a nice example of a URL based login.
Re: (Score:3)
1 single point of failure, outside of your control.
You can host your own OpenID server, if you wish, and use that with any site that allows the use of OpenID for logging in (assuming they aren't 100% lame and restrict the server URLs; if they do that, don't use the site). If that doesn't constitute control, I don't know what does. Since the authentication point is a (particular kind of) website, you can use the usual methods for replicating it.
Of course, for these things you'll pay (whether in money, time or effort) but I'm assuming that you believe that it
Re: (Score:3)
You are as wrong as it is possible to be with a statement that simple.
It's not a single point of failure. From the standpoint of availability, nothing prevents an OpenID provider from implementing something as robust as any website, and websites don't generally have single points of failure either. From the standpoint of control, nothing forces you to choose one OpenID provider over another, or even setting up your own.
So no, it's not "outside of your control" -- nothing prevents you from setting up your ow
Re: (Score:2)
Erm... nearly all of that can be done with OpenID/OAuth. Why have a single point of failure when we don't have to?
Re: (Score:2)
(hashed a number of times to slow down brute forcing)
Hashing a password multiple times does absolutely *nothing* to slow down brute forcing. Each brute force attempt still has a 1/2^n chance of succeeding.
Re: (Score:2)
OpenID allows you to use _any_ auth system, it only depends on the server implementing it.
8. Won't work. The phisher will use your data to login to the real site, copy the image and show it to you on their page.
10. if you control you OpenID auth URL (even if you then redirect to another provider using meta tags), that's very easy to accomplish - just take the page/server down.
Re:If FB does become the SSO, at least do it right (Score:5, Insightful)
Personally, I'd never want one entity to have the keys to the kingdom. Not MS with Passport/.NET, not FB, not OpenID, nobody. I'd rather use passwords that can be memorized, a password list stored on my smartphone, or passwords stored in Firefox. I rather pack my own parachute than have not just my ID from FB connected with tons of sites, but possibly my password.
However, if people want a SSO, with their eggs in one basket, lets at least have the basket made from something stronger than crepe paper strips and a generic white glue.
This is already happening where sites depend on another for authentication. If you want Cydia to recognize you and allow you access to purchased apps, you have to authenticate from Google or FB. Someone hacks the account that the Cydia stuff depends on, they can lock a person out of hundreds of dollars of purchased items, or even possibly rack up significant charges if an Amazon login is tied in with that.
Ideally, if a website is constructed from scratch for others to use it as a SSO, it should have not just top notch security (goot luck with this, as most PHBs view security as having no ROI), as well as allow for multiple personas with no way that subscriber sites, either by ad cookies, Flash shared objects or other means can tie the personas together. If a site can't offer this, they at least need to be able to deal with multiple users from the same person.
One entity? (Score:2)
In the first sentience, you suggest that you don't want any one entity storing all your passwords. How is trusting Firefox or your smartphone service provider not entrusting all your passwords to a single entity?
Re: (Score:2)
Offsite place != password list on browser. For most sites, having the password list stored encrypted in a Web browser is likely more secure than just bouncing off of a remote site that has unknown security habits. For all we know, a site people use for logins could just be storing passwords in crypt (3) format, max 8 digits, or even plaintext with some XOR secret sauce thrown in.
Security is as good as the weakest link in the chain, and I tend to trust the machine I'm on more than I do some provider who re
Re: (Score:3)
OpenID isn't a "one entity", it's a protocol. You can run your own OpenID server if you want to, or do as I do, which is implement the "redirection" mechanism (my webpage URL is the login entry-point, but redirects to a different provider for authentication). That way, you can change providers at any time without losing access to anything.
Re:If FB does become the SSO, at least do it right (Score:4, Informative)
It's one entity. "Entity" is a flexible word, you know.
The problem is that you are ambiguous by changing the type of entity you're talking about in the middle of the sentence. First you give MS and FB as examples, therefore I think it's not my fault that I infer that you're talking about single providers, which OpenID has none, instead of "a single set of credentials".
Somebody compromises that and you're done with no ability to perform damage control.
If you run your own provider and/or entry point you can shut it down. In my case, I can physically pull the plug and cut their access - the server runs in my home.
You can sing the merits of OpenID all you like. If they have a marketing team maybe you can join up with them.
FFS, just because I said what I said, doesn't mean I consider it the best authentication solution ever. In fact, I agree that long, random passwords for each website are more secure than any of these SSO solutions, and I wouldn't use OpenID for any important login.
Having said that, I think SSO is a convenient solution for the hundreds of websites that ask me to register, and force me to have a password manager which is annoying when I'm accessing the web from different devices, including public computers.
And from all the SSO solutions, OpenID is the only I like, since it's not tied up to a single company or authentication system and I have more control over it than using Google's, for example.
You have still failed to address the core problem with it as a scheme just as you have failed to comprehend what the issue is about.
I understand the issue. You're right, by reading your first line I didn't think that was the issue you were referring to - but I don't agree that it was my fault alone.
This isn't the first post I've seen from you that demonstrates your inability to read a post and reply to what it was actually talking about.
Maybe if you bothered to login I could say the same.
Re: (Score:2, Funny)
Re:If FB does become the SSO, at least do it right (Score:5, Insightful)
If multiple people use the same computer- it gets worse.
There is another level where it *requires* that you give it a unique phone mobile number and locks your account until you do. If you put in a number, it sends you a text with an unlocking code.
Fortunately, you can simply create a new account (but good bye farmville, citiville, etc. anything you spent time on to get progress) and point all your friends to your new account. the old account can still be seen but you can't log into it without giving your mobile phone number.
Facebook is so untrustworthy with my personal information and privacy that there is NO WAY IN HELL that I want it to be my SSO provider.
I don't even like the concept of SSO because if ANYONE breaks it, you would be massively screwed all over the place. i want a private signon at my bank, my medical pill companies, my pharmacy, my car company, etc.
Facebook Soaks Up More Free Publicity! (Score:5, Insightful)
There's nothing novel or technically interesting about Facebook. It is not the be-all and end-all of useful tools. It's a way to build a vanity page for people who are too lazy to learn HTML. The appeal to lazy stupid people who hate learning something new is the only reason it became known to the mainstream popular media. That's all it is and ever was. End of fascination. Can we stop trying to find uses for it that have nothing whatsoever to do with its intended purpose? I mean hammers make wonderful paperweights but they're a lot more useful for driving nails.
Re: (Score:2)
There's nothing novel or technically interesting about Facebook. It is not the be-all and end-all of useful tools. It's a way to build a vanity page for people who are too lazy to learn HTML.
Hrm... I actually use Facebook as a news aggregating tool. All websites have a FB stream these days and it is an easy way to keep track of game development and patches as I'd rather not frantically hit F5 on some forums everyday to see a dev blog or patch notes that may only happen once a month. Its an easy way to stay
Driver's License Photos (Score:4, Insightful)
I don't know if we could honestly implement this in any serious way. I know that 90% of what I post to Facebook is little more than crap, lies, and flamebait to prank my friends on the internet. There's nothing like watching one of your good buddies get all worked up over a Youtube video that doesn't really mean anything. Most of my FB contacts are aware of the nature of my profile, and, therefore, take my senseless BS tongue in cheek so it works out okay. If that profile starts being used as some sort of license (to do what exactly, access internet content?) then that license is going to be issued to a person that is fundamentally different in all dealings, social or otherwise, than the person that I am face to face, or, hell for that matter, different than even my Slashdot user account.
One of my coworkers likes to say that the thing people tend to forget is that the internet isn't real. I would say that goes doubly so for user made pages like Facebook, where you can post whatever you want after a healthy dose of Photoshop, trolled Wikipedia references, and sketchy video editing techniques.
Re: (Score:2)
My intentions for posting were basically: I read the summary. I had an idle thought where I fondly remembered how bent out of shape some people would get over embarrassing driver's license pictures. My brain made the connection that there are a lot more embarrassing pictures on people's facebooks account. It amused me to think about being an old codger one day and looking back on the good ol' days of crappy d
Only a driver's license? (Score:3)
Microsoft issued me a Passport [passport.net] in about 1995.
It gets me into everything...that Microsoft controls that links up with it. Which is to say, a lot of stuff I haven't logged into since about 1995.
Re: (Score:2)
Facebook?! Really?! (Score:4, Insightful)
"...whether the Internet needs an "identity layer"—a uniform protocol for authenticating users' identities..."
Supplied by a top-5 candidate for privacy destruction? So we've had big computing companies battling it out to be the Web Gatekeeper, and they want to go "C-Other-Give it to Facebook" ?!
Re: (Score:2)
Supplied by a top-5 candidate for privacy destruction?
Naturally. Which respectable, honest and sane company that delivers a product to YOU would build their business model on the concept of letting you build Stasi-like files online for you and your friends with them?
Simson is no expert (Score:5, Insightful)
I am posting anonymously because he knows me and I know him
Simson is brilliant and understands technology well, but he is one of those people for whom you "have to hold the bus" as another article puts it.
He tends to get too excited about technology and he misses many of the human factor issues.
For example here he gets all excited about using Facebook as a form of identification, but then he points out that Facebook is very quick to revoke your account. What good is identification if it can be revoked? If it really is "identification" then everyone needs to have it. Hey Simpson, did you forget about that?
Re:Simson is no expert (Score:5, Insightful)
Actually, it seems to me that Garfinkel is conflating identification with authentication, when the two are not the same thing.
As other people have mentioned in this very same thread, it can be very difficult to tell anything about someone based on their Facebook profile. The classic example (with any kind of online forum) is a man masquerading as a woman, to mess with people or for whatever reason. If you can do that -- if it's really easy to do that -- then what you have is not a form of identification. It is a form of authentication -- it gets you logged onto the forum, but it doesn't really say anything about who you really are.
A driver's license is a form of identification. The government makes you show up, in person, get your photo taken, maybe give them your thumbprint (that's two forms of biometrics, right there), maybe link the database with your Social Security number -- whatever the state has decided is necessary. It's a whole lot different than signing up for a Facebook profile.
Where Garfinkel is getting confused is that while you do use a driver's license as a form of authentication, that's a separate thing from how you use it as a form of identification. When you show your driver's license to the guy at the door of a bar, the guy doesn't care who you are so long as the license looks valid and it says you're over 21. He's counting on the fact that the government issued you the ID -- the trust component -- to establish that you're of legal drinking age; nothing more. When you're stopped by the police, on the other hand, you absolutely are using that license as a form of identification, because the police will radio it in to make sure you really are who you say you are, and to find out some other things about you, as well.
Facebook, as it exists today, has an opportunity to provide the authentication feature, but not the identification feature. As such, if your Facebook "ID" is revoked, it doesn't really matter. It's not like getting your passport taken away; you just lose the ability to do that form of authentication. Because nobody wants your use of their site to be governed by Facebook, every site will offer an alternative way to authenticate (username and password, or whatever). If SSO via Facebook seems to be convenient for people, they will offer that, too.
Yeah, right. (Score:5, Insightful)
As a web application developer... (Score:5, Insightful)
HELL NO
NO.
No, no, no, no, no, NOOOOOOO NO.
NO!!!!
I'd argue against this, but it's just such a giant pile of fail I don't know where to start.
How about this; like hell am I handing Facebook access to every other account I own.
Did I mention... NO?
Re:As a web application developer... (Score:5, Funny)
Re: (Score:2)
Microsoft already tried that (Score:4, Insightful)
Did't Microsoft already try this idea, but the other social networking sites have just left them in the dust. This is almost like Microsoft's VM's . When I heard of that I said, yeh we call that time sharing and we had it in the early 70's with Mini Computers. Now that micro processors grew into that power footprint, they re-discovered an old technology. History does repeat itself in a never ending spiral. One hopes not a death one.
Re: (Score:2)
Did't Microsoft already try this idea, but the other social networking sites have just left them in the dust.
Yes, but they did it the worst way possible.
Require a hotmail or MSN account. Require IE and for most of the usable features. Require the site hosting openID to use IIS and .NET stuff.
Also... It never worked.
Facebook is too low quality a product. (Score:2)
The idea that it might become in any way necessary is ridiculous.
That would kind of be like some one deciding that all tolls should now be paid by text messaging. Yeah, a lot of people text while driving, but not those that know what they are doing. You don't empower an idiotic action.
Not no but HELL NO. (Score:2)
Seriously? On what planet do you live in which anyone with even a quarter of a clue would entrust their entire authentication service to Facebook?
You want single sign on? Its already there. Its called Kerberos, when coupled with a proper DNS setup it provides global SSO, in a secure manner, without handing it all off to one company that everyone has to depend on and everyone gets fucked when they break or get hacked.
Browsers support Kerberos.
Many apps (at least the ones where security actually matters) s
Mark of the Beast! Mark of the Beast! (Score:5, Insightful)
This would be a very bad thing, for so many reasons.
I created a FaceBook account just to prevent others from doing so with my name, with no intention of using it. I never posted a thing, never "friended" anyone, never engaged in any activity whatsoever. Yet all of a sudden when I visit unrelated sites, I'm being greeted by the Facebook account name in various banners, etc. through Facebook's tracking. Deleting the account was a nightmare. I've had to use AdBlock and other anti-spyware software to block *.facebook.com, and I'm sure that even that is insufficient. Facebook has a profile on me, and you just and simply cannot opt out.
In absolute seriousness. I'd sooner trust Ballmer or Ellison than Zuckerberg, and I'd rather not have to trust any of them.
Ballmer (Score:2)
I saw a video of a talk Ballmer had given about a year ago, that was linked on Slashdot. One of the things he said in there was that he and people of his generation are a lot more reluctant to give their personal information out on line, but that his son has no issue putting whatever out on facebook or twitter. The problem is, Zuckerberg is of Ballmer's son's generation (so am I, although I don't fit the mould) and has no problem asking for people's personal information.
I think one of the reasons that MS
Re:Mark of the Beast! Mark of the Beast! (Score:5, Informative)
Yup. With most browser default settings, if you have a Facebook account that you've logged into even once since you last completely cleared your cookies and cache, and you see a Facebook icon on any website you visit, Facebook records that you visited that website (regardless of whether you're currently logged into Facebook or not, it's going by cookie-tracking not login). If the website owner has a deal with Facebook to buy your profile info, your account information (name, location, friends list depending upon the most recent violation of Facebook's privacy policy or security stance, demographic information) are then sent to the website so they can greet you by name and present you with targeted ads.
And then that website visit, added to your history, helps to further refine Facebook's profile on you, and increases its cash value to advertisers. That's a lot of value, and is why Facebook is valued at 50 billion dollars. Each user is worth about 100 dollars to Facebook's valuation. Given the fractions-of-a-penny cost per exposure that bulk advertising costs, you can work out the math to figure out how many times they have to sell you to others to justify that price. You're getting sold more often than a Senator in an election year.
This is an advertiser's wet dream. (Score:3)
Re: (Score:2)
The government's been pretty good with my Driver's License - on the other hand Facebook gave out my email from day one without permission.
Re: (Score:2)
If it was really to be universal SSO that you practically couldn't use the Internet without you can bet the government will have their claws in it so deep, they might as well be running it. So I'd say government run would be better, you'd still have to bend over but at least you're not getting face fucked at the same time.
I love it (Score:2)
when a site I never visited before gives me a personal welcome.
NOT.
This is hardly news (Score:2)
It seems obvious that this is the way Facebook has begun to position itself. It has increasingly encouraged the integration of its features with external websites while simultaneously removing features that allow external sites and applications to integrate with them (boxes and tabs). They already provide an API for sites to use Facebook logins for authentication.
It's either rather short sighted or an extremely wise move. I'm not as concerned about Facebook as some but personally, I hope it fails.
Re: (Score:2)
Facebook and Zuckerberg have been on a non-stop PR campaign for close to a year now. Co-incidentally this started right after the mass hacking of Facebook, and their unpopular changes to their privacy policy. While being perhaps the second most overrated company today (after Apple), I have to admit that this Zuckerberg guy can muster a pretty decent PR/marketing machine. It's been a year of non-stop Facebook, in the news, in the movies, in magazines and even here on Slashdot. Too bad that buzz like this can
In a word: NO (Score:2)
I'm sure they dream of it (or will now), along with every other scheme/scam they've dreamed up, but it Ain't Gonna Happen.
They're riding high right now, on top of a giant bubble. All that means is when it bursts, they have that much farther to fall, taking all their users along with them.
One would think people would learn to stop putting all their eggs along with everyone else's into one giant basket, but I guess it speaks volumes as to the population of stupid people out there.
Re: (Score:2)
I closed my Facebook account 3 years ago when I found out just how easy it was to hack into people's accounts - because my account got hacked. Honestly any company that has grown to that size and completely ignores security is more trouble than it's worth. I'll leave Facebook to middle aged spinsters and divorcees.
Academics (Score:5, Interesting)
So some academic at MIT has "re"discovered the Microsoft Passport, huh? Microsoft wanted a piece of that action over 10 years ago. It didn't work. Everything old is new again... to some people anyway.
Re: (Score:2)
Difference is that nobody could get everyone to sign up for a passport. As much as I despise the site, Facebook ALREADY has the critical mass Microsoft couldn't get.
The trouble with SSO adoption is that most users would arrive at your site, and then need to visit the SSO site to create a login. Granted they'd only need to do this once, for the first SSO site they visit, but its enough of a hassle "right now" for people that it doesn't get rolled out in the first place.
If you start with a site that has the c
Facebook is ready to fall (Score:5, Insightful)
Seriously.
It's in the final stages of a social networking site: where the investors, including some big outside investment firms, try to "monetize" the user base by pulling out all the stops with ads, apps, and selling people's personal information. All that needs to happen is some plucky college kid making his own social networking site, just for his friends on campus, as a way to stay away from all the sillyness of Facebook, and Facebook will collapse within a couple of years. Just like MySpace did.
Re: (Score:2)
The dotcom market has seen this same behavior again and again, and everyone seems to get surprised by it every time. People time and again seem to think whatever is popular at the moment is going to be popular forever, even though history and common sense both tell us otherwise.
In the sage words of Di
uh, already exists... (Score:2)
Re: (Score:2)
Problem with OpenID (Score:5, Insightful)
It's called OpenID, http://www.openid.net./ [www.openid.net] [www.openid.net] move along, nothing to see here.
The problem with OpenID is that, while lots of big sites will let you use your account with that site as an OpenID (acting as OpenID providers), fewer actually accept foreign OpenID for logon.
Everyone wants their accounts to be the web's single-sign-on, but almost no one big wants to accept sign-ons from elsewhere.
No thanks? Not forceful enough. (Score:5, Insightful)
How about "My Ass!"
Or "What's dumbshit for "HELL FUCKING NO" you asshole?"
Or "What kinda goddamn drugs are YOU on?"
Seriously. What sort of intellectual cripple actually thinks (and I use the term forgivingly) using a known privacy offender and security whipping boy like Facebook as a single-sign-on?
Fuck Single Sign-On. It's single point of failure.
hell (Score:2)
no
No (Score:2)
For the record, I do not have a Facebook account.
Ha! (Score:3)
Using Facebook as a SSO. I can nick someone's session cookie if he's on my same network - and yet we can trust the same company which is there to sell your profile information - with out important logins?
Right..
FB doesn't have to ask anyone for that (Score:2)
Really. They can offer this as a service and all the "Internet" that matters to FB-users will use it anyway, safe or not safe.
Roll an alt (Score:2)
Meme (Score:2)
Unless we hit Peak Facebook
Re: (Score:3)
(Satire)
I think his name might manage to infringe copyright on the Simpsons and Simon&Garfunkel at the same time.
(Satire)
OT (your sig) (Score:4, Insightful)
Web 1.0 didn't sell much of anything; it was OUR web. Web 2.0 is when the corporations took over.
Re: (Score:3)
[quote]Web 2.0 is when the corporations took over.[/quote]
I'm not convinced that this is necessarily causal, it is probably a coincidence. Most corporate web sites aren't what I think of as Web 2.0. There were plenty of corporations running the show with "Web 1.0", you couldn't get on the web without using products and services provided by corporations then either. Web 1.0 was also the era of Geocities, Tripod and the like, which wasn't a good thing either.
Before anyone starts getting confused.... (Score:2)
Web 2.0: some guy uploads a set of scripts, which receive and display content passed contributed by end users.
The big money takeover is just a fact of life. All of the older media had their own time before big money; just because George Lucas can top the charts by passing gas into a microphone doesn't mean the common producer can't make his own movies.
Re: (Score:2)
Web 1.0: Content is formatted for human consumption
Web 2.0: Content is formatted for machine consumption
- HTML, JPEG, PNG, GIF, PDF, etc. served over HTTP is Web 1.0.
- XML, JSON, RSS, ATOM, etc. served over HTTP is Web 2.0.
Re: (Score:2)
Web 1.0- the web
Web 2.0- a buzzword with no meaning at all.
Re: (Score:2)
Sites serving data, as opposed to content, to the public over HTTP was a fundamental shift. We can debate the name, but "Web 2.0" was a change in the way the web was used. A name of some sort is warranted.
Re: (Score:3)
"Web 2.0- a buzzword with no meaning at all."
I thought it was a trademark of O'Reilly Media for hyping one of their internet conferences. Why people used it beyond that, I still don't understand. People have been doing "web-2.0"-like-stuff on the internet (user-contributed content on mailing lists & public FTP sites; appliances on the internet (like the CMU coke machines, where even the softdrink delivery guy could update the internet)) long before HTTP was invented.
Re: (Score:2)
Web 1.0 was also the era of Geocities, Tripod and the like, which wasn't a good thing either.
Exactly -- web 1.0 was geocities, web 2.0 is facebook. In my view, web 1.0 was when university sites outnumbered most other sites, and people bitched if there was a single banner ad on a web page. 2.0 was the flashy, ad-laden garbage you see today.
Re: (Score:2)
So waht was web 0.0? I reckon it's what was there when it was all trees in front of my house. And behind it.
Re: (Score:2)
All these commercial websites are web 1.0 compliant
I love this "Internet Driver's License" (Score:4, Interesting)
As provided by Fakebook. They unilaterally rescind this, for posting material counter to Zionist hate and colonial extremism. Or for exposing the criminally fraudulent basis for the Federal Reserve Bank and un-coined "fiat money".
These are both among the many topics that have caused users to find their accounts and groups "disappeared" by Frakbuch.
Fortunately, this nonsense will sound completely foolish in a few short years, as "The Social Network" goes the way of CIS, AOL and MySpace....
Re: (Score:3)
Fortunately, this nonsense will sound completely foolish in a few short years
...mate, clearly you're ahead of your time.
Re: (Score:3)
Web 1.0 = Producers were producers. Normal people consumed and conversed lightly. (News, BB, Chat)
Web 1.5 = Producers were producers and sellers. Normal people consumed and conversed heavily. (Dot-Com boom!)
Web 1.7 = Producers were producers and sellers. Normal people consumed and conversed heavily while trying to be sellers. (Make your own eBay business!!!)
Web 2.0 = Producers were producers and sellers. Normal people stopped trying to be sellers and just produced. Conversation began to lessen since everyon
Re: (Score:2)
Identifier "(Satire)" already declared near line 3. Baling...
Re: (Score:2)
no, that would be:
moxie marlinspike
http://en.wikipedia.org/wiki/Moxie_Marlinspike [wikipedia.org]
bonus points, he looks like a hippie dr. who:
http://www.google.com/images?q=moxie+marlinspike [google.com]
Re: (Score:2)
Re: (Score:2)
Watch out for that new California law though.
Re: (Score:2)
Great, so the ones with thought licenses get run over by the sleep-driving Lunesta users?
Re: (Score:2)
And how do you "give" them your Facebook contact? An email address can just be dumped into the search box and you'll usually get exactly one result if the person is on Facebook. If they're not, you still have their email.
Re: (Score:2)
FB has had a "permalink"-like feature for over a year now.
Re: (Score:2)
"Who doesn't have a FB page these days? It's like not having a computer, almost, as far as they are concerned."
I don't. I wasn't on AOL either nor on Geocities, Second Life or any other of those 36 month wonders.
My Great-Grandmother joined FB last week, that usually means the kids will run as hell RSN.
Re: (Score:3)
We've already seen Peak Facebook.
From here on, it is on its way to becoming another My Space for the meat market crowd. It will always be around I suppose, sort of like AOL.
Whatever is next is will be far more mobile device oriented, far more secure, and sign-on will be handled by credentials management in the device itself.
No need for a single sign for anything on the web any more. The concept is flawed, risky, and un-needed.
Re: (Score:2)
Whatever is next is will be far more mobile device oriented, far more secure, and sign-on will be handled by credentials management in the device itself.
So people will have to copy those credentials manually between devices? And you can sign on through a public/third party access point? How's that any better than today?
No need for a single sign for anything on the web any more. The concept is flawed, risky, and un-needed.
We never had it in the first place. What we had was every site with its own flawed and disconnected authentication system. Single sign-on is only now starting to appear, so I doubt it'll go away soon.
Besides, if you use something like OpenID, nothing stops you from using secure asymmetric key authentication [certifi.ca] for all sites. Most people will sim