Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Removes Firewall from Applications

Posted by Zonk on from the some-of-those-things-are-pretty-cool dept.

NewsCloud writes "Last week, Facebook quietly removed sign-in restrictions that previously hid third party applications from the public Web. In other words, Facebook now allows its third party applications to be viewable on the Web by anonymous visitors and indexable by search engines. Web developers can now build an application using Facebook's platform usable by anyone on the Internet — not just Facebook members (e.g. the Lending Library). In doing so, developers can leverage Facebook's login and registration as well its other platform services, which are becoming increasingly substantial. Facebook may be trying to gain advantage as a universal authentication gateway for public Web applications. If successful, it could further hamper efforts to establish OpenID. This will also help the company break out of its earlier AOL-like walled-garden strategy."

7 of 72 comments (clear)

  1. Opens security Nightmare to web by jdh41 · · Score: 2, Interesting

    Now we just need one or two careless fools coding myfirstfacebookapp to make a mistake and people can cleanup on information collection...

    1. Re:Opens security Nightmare to web by Tim+Browse · · Score: 4, Interesting

      Given my experience of coding a facebook app, you have to guess at so much information because it's so poorly documented (esp. the security/authentication stuff) that this is extremely likely.

  2. Scared of OpenSocial? by neuro.slug · · Score: 4, Interesting

    Perhaps Facebook (backed by Microsoft $) is now looking to get its apps in other places in order to compete with Google's OpenSocial, maybe?

    1. Re:Scared of OpenSocial? by Shemmie · · Score: 2, Interesting

      Add to that CardSpace. Facebook allowing the use of CardSpace for sign-in would give Microsoft a hell of a leg-up in the Social Login game.

  3. OpenID by pw201 · · Score: 2, Interesting

    What's to stop the OpenID people writing something which uses a Facebook app as an OpenID server? Best of both worlds, I'd've thought.

  4. Re:What is everyone talking about??? by extra88 · · Score: 2, Interesting

    This allows people without facebook login's to see APPLICATIONS, not read your profile. But the first line of every add application agreement is:

    Allow this application to...
     
        Know who I am and access my information
    Does this not mean the application can read my profile and if it can, could a malicious or careless app developer expose my profile information to the world?

    Potential employers can't see your profile unless they submit a "friend request" and you accept them. Or unless you and someone at the company are members of the same network and you didn't change the default privacy settings for that network. Suddenly having an alum from your alma mater working in the HR dept. is maybe not so helpful.

    Or maybe no one at the company is in your network but they pay an "information broker" who has a corral of stringers on the payroll who are members of many, many networks to view your profile.

  5. Re:plaintext? by lJlolel · · Score: 1, Interesting

    True fact: look at the source. Even at http://facebook.com/ it logs you securely in via SSL.