Slashdot Mirror
Facebook Removes Firewall from Applications
NewsCloud writes "Last week, Facebook quietly removed sign-in restrictions that previously hid third party applications from the public Web. In other words, Facebook now allows its third party applications to be viewable on the Web by anonymous visitors and indexable by search engines. Web developers can now build an application using Facebook's platform usable by anyone on the Internet — not just Facebook members (e.g. the Lending Library). In doing so, developers can leverage Facebook's login and registration as well its other platform services, which are becoming increasingly substantial. Facebook may be trying to gain advantage as a universal authentication gateway for public Web applications. If successful, it could further hamper efforts to establish OpenID. This will also help the company break out of its earlier AOL-like walled-garden strategy."
Facebook users organize a mass protest against this change in 5... 4... 3... 2... 1...
Perhaps Facebook (backed by Microsoft $) is now looking to get its apps in other places in order to compete with Google's OpenSocial, maybe?
To hell with the analogy to AOL's "walled garden", I envision some more akin to a burning garden if a major security incident were to occur after widespread adoption of this platform for single-signon functionality. This is the same reason I have always been opposed to Microsoft's ambitions for using their Passport system for wide authentication; my objections had very little to do with my political opinion of Microsoft (which isn't terribly high, but that's beside the point). Diversity in any system is good for competition, and limits the damage any one exploit can cause.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Does this strategy protect the Facebook users' data from being seen by non-Facebook users at the Facebook API level? By this, I mean that Joe Internet User cannot see my data on the Facebook application, and that Facebook is held liable for this, not the application developer? If this cannot be guaranteed, it looks like I might be removing most of my applications, no matter how useful they may be. I trust Facebook a whole lot more than I trust individual people.
Colin Dean Go a year without DRM
like me, started using facebook because it's a walled-garden with well segregated networks? I mean, I don't want to pervert457 or randomperson223 to be able to view my profile, or try to flood my inbox (or wall, I suppose). Maybe I am mis-informed, but that's how I perceive MySpace from a lot of media reports including here on /.. Now-a-day, facebook seems to become exceeding bloated with random apps. I just want to check what's up with my friend and his profile takes eons to load (partly his fault of course). I also start to notice that my "notification" are filled with (non-deleteable) items for ads (just saw a Blockbuster one).
Oh yeah, and this is hilarious...youtube video
The only possible interpretation of any research whatever in the 'social sciences' is: some do, some don't
instead of http://facebook/ use https://facebook./ They don't advertise it, but there it is. It doesn't protect anything but your password, however. After sign in you're off of SSL.
Given my experience of coding a facebook app, you have to guess at so much information because it's so poorly documented (esp. the security/authentication stuff) that this is extremely likely.