Slashdot Mirror
Gawker Media To Require Commenters' Facebook, Twitter, Or Google Logins
First time accepted submitter wynterwynd writes "In a move that seems to be in line with Gawker Media founder Nick Denton's opinion of his sites' commenters, some Gawker Media sites are now instructing their commenters that they will have to link their Gawker commenter ID with their Facebook, Twitter, or Google accounts in order to log in. Is this really a good idea, considering the security issues Gawker has had in the past? Per the article, for 'security purposes' Gawker is 'putting our account security layer in the hands of some of the best in the business — major sites with more security expertise and resources than anyone else on the web.' To my mind, it's hard to see this as anything but a grab to milk Gawker commenters' social networking accounts for targeted ad revenue — which really shouldn't be a surpirse considering Denton's contempt for most of the Gawker community. Is this a step too far for an online community? Is it a cash grab or a genuine effort to encourage secure and responsible posting?"
Add Gawker to the same list the New York Times is on. That is, "pass."
Nothing like gawker having been hacked before to highlight how bad this is, as appropriately noted.
All this says to me is "don't go to gawker websites or participate in their comment system because it sucks". Is it that hard to figure out when "web 2.0" is a good and/or a bad idea in 2012?
Frost prist!?!
The days of Anonymous Cowards are seemingly coming to a quick close. This abdication of authentication authority seems in-line with the overall garden walling of various sections of the Internet, operating systems, and devices.
nebulo
I already don't comment on most sites which require a login (/. is an exception) -- but I can't even imagine wanting to link my personal social media account with a commenting account. What a horrible idea.
The privacy issues alone are a big deal, but sometimes you want to say something that you can't have directly linked back to yourself (for various reasons). I'm not defending criminal activity or hate speech, but I could think of examples where expressing your view could cause issues because of your religion / country of residence / association with others etc.
Call me naive, but I have no idea why websites like using other social networks for authentication. Is there something so secure that I can trust Facebook with any and all logins and passwords for not just me, but all my users?
Yes, FB and Google have two factor authentication as options, but when it comes to making sure my users have basic security, I'd rather pack my own parachute, and have a dedicated appliance store username/password hashes so if someone owns the rest of my boxes, they can't just scoop out passwords that can be used at other sites.
Maybe this can be a market niche -- a site offering not just OpenID, but a custom API like the old Microsoft Passport allowing people to authenticate from that site, optionally using an app or SecurID key fob.
I refuse to link facebook or twitter or any other account that has my real name. If I can't login under an Email handle/alias then I simply don't post on that website.
Sorry gawker. You lost my business/ad views.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
The summary, as you might expect, is a little off.
What's happening here is that Gawker is switching from its own account system to using the accounts of existing social services (Google, Facebook or twitter). This is not them asking for your account but rather asking you to AUTHORISE gawker's access to your account details. If this is an issue, please go talk to Disqus or even Twitter/Facebook/Google themselves, who also let you "link" accounts from other services, as well as a bunch of other sites. This is the way the web is going and is nothing new.
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
Just because you let Google handle the login doesn't mean Gawker gets anything more from you than an email address which you were already obligated to provide in the past. And since Gmail is already great at handling spam, there is precious little opportunity for Gawker to profit from this by selling your email address. Spamming Gmail accounts is already a fools errand.
At least in Google's case, they glean nothing either, other than the fact that you use Gawker, but any advertising revenue that comes to google via that knowledge goes to Google, and not Gawker. All they provide Gawker is a YES or NO answer when you ask to log in.
Given the rapidity with which one can create gmail/facebook/twitter accounts it won't assure "secure and responsible" posting either. Its easy enough to have an account that is reserved for such postings, even one per web-site if you want.
All this does is allow Gawker to off-load all user account stuff to some other entity, making them less of a hacking target, because there will be Nothing Much There to Gain. (Some would say this is an attribute of Gawker Media in general.) Having one less web site holding my passwords in an insecure database is a plus as far as I am concerned.
Sig Battery depleted. Reverting to safe mode.
I really wish someone would buy Lifehacker. I really like it but not Gawker.
Coder's Stone: The programming language quick ref for iPad
So what about those like me, who don't have an account on those social sites?
I'm on the Internet where I'm going to sign up for Facebook, Twitter, Gawker, ETC, let them all build a marketing profile off me, let them build a record of my email addresses and friends/associations, allow them to build a psych profile, allow them to determine my worth, and finally I'm going to give them all that for free.
Goldman Sachs referred to their clients as "muppets" I wonder what the above refers to their customer as...
"If any question why we died, Tell them because our fathers lied."
Seriously? Given how many people happily make wall posts that range from the simply offensive to the downright illegal?
Gawker already uses tracking from Google, Facebook, Quantcast, Dedicated Networks, Comscore Beacons, Google Analytics, ChartBeat, DoubleClick, Parse.ly, New Relic. (Abine.com has a tool to detect and block such things.)
Now Gawker wants an anal probe, too?
Just use your fake facebook page for your logon. Don't have a fake facebook account? Well that sounds like a personal problem. Poison the data well, make fake accounts. Garbage in, garbage out.
> I have no idea why websites like using other social networks for authentication
It's just a way to remove a barrier to entry. Everybody already has a Facebook, Twitter, or Google ID. It's easier (and arguably more secure) to authenticate through one of those services than to ask the user to make and remember yet another set of credentials. There are other reasons as well, but this one is a biggie.
Didn't you read TFS?
Gawker is "putting our account security layer in the hands of some of the best in the business — major sites with more security expertise and resources than anyone else on the web."
You can rest easy, HBGary is on the case!
"When information is power, privacy is freedom" - Jah-Wren Ryel
on telling us your devs are not capable of doing their jobs and letting me know I can't use your site because I don't want to use any of the social sites.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
There are many good reasons. If I were building a new web site from the ground up, I'd probably only allow Google/FB authentication. If I had an existing web site with local authentication, I might switch and I'd definitely prefer Google/FB auth.
You have to analyze the decision from a business/marketing perspective. Site specific logins are a barrier to using any web site. If it is just one click to login with Google/FB you will get a lot more users, it's as simple as that. And returning users have a big barrier to remember username and secure password, particularly if you put onerous restrictions on password strength.
Then there are other softer costs. Managing passwords is troublesome, sometimes requires customer service to intervene or lose users. If you get hacked, you'll have a PR nightmare. Security is hard, better to let someone else with a dedicated staff do it.
And that doesn't even go into the benefits of using social network authentication, like being able to better quality information about those users and get them to draw other users from their network in.
...how fast I would be barred for commenting with a twitter handle "IReallyHateGawker"
What do I know, I'm just an idiot, right?
After all the warnings from about not using the same password on multiple sites the New Hot Thing(tm) is to use a single logon like facebook or google.
If that's guessed or compromised, it can be used at many sites.
How is that any less of a security problem?
The fuuture: "We at Crudnblood Bank value your security. Please log in to your account with your Facebook or Google login."
They likies the monies.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Denton: "The idea of capturing the intelligence of the readership — that's a joke."
...
Ok, I admit, I find some interesting stuff on occasion on Lifehacker, but that aside, with the insidiously moronic nature of the typical Kotaku article, churned out 3 or 4 times per hour, who else does he expect to comment on such contrived stories as this:
http://kotaku.com/5567040/star-treks-levar-burton-is-not-pleased-with-e3
Or just posting random unnamed sources with PS4 specs that sound absurd. No one would get into a protracted, irrational debate about that, based on idle speculation
http://kotaku.com/5896996
And here's a real think piece from Gawker.com today:
gawker.com/zooey-deschanel
Can't believe more rocket scientists and doctors aren't jumping in to elevate the conversation...
And this is why I avoid them like the plague.... Well that and the political smear story they ran a couple years back.
Careful what you say around me.. I will assume you mean it.
I've got other places to be.
bah.
Now this is a site that insists on registration.
Exactly.
Gawker gets nothing more than your email address (which they already used to require). They ask google if you are who you say, and google logs you in. Gawker never gets your google password, and stores nothing on their own servers (they don't even have to store your gmail address, because your browser will do that for you). At most, Gawker gets a YES or NO, and maybe the name you signed up to Gmail with.
This makes any site more secure, because you have nothing there for hackers to steal.
Sig Battery depleted. Reverting to safe mode.
Just because you let Google handle the login doesn't mean Gawker gets anything more from you than an email address which you were already obligated to provide in the past.
The only situation where that is true is where you previously provided them an email that was already associated with a social networking account (like GMail is). You could avoid providing Gawker with information about your social networking account by using an unrelated email account. No you know longer have that option. You must authenticate using some method which tells Gawker the account you use for social networking. And this is useful information to them. Gawker advertizes on Facebook, this indirectly gives them access to demographics information about the accounts they are advertizing to, which they can now link with Gawker accounts.
All this does is allow Gawker to off-load all user account stuff to some other entity, making them less of a hacking target,
Except research is showing that outsourcing this task is more difficult than people think. Sites that do so are more likely to make a mistake that results in a data breech than those who use their own in-house authentication. Any sort of cross-site integration is tricky from a security point of view, and this is no exception. They haven't made things more secure, they have just introduced another point of failure.
1. I don't even link my Pinterest boards with my Facebook account.
2. I've never visited gawker until just now, to see if it could possibly be worth the trouble. Answer is no.
deleting the extra space after periods so i can stay relevant, yeah.
I now require Gawker Media to link their lips to my ass.
There...I've just changed my TOS agreement to reflect this change in policy. Their continuing to exist represents their assent to this binding legal contract (and by the way, they also agree to give up any right to legal recourse beyond binding arbitration before a panel made up of me).
I can't tell you how much richer my life has become since I've decided to jettison any commercial entity who I believe is hostile to my best interests. I'm saving thousands of dollars in money and hours of time by simply categorizing any corporation that wants to treat me like a commodity as officially dead to me. Putting all these commercial entities on a permanent pay-no-mind list is incredibly liberating and exhilarating.
There are still enough companies that have a business model where they provide a product or service for a reasonable price which I choose to purchase that my new policy of erasing entire categories of corporations from my life has not meant any deprivation to me at all.
I once used Ghostery and Ad-block and such in judicious manner, choosing only to block corporations whose infractions were egregious. Now, I just block everything and only let through the corporations that I want to support - those that do not require a direct hook-up to my private life because...because fuck you. Surprisingly, I do not miss the "richer end-user experience" that those direct hook-ups provide. Now, I don't care at all that my little decision doesn't mean squat to these corporations, or whether anyone else decides to do as I have done. I don't care because I'm doing it entirely for my own benefit, not to change their behavior or to convince anyone else. Just for me.
You are welcome on my lawn.
Call me naive, but I have no idea why websites like using other social networks for authentication. Is there something so secure that I can trust Facebook with any and all logins and passwords for not just me, but all my users?
I won't call you naive, just misinformed.
1) Gawker will not know your Google/FB password.
2) You won't have a Gawker password any more.
3) Gawker asks google to authenticate joerandomuser@gmail.com
4) Google pops up a SECURE web page and gathers your gmail password
5) Google sends Gawker a YES or a NO, and possibly your name.
That's it. You have one less password, and you get logged in with what ever gmail account you enter. That gmail account need never be stored on Gawker's server, (unless you ask for notifications of replies or something). Gawker never has any passwords at all.
This makes Gawker less of a hacking target.
It frees Gawker of having to maintain any login system of their own.
It reduces cost.
You still maintain fine grained control of which sites can use this facility (at least with Google via your dashboard).
See https://developers.google.com/accounts/docs/OpenID?hl=pl-PL for an explanation of how it works.
The upshot: You want this. You didn't know how it works, so you rightly mistrusted it. But Its better.
Sig Battery depleted. Reverting to safe mode.
Everybody already has a Facebook, Twitter, or Google ID.
Check your assumptions (or did you mean, "everybody that matters ..."?). I disagree. If you don't know why, you haven't been trying very hard.
"Tongue tied and twisted, just an Earth bound misfit
This isn't about barrier to entry for developers but for users. Creating an account on a new website means going through a singup form (+/- captcha), getting an email, clicking a link in the email, and then remembering the details for future use. All before knowing if what you're signing up for is really worth it. In comparison signup via social networks require (at most) two clicks and no commitment. You can see what information the receiving site is going to get and Y/N appropriately.
I can attest the effectiveness of this. On a group of sites I've been working on the signup rate is considerably higher via social login (Google, Facebook, Twitter, etc.) than regular login options.
The only information we get through from the services is email and avatar so I can't see the opportunities for targetted advertising (at least from our end). What do you mean?
Python coder | PyQt Applications | Writer
Facebook Connect gives them access to your friends list and profile information. Definitely more than just your email and YES/NO.
No, I don't want this.
It's none of Google's business what I do on Nick Denton's sites. And it's none of Nick Denton's business what my G+/Y!/FB profile was.
If I had any use for Gawker Media, all it means is that I'd have to set up yet another browser profile and associate that with whatever disposable email address I'd originally created for use with his sites.
Anyone who gives a damn about security or privacy issues knows the value of compartmentalization, and ought to be rightfully resentful of any attempt to bridge unrelated accounts.
In soviet russia, adolescent os biggots don't know shit about YOU!
(and here gawker is trying to change that!)
As a potential lottery winner, I totally support tax cuts for the wealthy
I mean, seriously, Gawker's comment system is a wreck - as are the comment sections of most sites - and this doesn't really bother me. I think it could even be a Good Thing in some regards, as you're likely to find bigoted idiots posting something offensive in the comments for a new Mario Party game on Kotaku - it's ridiculous the things some people say on Gawker sites, enough so that I tend to avoid their sites in general these days (comments + terrible new layout = no thanks).
...if I ever had occasion to view, much less comment on any gawker media site. Those clowns have been on my shit list ever since that stunt they pulled that got them banned from the CES a couple of years back.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Exactly why I would never sign up with Facebook.
People who do, don't care about that.
Sig Battery depleted. Reverting to safe mode.
I'm not sure if you've made the connection - with NoScript, all of those properties display a blank page.
Enabling scripts brings up the content, and a bunch of stories on the right side where the "posted" time continually counts in *seconds*.
I am very sensitive to movement, and every second as I read those stories my attention is grabbed by those ever changing numbers. If it's something I really want to read, I enable scripts, refresh, and then revoke temporary scripts immediately.
I'm not stealing the web from them at all - I click, get an empty page, and close the tab/window. This could not be any more of a non-issue to me. I gave up commenting on only seeing a white page long ago, I figure it's worth one more post just for old times' sake.
Gawker, io9, LifeHacker, Gizmodo... I assume all of the Gawker properties do the same thing.
If Facebook, Google, or Twitter allow the creation of multiple accounts per person, problem solved.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Is this a step too far for an online community? Is it a cash grab or a genuine effort to encourage secure and responsible posting?
It is a symptom of a greater threat. This is a symptom of centralization of social communication. It creates an ecosystem in which defector organizations necessarily emerge and distort communication. Whether any one of the primary centralization actors is actively evil or misguided, the system will necessarily co-evolve entities which exploit the systemic flaw of centralized social communication.
There are benefits to centralization in terms of economies of scale and specialization of labor and capital, but social communication is too vital to the free mind to allow it to be distorted for such trivial benefits. We can decentralize these systems through projects like Diaspora and WebFinger. We (Slashdotters) are the ones who have the ability to make decentralization possible for the masses -- and those who benefit from centralization are not going to do it for us. I am working on it in my own way, and it is rewarding. Consider lending a hand, if you aren't already.
Stop-Prism.org: Opt Out of Surveillance
Everybody already has a Facebook, Twitter, or Google ID.
Not everybody. This infinitely increases the barrier of entry for people like me, who do not have FB or Twitter and is unwilling to use my google ID for anything at all outside of making my phone work.
In this case, there's no loss. The Gawker family of sites are abysmal anyway.
This. Mod this guy up. Compartmentalization was the concept I was trying to remember in another comment. I don't want FB/Google/Y! or the other guys watching my every move. It is about some privacy.
Creating an account on a new website means going through a singup form
You know what's even better? Not requiring creating an account at all.
All before knowing if what you're signing up for is really worth it.
I would never create an account at a site unless I had a very compelling reason to do so. Certainly not sight-unseen. It doesn't matter if "creating an account" consists of linking to a social network account or doing it the old-fashioned way.
The only information we get through from the services is email and avatar so I can't see the opportunities for targetted advertising (at least from our end). What do you mean?
Your end isn't the problem. It's the social site's end that's the problem. If I want to use your site even despite requiring an account somewhere, why in the world would I want to bring a third party into it and allow them to know every time I log into your site? That's just between you and me.
I have increasing contempt for the Gawker content as well - especially Gizmodo, but to a lesser extent Jalopnik. The articles seem to be steadily getting more childish and unprofessional, often with sensationalist headlines and highly opinionated content which tends to draw a raucous comment section. Which, naturally, leads to more page views. Dare to point this out using the same language used in the post and you're banned. That's childish behavior as well. I admit that some of their properties are of higher quality, but the general Gawker enterprise has a whiff of the National Enquirer. It's far less about good blogging, and far more about goofy "look at me" tactics now.
Well, Google's official suggestion of how to avoid their cross-service information sharing is to have multiple accounts (one for search, one for gmail, etc.). So it sound like they're fine with it.
Absolutely. But then you're faced with the problem of dealing with large quantities of spam. Captchas etc. can block most stuff but if people can find a way to post something to site they'll happily pay people to do that for them. You can use spam filters (Akismet etc.) and however many other. But then you find yourself spending a lot more time on beating spam than providing things for your users.
I wish there was some nice built-in standard in browsers to support log in without handing over personal details. BrowserID looked like it might do it - if coupled with a throwaway email - but now they've rebranded that to Mozilla Persona there is zero chance of it becoming cross-browser.
I completely agree myself. I would never log into a site with an account from another site for exactly that reason - the thing most people would. It's the old security vs. convenience decision.
Python coder | PyQt Applications | Writer
What is Gawker, anyway? I guess I don't know and don't care. And that's the difference between ignorance and apathy.
Everything you know is wrong, Just forget the words and sing along.
You don't want them to know what sites you log into, but you are fine sharing everything else they collect?? Site logins are trivial compared to everything else they keep. Off the top of my head:
Search History
Email contacts
Actual content of emails (!!!!)
Friends lists
Click-out tracking
GP's comment about bridging unrelated accounts is still valid, though. I can see how people would trust Google/FB, but not Gawker.
You know what's even better? Not requiring creating an account at all.
Read this site at -1 (go on, I dare you, and leave it at that setting), and you'll quickly understand why accounts are a requirement for civil discourse. You can't have moderation or attribution of comments in any meaningful sense without accounts.
I would never create an account at a site unless I had a very compelling reason to do so.
I see - please do tell us what very compelling reason caused you to join Slashdot?
Your mistake is the assumption that these sites want to maximize comments, and should thus remove barriers. In fact, these sites don't want to deal with the reams of gawdafullness that fill up most comment sections.
In this regard, turning to social network authentication schemes has two benefits:
1. Fewer people will bother commenting.
2. People that comment will have some fear that their behavior will be associated with something they care about protection, i.e. their "real" on-line identity, if not their actual identity, and will thus resist (at least a little bit more) the temptation to be total asshats.
IOW, broken by design.
Because making a throw away twitter account is so hard ...
One benefit of having a name almost as common as "John Smith" is that the signal-to-noise ratio is far too high for anyone to really know what is actually a legitimate hit or one of the other thousands of "John Smiths" in the world. Plus, I happen to share my name with several very famous people, ranging from musicians to professional athletes to actors, so you're going to have to do some serious digging to find a hit that's not related to one of them.
The obvious solution is to combine all of the information on the various "John Smiths" and judge each by the resulting composite.
Don't tell me you trust the data mining racket to never come up with that one!
No, I'd rather "them" not collect anything. I know the trade with gmail, I understand that. I'm trying to keep a handle on what "they" collect on me. It is possible that I'm not tech-savvy enough to block everything, but I'm willing to try my best to obfuscate my personal online habits and browsing. Which "them" are you referring to? I never said I was "fine" with any of this. And before anyone jumps on me, this is news for nerds, not just news for programmers and internet experts.
It also puts some of the users "skin" in the game. If you get banned, then you have to get a new Facebook login too to get back on the site. Those sites don't take kindly to making many fake accounts.
So, basically, this story is that Gawker is switching to OpenID for their authentication system - just twisted around into flamebait.
Stay classy, slashdot
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
They're saying Facebook, Google and Twitter are paragons of data security???
I don't know if it has been pointed out or if all Gawker sites are doing it, but at least Kotaku is now actively encouraging users to create "fake" accounts on these services, violating their respective ToS agreements.
No, I very much do *not* want this. I also know exactly how it works (I've played around with fb connect and google authentication for my own web apps). You're confusing peoples' fear of a lack of privacy with a perceived lack of security. Thankfully, I can vote with my feet and never visit gawker media sites.
LegendMUD
Are people now completely unable to think for themselves? It's not like Gawker Media has anything to offer anyone - anything that's necessary in life. In the end, the people that use their sites are dumb enough to agree to anything, which is why this is going to work for Gawker Media, and no amount of "is this a step to far??!??!??!" is going to make any difference.
It comes down to a simple business decision. Adding login via FB (or Twitter or Google or...) gets the site more users than if they make them create an account. Login exclusively through one of these sites also saves them in development and operational costs and lowers the amount of spamming and trolling. It means they lose some users (like yourself), but from the site's point of view, it's a net gain (at least for a Gawker-type sites, it would be different for someplace like Slashdot).
Interesting when one of their own headlines today is about a hack into someone's facebook account: http://gawker.com/5897485/white-supremacist-hacks-trayvon-martins-email-account-leaks-messages-online