

Facebook Is No Friend of Power.com - twampss
http://bits.blogs.nytimes.com/2009/01/02/facebook-sues-powercom/

======
mdasen
So, let's get this straight.

1\. It is fair for Facebook to ask for usernames and passwords to Gmail,
Hotmail, et. al. to provide functionality to their users.

2\. It is unfair for Power.com to ask for Facebook usernames and passwords to
provide functionality to their users.

~~~
jonursenbach
If it's in Facebooks TOS that you need to access their site specifically
through them then yes, Power.com is in the wrong.

~~~
jonknee
Then they should ban the users who access through a proxy. A site can't put up
a TOS that says you can't access through a proxy and then wait for it happen
to sue. The web would be chocked full of liabilities if shit like that were
allowed to happen. Searching Google would be too dangerous, what if one of the
sites in a SERP had a TOS against coming from a referrer?

------
cgranade
The title here is misleading to me... it sounds like the kerfuffle is about
Power.com not using the proper APIs and instead choosing to capture login
credentials. That's a real breach of security, and given that Facebook
implements an alternate authentication method, seems completely unnecessary.
Maybe I'm missing something; is there anything you can do with direct logins
that you cannot with Facebook Connect and full permissions?

~~~
snprbob86
"is there anything you can do with direct logins that you cannot with Facebook
Connect and full permissions"

Yes, and that is exactly the problem. Facebook's APIs enforce very strict
access controls on the data available to external or embedded applications. If
you have my user name and password, you effectively have full permissions.

Secure by design means no access by default. Sometimes, there are things not
yet or not fully exposed to the APIs under the API's definition of full
permissions. Other times, the granularity of access controls doesn't exactly
match what your application needs. The user name and password lets you avoid
playing by the rules and has the potential to greatly undermine user
confidence in the security of their data.

------
tlrobinson
I had never heard of power.com until now... no such thing as bad publicity?

That said, I don't use any of the social networks they support, except
Facebook...

