

OM: "My web without Facebook Connect" - dell9000
http://gigaom.com/2011/02/25/my-web-without-facebook-connect/

======
neutronicus
I won't use any service that require FB Connect.

~~~
joe_the_user
Double plus agree...

I can't imagine what service that require FB Connect are thinking...

~~~
daeken
I've started a dating site, and we're launching solely with FB Connect
support, with no plans to support alternatives in the near future. Why?
Because the data we get from the social graph makes our product better in many
ways without the user having to duplicate efforts. We get their interests,
their friends interests, their checkins, etc without the user having to put
any of that explicitly into our site.

This allows us to give a vastly better experience to our userbase, while
losing effectively nothing -- our demo is non-techy 21-35 singles, meaning
95%+ Facebook users.

Edit: To clarify, I mean that no less than 95% of our demographic is already
using Facebook.

~~~
joe_the_user
I assume you would succeed if your target audience is willing to accept that
you will be filtering information that they've given to someone else for
reasons other than dating (at least it's better than the "dating site" that
scraped Facebook for prospects).

It's possible. I would guess that people would be willing to take this "deal"
if they believed that they'd be guaranteed that others also have to take your
deal. However, aside from a person's desire to present themselves as they
choose rather than as you choose, the problem might that some would create
Facebook accounts only for dating and thus control their presentation better
than the average person who wouldn't bother. But perhaps your users wouldn't
consider such deviousness (and don't tell me you'd filter those people out -
the account themselves could perfectly real, just accounts only created for a
purpose).

Personally, I wouldn't accept this since I want to control how I'm
represented. I don't fully trust Facebook but I might trust them with
something things. I don't trust you but I might trust you with some other
things. Giving you and those like-you my FB information means that I'd have to
suddenly start putting unlimited in both FB and you. Maybe some people are OK
with unlimited trust and "openness". I doubt there will be increase in such
people over time - I could be wrong.

------
nickbp
From the user perspective, I don't use Facebook Connect because I don't think
a third party site should be given access to any of my Facebook information,
nor should Facebook know what other sites I visit.

I'd much rather they all stay ignorant of one another.

~~~
simonw
Have you heard about Instant Personalisation?

~~~
nickbp
I have. It's creepy, and about as useful as any line that begins with "SUP
DAWG, I HEARD YOU LIKE..."

------
pnathan
I neither have a Facebook account nor do I use Google search for more than
hard-to-query searches.

I don't need Google Mail, and I do blog elsewhere than my (rottingly
neglected) Blogspot account.

I appreciate that the author has tied himself to those services, and how
problematic that becomes when a centralized service goes down for a user.

That is - partly - why I do not do that, preferring the somewhat rougher road
of managing my own usernames and passwords, ensuring that my services are
split across multiple providers and are not subject to the whims, failures,
and vagaries of a single company.

------
jdp23
Whether or not it's fair, most people will blame Facebook in a situations like
this. Unless they can get security issues under control, they're in for an
increasingly rough time ... one more reason I think they're waaaay overvalued
at $70B.

~~~
tosh
there are many things that facebook can and should improve (like enabling
https all the time, not as opt in, and not disabling it when you use apps that
don't use ssl/tls). that said I'd love if 10% of the web services I use would
take security as serious as fb does.

------
racbart
Anyone with some IT background should be familiar with a single point of
failure concept. This is why I personally don't use FB Connect, OpenID, etc.
If anything goes wrong with your single global login process, you're in
trouble. It doesn't matter whether it was your fault or your provider's.

When I create web products, I don't hesitate that much. If people want it and
if it can increase signup conversion, then let's roll with it. But I don't use
that as an user. A good password manager is more than enough for quick and
convenient logging in.

------
Vivtek
I'm not sure FB is a single point of failure - Twitter signin seems to be
nearly as prevalent. In fact, you could probably do something about identity
by leveraging these separate identities into one, so that if you lose one
(like Om) you wouldn't be separated from your online identity. (Not to mention
you could reclaim the failed point based on your other identity components.)

That's vague, but seriously - a "single" point of failure is a business
opportunity waiting to happen.

~~~
tosh
I also don't think that facebook connect poses a single point of failure. If
it becomes one then it is not the fault of the identity provider but the fault
of the relying party, so if he only uses services that only offer auth via fb,
or he did not connect his accounts with other identity providers then he
should not complain right?

~~~
racbart
Nothing poses a single point of failure unless one uses it that way.

If you add other identity providers then sure, you're less vulnerable - just
like if you replicate your database and set up failover. There are many ways
to avoid certain SPOFs but possibility to fix doesn't make a SPOF stop being a
SPOF. It's all about how you use them.

If you use FB Connect as the only way to sign into some of your accounts then
FB Connect becomes a single point of failure for these accounts, period.
That's what happened to Om. There might be only 30% of his accounts affected,
but for these 30% accounts, FB Connect was a SPOF.

For me it's easier to use old-fashioned login/email+password signup with a
password manager like 1Password than signing up with multiple online
identities to every new account (who does that anyway and many websites allow
you connect only one identity). Classic email+password has a failover by
default in its design - if I forget my password I can reset it by email (I
need both to forget password and have broken email at the same time to don't
be able to login).

------
icco
I liked the article, but I'm curious about the title choice. Why prepend it
with 'OM:'? Because the domain is shown on the right, do I really need two
sources of authenticity?

------
rokhayakebe
I love OM, but if he has no web without FB, than he has some serious issues.
Maybe it is really time to realize there is a life away from our computers.

Side note: I am glad HN does not have a FB login rule.

