

Ask HN: Requiring FB Connect, Will This Kill My Startup? - onwardly

I'm curious what other people's experience has been using FB Connect as a sign-in option for their web apps, especially those that use it exclusively.<p>It seems that many people, even "tech aware" younger users, don't understand FB Connect and may be suspicious of it. This makes me worry about all the majority of potential users, who on average will understand it much less.<p>Any idea what % of potential users will automatically refuse to use a service if it requires them to login with FB Connect?<p>I ask because the startup I'm launching soon will require users to login using their Facebook ID. I'm not worried about internet users that don't have FB, because they're not likely to want to use our site anyways (its a video chat application).<p>Also, many sites allow you to login with your FB ID, Twitter handle, Google account, or to create your own account. For my startup, there are specific reasons why offering multiple forms of login won't work, so we've opted to use FB.<p>Cheers.
======
JoelPM
I don't have a Facebook account (and I refuse to get one), so in the unlikely
event that people like me are the sole target group of your
application/website, yes - requiring FB connect will kill your startup =)

But like I said, it's unlikely.

~~~
onwardly
True.

For one, most people in our target age demographic (say 16 - 34) do have FB
accounts. The other assumption is that if you don't have a FB account, you're
less likely to want to talk with strangers over videochat.

~~~
NinetyNine
I'm 20 years old, tech savy, and I'm weary of facebook connect simply because
other cross-site facebook tools have been exploited before, particularly the
like-button click-jacking worm (Troj/iframe-ET?) which has filled my own feed
with spam messages. I removed my facebook account a few months ago, so I
wouldn't be able to use it anyways, but if your site doesn't need real-person
verification, then don't even bother, a lot of users prefer a nick over a
name, and a sign up form isn't as big of a deal as potentially giving away
your facebook credentials to a spammer using an unknown exploit.

------
kvogt
Fb connect on main signup form, regular signup a click away: signups down
~15%. Well-designed main signup form w/ fb connect as an option: signups up
8%.

30k new users per day, data statistically significant. Ymmv.

~~~
jonnycat
Have you been able to measure engagement of the FB connect users vs. the
regular signup users? It's been said that while it's easier to get a user to
sign in with FB connect, those users are less likely to stick around and do
anything meaningful on the site.

------
jusob
For a website, I offered login with Twitter, Facebook or custom
username/password. I thought people would take the easy way, and use their FB
login. Wrong! 90% of them chose the custom login + password.

~~~
udfalkso
I'm curious what your audience was like. Young? Old? Tech Savvy?

Did your site focus on something potentially embarrassing if it would end up
on your FB profile?

~~~
jlgosse
From my experience the average internet user is quite afraid to give up their
Facebook credentials to a random site.

~~~
_delirium
Yeah, I think FB Connect hits _right_ at the time that anti-phishing education
has finally made people super wary of cross-site types of issues. They've had
repeatedly banged into their heads: _if the URL bar doesn't say example.com,
don't give any of your example.com-related information to it, no matter what
story it tells you!_

Of course, FB Connect doesn't _actually_ require you to enter your Facebook
password into a non-Facebook site, but I can see how people would be scared
off. Using your Facebook credentials for something you didn't reach by typing
facebook.com into the URL bar yourself feels at least superficially just like
the sort of thing all these campaigns have been about...

------
sqrt17
Even though I may use FB connect to sign into a site, I (and I guess many
others) would be deeply suspicious of any site that exclusively uses FB
connect.

At the bare minimum, offer FB, Google and Twitter so people don't feel like
they're coerced. (And you'll be surprised how many "not likely" people use a
decent application if it's useful and you don't send them away).

My guess is that 90% of potential user will go away when you force them to use
FB, whereas 70-80% of your potential user base will still find something not
to like when sign-in is not a problem. (i.e., think about the conversion ratio
from people who learn about your site to people who either go "ooh, I'm going
to try this out" or "hm, looks interesting but whatever" - people are often
walking a thin line between these options and shifting the line by making
trial and sign-up as easy and convenient as possible will get you more
conversions).

Otherwise, if you're willing to put your soul into FB's hands, do the full
monty and structure your app as a facebook app. If you don't think that would
be a good idea, think about why you're only targeting facebook users. (And do
remember that "facebook demographic" and "actual facebook users" are very
different things).

~~~
onwardly
This comment, like many others, is pretty critical of using FB Connect
exclusively, which is something I understand and why I posed the question in
the first place.

It may help to provide a little more context. The reason that FB Connect is
used exclusively is to solve the pervert problem that has plagued videochat
applications.

The FB account is used ONLY to track users, and on the landing page we make it
very clear that we never reveal your identity to anyone and that we never post
anything to your wall or your friends' walls.

We use the FB login so that if you are reported for misusing the site we can
block you permanently. The thinking is that if we just allow you to create a
new account or login with different accounts, then the pervs will be able to
continue to access the site even if they are blocked on one account.

On the other hand, I'm getting the sense that this could be a big problem for
legitimate users. Perhaps having multiple sign-in options would be OK,
assuming that if you're a perv you'd be wary of signing in using your real
account info, and that you'd really be going out of your way to be a jackass
if you waited til one account was blocked before and then signed in using
another account.

I'm surprised that the HN community seems more averse to using FB connect than
I expect most normal users are. Either that or people that are critical of FB
Connect are more apt to respond to this.

Lots of food for thought though. Ultimately, the question is whether offering
multiple sign-in options dilutes the security feature of being able to
permanently block those who misuse the site. While it does dilute this
slightly, I'm starting to think that the trade-off might be worth it if only
allowing a FB sign-in is so repulsive to so many...

~~~
sqrt17
Okay. Blocking perverts is a legitimate cause and being able to ban people
effectively is probably easier than implementing feature extraction from
video.

However, people can make throwaway facebook accounts just as they can make
throwaway twitter/Google/OpenID accounts. So, if you want something more
effective, you could either:

* make a video chat that is not free-for-all. Back in the day, ICQ with video chat turned into a circlejerk because anyone could contact anyone. On Skype, people who you don't know cannot contact you by default, so it doesn't have that problem, but feels more like a videophone than a chat.

* use more elaborate rules: use the sender IP to recognize duplicate sign-ins, with an option of contacting support if you're caught wrongly by the ruleset.

* Provide an outlet for the circlejerk people so they can be among themselves (i.e., like having a /b/ on 4chan so the other channels can be civilized most of the time). For example, have a "ban this user" function that bans that user for the person only, but have a default that contact requests from people who are banned by three different users are denied unless they're in your "friends" group. Have an option to change the threshold so that perverts can still play pervert in front of other perverts.

* provide some kind of "namespace" and appoint trusted people as moderators for parts of that namespace (e.g., have a channel HorsesLovers that has its group of moderators). Having moderators per channel allows (i) people to develop a sense of responsibility for "their" channel, but also (ii) to limit any kind of dictator-like behaviour.

* I was considering whether asking for some sort of micropayment (i.e., pay 2$ or have someone invite you) would solve the problem, but I guess there's enough perverts with deep pockets that it'd only be a partial solution.

~~~
onwardly
With Facebook, the way it would work is that you have to have 20+ friends to
join. So you can create throwaway accounts, but you won't be able to login
with them.

That said, it really would be going out of your way to create a throwaway
account every time you wanted to be a pervert for just two people. That
requires a lot of effort, and while there may be a few people willing to
endure it, I doubt it would reach the same level of problems as it has on
Chatroulette and co.

~~~
alextgordon
What's wrong with IP blocking? It's easier to get a Facebook account with 20
friends than it is to change your IP (depending on your ISP).

------
pjy04
Stop wasting your time and doing fb connect. Just do the traditional method
and test your idea fast and easy. FB connect will slow down your development
and make it complicated.

FB has changed so much this year alone, you'll have to change each time they
add something new.

------
btmorex
I've already skipped a few services that sounded interesting because they used
fb connect (I do have a facebook account). So, to answer your question, if
enough people are like me, then yes it will kill your startup.

------
tobtoh
I'm a heavy FB users and _always_ opt to create a separate login account
rather than use FB Connect.

My understanding of FB Connect is probably flawed, but I don't trust FB to use
whatever linkage/info they get from the login with my best interests at heart.

I also don't trust any app that requires FB connect as, rightly or wrongly, my
suspicion is that any app requiring FB connect is out to spam my newsfeed and
my friends news feed like Farmville does.

If the only login method is FB Connect, I just move on.

~~~
b0o
same here. Facebook connect sucks. If it's your absolute best login option,
then GG to you sir, you failed before you even started.

------
Towle_
I personally wouldn't sign up for anything with FB connect, but who cares? Go
for it. If you really must have just one form of login, then FB is by far your
best shot. If it doesn't work, nothing else would have.

~~~
onwardly
I'm curious what your rationale for this is.

Assume that from the landing page you can be confident that none of your
personal information will be shared and that the application will never post
anything to your wall, etc.

What's the worry? The whole point of FB connect is that you don't have to
create accounts on every website you visit, while still enjoying the enhanced
functionality that comes with having a "profile" on each site.

Anyways, I care because if 90% of potential users leave the landing page
because they don't want to use FB connect, then that's going to pose
significant problems for us!

Regardless, we are "going for it"!

~~~
Towle_
_Assume that from the landing page you can be confident that none of your
personal information will be shared and that the application will never post
anything to your wall, etc._

I wouldn't assume that. By default, I would be skeptical. I can't just trust
you because you say you're trustworthy. That's why I don't use FB Connect.
Well, that's half the reason. The other half is, I don't want FB to have a
profile of a bunch of sites I'm a regular user on. I want to be able to say
and do things on those sites that I wouldn't do on FB. Like this:
<http://news.ycombinator.com/item?id=1641266>

edit: Good luck! Maybe I'm an outlier and it won't hurt much. But like I said,
it's easily the best choice of those you have available to you.

~~~
onwardly
I understand where you're coming from, but it also sounds like you share some
common misperceptions about FB Connect.

For one, before you login with FB Connect, it tells you exactly what the
application is requesting your permission to do.

If the application wants permission to post to your wall, FB tells you upfront
that it is requesting that. So you don't have to believe my words- when you
click to login you'll see that the only information requested is just your
basic profile information. Nothing else.

Regarding FB having a profile, I don't quite understand this. For one, FB
doesn't know what you're doing on my site. All it knows is that you signed
into my site. But Facebook can't really "do" anything with that info. It can't
post on your wall that you logged into my site, it doesn't have access to any
of your activity on my site, etc.

Thanks for the good wishes. I don't think you're that much of an outlier, but
I think a lot of that has to do with how poor of a job Facebook has done
explaining Facebook Connect.

I'm expecting that over time, people will increasingly understand how it works
and be less suspicious. Maybe.

~~~
arn
"it also sounds like you share some common misperceptions about FB Connect."

I suspect it's not just a "common" but overwhelming misperception. In fact,
before reading what you wrote here, I didn't know that's how it worked.

I am an intermittent/casual facebook user, and use it only for real personal
connections. As a result, I _never_ log into any website or iphone app that
offers facebook login, for exactly the concerns listed above. The rules also
seem to change over time, so just to be certain, I won't use it.

------
andrewf
Firstly, Facebook really do "move fast and break stuff," and dealing with
their APIs is both slow and aggravating. The app I'm working on has a lot of
social functionality, which is why I'm bothering. (You may have similar
plans). I've never implemented Google account login, but if I didn't care
about the social stuff I'd be leaning towards that.

Are you doing a "hard launch" with lots of PR, etc? If so, I would be thinking
very hard about the risks in being FB-only. A lot of people will never visit
your site again.

If not, then you have more freedom to experiment. I'd be inclined to go with
my gut, but: metrics, metrics, metrics. From day one you should know how many
people are being pushed to authorize your application to know about their
Facebook identity, and how many of them are coming back after clicking the
"Authorize" button. Facebook has a dashboard which I haven't investigated, but
it may be good enough for you to avoid implementing your own metrics.

~~~
onwardly
This is a good point.

We are in fact doing a "hard launch" as a result of the need for a critical
mass of users. Its a videochat website, and if noone is there then you'll just
leave.

As I mentioned in another comment I made just before this, I'm certainly
reconsidering the decision to do FB-only.

The main thing I want to stay away from is allowing users to create accounts.
We don't want pervs to be able to get booted off and then just quickly create
another account. But it does seem to make sense to offer Google, Twitter, and
perhaps another sign in option.

------
stoney
Unless I specifically wanted your startup to be putting stuff into my facebook
feed, I personally wouldn't log in to your (or any) site using a facebook
account.

I'm a bit paranoid about the potential for 3rd party apps to publish stuff to
my facebook account that I don't want them too - the whole facebook privacy
thing is just too murky (I don't really understand what you could or couldn't
do if I logged into your site with fb connect), so in general I just play safe
and keep facebook separate from everything else.

------
gaiusparx
Personally I would not use FB Connect unless you're already a name I can
trust.

If I'm not wrong, when you use FB Connect, you can capture only the user id.
The disadvantage is you are not able to build a meaningful customer database,
but this also depends if customers info is important to your startup. Secondly
your startup will live and die with Facebook. This makes sense only if your
startup is a Facebook app.

~~~
dmc
> If I'm not wrong, when you use FB Connect, you can capture only the user id.

The information you can currently 'cache' from facebook, is called basic
information and currently consists of:

> user ID, name, email, gender, birthday, current city, profile picture URL,
> and the user IDs of the user’s friends who have also connected with your
> application.

You can also easily request other information, such as email address, without
any additional dialogue box. I'm not sure whether most users would realize
that this additional information is being shared, or not.

------
Locke1689
Use OpenID. I never give my user information to another site, if possible.
OpenID is the most portable of those implementations.

Edit: Ah, didn't see at first that you can only have one form of login. I
guess you can use FBConnect (and that provides a significant user base), but I
won't be signing up...

------
alexkiwi
My experience is that it works as an added bonus, but shot our conversion rate
down when we tried it as the only way to login.

Good luck, your going to run into some fun facebook errors.

------
motters
If your site requires Facebook Connect for login, I will not use it. There's
no reason for it if your site is not directly affiliated with Facebook, and it
may result in privacy issues. Personally I think as soon as a viable
alternative to Facebook exists I will stop using it anyway.

------
abraham
Use FB Connect or RPX. Please don't make me create yet another user account.

