Hacker News new | past | comments | ask | show | jobs | submit login
Surprise: People hate being forced to use Facebook (dailycred.tumblr.com)
193 points by cookingrobot on Aug 31, 2012 | hide | past | favorite | 95 comments

This just further proves how disconnected Mark & Friends are from the real world.

In real life, people talk very differently when they're:

- around their friends

- with their family

- with their lover

- in public

- at work

- online

So this "one identity" + "real name policy" + "privacy is dead" nonsense is just disheartening. There will always be a need for humans to keep secrets, to have separate identities, to keep the people in their lives separate, and the topics they talk about separate. "Sign in with facebook" just breaks all those rules.

Not everyone shits and showers with the bathroom door open.

I agree. The need to share and talk differently with different people, is precisely the problem that Google tried to solve with their concept of circles in Google+. However, the fact that they also required real names and a single identity, makes it a partial and therefore ineffective solution.

One serious problem with the way Google+ does circles is that once you post something, you _cannot_ change whom you've shared it with.

Well, keep in mind that the people you already shared the post with can always save it locally.

Yea, I am not for real name policies either. But I do want problems that would be caused by them to be fixed if possible, though not every one of them can be easily fixed, of course. For example, legacy PR based on one-way control of the message is fundamentally flawed.

This reminds me of one of my own HN submission, BTW: http://news.ycombinator.com/item?id=4160528

They'd get more signups (and more of them would be for traditional accounts) if they did some fairly trivial work to make the sign up process sound like it actually created customer value.

Here's their home page: http://www.shopobot.com/

The button to show that modal window is "JOIN NOW" with microcopy "It's free." That microcopy is the best part of the whole experience.

Clicking the JOIN NOW button brings up the modal window:

"Welcome! How would you like to sign up?"

Absolutely nothing here promises benefits to the customers. Consider something like:

Button: "Start Saving Money!"

"Save money when stores change prices. How should we tell you?"

[Login with Facebook] or [Get an email]

microcopy: "We never post to Facebook. Shopobot is totally free. You can stop getting email at any time."

Clicking "Get an email" would bring you to the signup form, currently a DailyCred interstitial, which is (at present) an experience which will not maximize conversion rates, to put it lightly.

https://www.dailycred.com/oauth/authorize?client_id=ceb6f715... <-- don't worry, I won't use that client ID, feel free to click it

That page should:

1) Remind people why they want to sign up for Shopobot

2) Have button copy which suggests value, rather than "Sign Up". Ideally, it should have copy which recalls the scent of the interaction on their page.

3) Continue providing risk-reducers like "free", "we won't spam you", etc.

If you're wondering whether to use DailyCred or roll your own login system, by the way... how much is 20 ~ 40% more users worth to you? Enough to justify the whole hour it will take to roll a login system? Good, thought so. (+)

(+ I'm sort of intrigued by the parts of their offering which do not actually sign up users and log them in. However, it strikes me that bundling them with logins is an exceptionally bad idea, and as you need them you can either implement them ala carte or plug in a provider who would let you keep control over the most important 30 seconds of a customer's relationship with you.)

Thanks for that feedback, that's great advice for how to polish the language and call to action. With DailyCred you do have flexibility to make custom signup UI like you describe using the rest api[1], so you can bake it right into your experience. The interstitial login screen is for people who want to get set up instantly. The rest api supports all of our features, including email validation, SSL, password resets, etc. Both options are a big win over only offering Facebook signup. [1] [https://www.dailycred.com/api/rest]

It's even easier if you're writing a rails app, as you can just use Devise[1]. Include the gem, run two rails commands, and you're basically done except for customizing the views.

[1]: https://github.com/plataformatec/devise

If your only login option is Facebook, I won't use your service. Full stop. I don't have a Facebook account, and I certainly won't get one to be able to log in somewhere else.

I do have a Facebook account, and I have basically the same policy.

Facebook is for me to chat with friends and all of us to post photos we may or may not regret when we sober up. I neither need nor want to tie any more of my life to it.

Facebook has done a great job of ruining their app ecosystem. Many users are trained through embarrassing spam incidents to never trust Facebook apps.

Totally agree. They really should have made the default to allow zero permissions. Then there could be a page in the app (or in facebook) where you can explicitly allow each requested permission once you've at least had a moment with the app. As it stands now, though, I never use the facebook option. The few times I did before, I raced to my profile to see if anything was posted. The current model is sort of like a store clerk saying, "Come on in... and let me use your phone to call some of your friends."

Is there even an option for developers to use where you can use Facebook just for login, without requesting any additional permissions? That would be acceptable.

This is why I still like OpenID (eg, log in with your Google account). I know they get nothing but my name and email address, they can't touch my account at all, and nothing is public.

From Facebook's documentation:

"When a user auths your app and you request no additional permissions, your application will have access to only the user's basic information. By default, this includes certain properties of the User object such as id, name, picture, gender, and their locale. Certain connections of the User object such as the Friends connection are also available. If the user has made more of their data public, more information will be available."

Source: http://developers.facebook.com/docs/authentication/permissio...

OAuth scopes kick ass. You don't even need to give up name or email to an application with Google's implementation, IIRC.

Unfortunately some companies are in bed with Facebook and it seems it gives them more than the additional users.

For example Spotify - still allows only Facebook signups. The first quote on signup page is of course <<"Spotify is so good" - Mark Zuckerberg, co-founder of Facebook>>. I'm definitely one who spent additional time to look for an alternative.

Edit: As parbo noticed, they actually do allow email+password signups again. I completely missed the link when checking.

Actually, it is now possible to sign up with only email. Not sure if it applies to all markets, but in the US you can.

Wow, they don't want people to spot that, do they :) I went to the signup page to verify before I posted my comment and completely missed the link, even though I was looking for it. I really appreciate them doing that - will check out their library today.

Edit: Or not. They seem to know my city better than me since my postcode is both required and invalid...

What's your city and postcode? I can forward it to the devs responsible for the signup page.

Any postcode with letters fails apparently. This doesn't work for UK where letters are in all postcodes. "1" got accepted though.

At the top of the page:

"You need a Facebook account to register for Spotify"

At the bottom of the page:


Create an account using my e-mail address"

Awesome design there!

Awesome design there!

I think you meant that sarcastically, but it actually is good design from Spotify's point of view. They really want people to link their accounts to Facebook, but don't want to lose the potential users who steadfastly refuse to do so. Tailoring the language and design to encourage the desired choice is smart, even if it might not be quite right grammatically.

Grammatically? Being delibetately misleading is not quite right ethically.

Sweet. Thanks for pointing this out. I refused to try Spotify because of the FB requirement.

Weird, I'm in the US and I don't see the email option anywhere on the signup page. Too bad.

I've been using Rdio for a while now and really like it. I think Spotify's library is a bit larger but, like you, I hate being forced to sign up via Facebook.

I chose Deezer some time ago... but Rdio sure changed lately - maybe I should give them another look. The last time I tried they had a poor choice in non-mainstream things, but it seems to have changed. (number of von zamla albums is my usual benchmark for the variety of available tracks) They still have weird listing issues though - having both Goran Bregovic and Bregovic, Goran for example.

Rdio really hasn't changed lately. Their interface got refreshed, but their catalogue is about the same as always.

Using any single artist as a barometer for library completeness is probably not a great metric.

I'm not saying it's something to rely on, but if the artist is: not American, not singing in English, not from the top hit lists, not from popular genre and published albums years ago... yet they get included in the library, that means the choice goes far beyond what you usually get to hear. And that's just a great thing, whether you like specific artist or not.

My point is just that both Rdio, Spotify, and all their competitors contain many bands that fit your criteria. And they also don't contain many of those. I'm simply saying you should do a wider survey of their libraries to get a better comparison.

Whenever I used to demo one of my old projects, the immediate feedback I'd get from most "advisors" was something along the lines of, "oh, you don't offer Facebook signup. Why not?"

I think the underlying assumption was that using Facebook login would make it easier to make the site "go viral" because we could more easily spam our user's networks.

I always cringed at this idea from my own personal experience, and from anecdotal evidence from my friends.

I'm very excited that someone finally backed this up with data.

But they're not saying that offering Facebook logins is bad. Just that _forcing_ people to log in with Facebook and not offering an alternative is.

And at least by offering it, you'd get metrics on how many people use it. Like Patrick said, it's the most important 30 seconds of your relationship with the customer. It's worth trying whatever you can do to improve that signup process.

So, I understand that Facebook et al are more popular options, but I am noticing that OpenID in particular is really losing momentum. Personally I really liked the idea of OpenID, so I'm just wondering, from the point of view of web developers, what is it about OpenID that makes you not want to use it? Or is it just that Facebook is overwhelmingly more popular as a login method so it's not worth it?

I think OpenID is simply not understood by enough people.

I agree. I spent a lot of time simplifying my OpenId setup so that all I had to do was type in my first name on a website and would be authenticated. I think online identity is still ripe for disruption and improvement.

...and sadly BrowserID never took off.

Huh? Our first beta release is scheduled for ~2 weeks from now, and the entire idea is barely a year old. We're still quite alive and well -- come join us on GitHub (mozilla/browserid) or IRC (irc.mozilla.org/identity)! :)

Plus, Mozilla is dog-fooding Persona all over the place[1], so we're personally invested in getting this thing right and keeping it working.

[1]: Bugzilla, MDN, Etherpad, Mozillians, Metrics, Popcorn, OpenBadges, Marketplace, Add-on Builder, Flicks, and Affiliates all use Persona, with more to come.

I think you meant OpenID.

BrowserID is new, and awesome. My fear is that a good universal login needs to support both Mobile Safari and Google Chrome on Android, and due to their childish fighting, it's unlikely anything client side can work on both, to the detriment of users and Internet security as a whole.

Desktop browsers are a lot easier (extensions, and browser choice), but mobile/tablets makes this all a lot harder than it was a few years ago. :(

Logging in with a URL. That does not make sense.

At my current job all the project managers think our users are so promiscuous with their online activities that they'll use services like Facebook for just about anything (Events, RSVP, etc).

However, from talking directly with some of our user's most of them are telling me they avoid these features because they don't understand what the long term effects might be. Apps who have abused Facebook and stories about potential privacy concerns in the media have left a bad impression on them regardless of what Facebook has done to 'fix' the problem.

Yes, this. A thousand times, this. Personal case in point - earbits.com. Freaking LOVE their service. I used to use their 'don't need an account' option almost daily to stream awesome new music, and I would've LOVED to create an account just to save my settings. I tried to use their Android app, and what am I presented with immediately on install? "Sign in with Facebook!" Insta-delete. I've gone to Pandora, and even though I don't get the 'new' music I'd prefer, I still pay Pandora their $30 or whatever for a similar ad-free experience.

Earbits, if you read this - PLEASE ditch the Facebook-only option. I would pay you $45 a year (50% more than what I pay Pandora) for your service, but I absolutely loathe anything having to do with Facebook, and I cannot continue to use your service if you insist on requiring them.

<3, --Me

If you're adding user accounts, there's really no excuse not to include an email & password signup option. You can alienate a lot of potential users if you require Facebook connect and don't give the option.

Also, you're allowing yourself to become exclusively dependent on another company's platform.

I've always wondered why more websites/apps didn't have their own user database, with Facebook credentials as merely a link to an underlying record that the website actually owns.

This way if you one day want to run far, far away from the FB monster you're already set - the behavior of your app doesn't break horrifically, and you can devise a seamless/pain-free transition for FB-authenticated users to create a password.

> I've always wondered why more websites/apps didn't have their own user database

Because your password database is a liability. And it's a huge pain in the ass to store securely. And a breach at another site can harm your users if they re-used their password. And there's a huge amount of friction when you ask users to create and manage yet another password.

Seriously, traditional login systems suck. They're great for privacy and maintaining direct control over your user data, but they're a huge pain.

I don't want to shill, but Mozilla is aiming to address the bulk of this with Persona (https://developer.mozilla.org/en-US/docs/Persona), which will have an api-stable "beta" release in about two weeks. However, it works right now and has been deployed on sites like https://voo.st/ as an alternative to forced-social login.

Because your password database is a liability.

Arguably it's a greater liability for a business to be dependent on a third party for a connection with their users. It means they lose important user data like email (they have to ask for it usually), they're tied to that provider, and their website breaks for those users if that third party service goes down or is unreliable.

If you store your passwords securely you can't leak them, only a hash, but I agree it's a pain for users to manage multiple passwords/identities and can lead to too much password sharing.

Persona looks far more interesting than social login as it addresses the issue with who owns controls user data/logins and does not have a single point of failure, plus it provides the email.

"Dumb fucks" - Mark Zuckerberg on Facebook users

You can trust Facebook. Why wouldn't you? Facebook is lovely.

Heard similar language from Google... and Apple... and MS... and ...

The idea that you should or shouldn't "trust" a company...

It's just unusual if you think about it. It helps to have been alive in a time before the web was significant. Think of all the companies you give personal information to. Think of how much information you actually give them. Think about what they are permitted to do with that information.

Then think about sending a list of all your friends, family, colleagues, your personal thoughts and commnications on personal matters, to a random, characteristically anti-social CS major you've never met. It's just plain weird. And Zuckerberg was absolutely right in what he said: we're dumb to do it. The problem is this didn't phase him one bit. He went right ahead as if it was all going to be OK. And we just kept sending him more and more info.

Granted, Facebook calls itself a company, and the situation has grown quite large and complex, but I still think of Facebook as one CS student's website. It is what it is.

You send your personal info, in some cases more personal info than you would give your personal banker, your doctor, or your lawyer, through the web to total strangers, many of them are anti-social kids like Zuckerberg, to be posted on his website.

It's a disaster waiting to happen.

Maybe it's because I've grown up with fairly ubiquitous internet, but I've never expected anything I put on the internet to be private. Furthermore, I've never expected anything done in public to be private. I have a hard time understanding why people expect otherwise on both.

Facebook isn't as interesting anymore. I think the new trend is more privacy/less sharing.

Since when has that been a "new trend"?

People also hate having to create a new username/password combination for every single web service they want to try.

I'd say most people have one username/password combination they use for every service. On mobile devices, having to sign up with an email and password is a bit of a hassle, and Facebook/Twitter login makes more sense.

Anecdata point (new favorite word) from someone who in theory should "know better": I have my corporate password, a bank password, personal email password, and one I've been using literally 80% of my life for all the other sites. It's got a Couple variations to get around silly restrictions. In its base form, it's a 6 letter dictionary word. Why? I don't care! I don't want to devote any more energy to the problem than strictly necessary and those sites aren't getting any data I care much about.

PS: 2 factor for corporate account and personal email

Some people, but not this person. I like having a separate login for each web service. I keep each login in my password wallet so even I don't know the password. Using this approach, if a service gets compromised, I don't need to worry that my access will spread to other systems.

I also like email/password signups because I get to use different emails for each service. GMail helps with this since I can use johndoe+twitter@gmail.com and johndoe+facebook@gmail.com.

Only that most signup forms use a broken regex and think <name+mailbox@example.com> emails are not valid. Been there, done that.

I don't trust such services much. always use my default :)@domain.com which is also valid according to the RFC

But not enough to make me use Facebook and definitely not enough to even bother with Twitter.

Perhaps this is just luck on my part, but I don't think I've ever had a "Sign-in with Twitter" app spam un-authorized tweets on my behalf.

I agree, I'd much rather sign in with Twitter than facebook.

Pardon an obvious comment but some developers using Facebook and Twitter for login don't get this: when you are only using FB and T for login then don't write your app to request any access rights at all to a user's FB and T data.

For example, why have your app request the access rights to post to a user's T stream?

As an end user, I just don't end up knowing quite how my privacy is impacted when signing in through a third party site.

I signed up to a site only yesterday that gave me the option of signing in (or was that signing up - I haven't a clue...) with a yahoo account or a Facebook account, or an email address and password. I thought what the heck I'll sign in with my yahoo credentials. I then went back to Yahoo - and it gave me some message about authorisation and data sharing. What data is shared? Who knows. I didn't want anything shared, other than perhaps my email address. But why not explicitly say that?

So for me it's just a case of pure confusion, and the worry and fear that I've shared something that I didn't want to with another application - for example I wouldn't want to share my address book.

Another service I know of demands a Twitter login, as a result I don't use it. Which is annoying as I do want to use it. I can't be bothered to set up alternative Twitter accounts just for this purpose.

I guess that if I don't get it - and I have a technical background - then what hope does anyone else have? Or do punters just go about and blindly trust services with their data?

I think, as always, generic statements can't be made. And one example shouldn't necessary serve as a general example. The willingness of a user to use Facebook as a login identity is influenced by:

1. the trustworthiness/brand recognition of the service 2. expected behavior of the service with the data

In this case, it seems to me as if there is no value a user would get from signing up with facebook besides the convenience. Furthermore, being an e-commerce service, I would actually say offering Facebook login is counter-productive because it may be perceived as a commercial use of your data (I know its irrelevant, but you would be surprised how often I have heard this)

Also one should note that the averaging 30% really isnt that bad. 50% would mean its completely random, meaning there wouldn't be a preference either way. I wouldn't say people hate being forced at all.

For obvious reasons, this post is biased towards selling their service.

I have no problem with sign in by facebook and promotions, as long as I'm given the choice or ways of logging in be that google, msn, and few others and or a local account option. When I'm not I don't use that product as I dont want a facebook account, my choice and any situation were I'm forced to I walk away. My choice.

I can undestand why so many do it, they have IT on the cheap and instead of doing a local login option you pick facebook and leave all authentication down to them and there API's. But that's there choice.

Eventualy some law will pass forceing companies to allow the user to pick which social login persona they wish to use and that will be that, repeat of the whole unbundle IE affair remixed for today playing out with social media login's. We shall see, but until then everybody has a choice they just need to execute it more often than they do.

Not all "people" are your customers. The study lends nicely to customer segmentation. Tech-savvy customers are comfortable using it.

If you can accurately define who your customer is then you can tailor your user experience to fit them best.

Studies show the people that use Facebook Connect have a higher LTV and show higher engagement.

Do you have any links to these studies?

We're building a site that relies on network effects and are considering offering only Facebook authentication, with perhaps other signups available in the future. Anyone have any good case studies on startups that went this route?

http://goo.gl/a3nnd this is one. I remember there was a big chat about this on quora.

We've found similar results during user testing recently. http://fellswoop.com/blog/is-user-trust-in-facebook-declinin...

I ran a quick poll on PickFu and got a pretty split response across t0 50 responders.


I don't hate having a single sign on option, but I hate not having more control what data is available to the app.

Their survey result gave me an idea for a user to give their own opinion and have those opinions to appear as choices for other users. Every opinion would have a tally and be ordered in popularity. The top 5 opinions would appear with an option to display more if desired.

I'm not really convinced that you can make a reasonable conclusion on this based on 34 data points.

The in-person survey part is good because you can get qualitative sentiment. It's good to talk to customers, even for this soft data. The quantitative data comes from watching how people behave over time. The bottom of the post shows the graphs of how users actually sign up, and that has 10s of thousands of data points.

Seattle’s Pike Place is not a good place to ask such questions. If they want REAL answers, ask on these websites with facebook signup options.

I don't understand why people hate this option. If you don't like it then leave it, but it does help people like my friends and I.

Given the overwhelming sample size of 37, I think we can all agree that this is statistically significant information which one should base big platform decisions on.

You might have missed the second half of the post:

> This is a better test, because the signup screen offers both options with equal weight and we have over 70,000 organic signups.

Still wasted the first half of the article talking about the results of a 37 person survey. 37 people with no demographics info at all is so anecdotal that it's effectively worthless.

As far as the second test goes, of course the general trend will be younger people who actually use Facebook will not mind... using Facebook.

I don't think that's true at all. Useability guru and generally big-headed man Jakob Neilson says you can get the majority of content from user testing as few as 5 people. Granted this isn't user testing, but small sample sizes are not pointless, they're directional.

If people were indifferent (50% chance of wanting facebook) then the likelihood of at least 27 out of 37 randomly asked people saying "no facebook" is about 1 in 300. And that's counting the "Yes but I hate it"s as yesses. Count those as "no" and it's 1 in 3000. Highly significant.

This assumes the "random tourists in Pike's Place market" are an effectively random sample. It's possible that facebook fans are less likely to take vacations in Seattle, but Occam's razor is against it.

Yeah, no bias there at all.

has anyone played words with friends? all the cool kids log in with facebook. that way you can send game requests to girls and stuff.

people login with facebook when they want the experience to be social.

This is the only reason I don't pay for a Spotify account.

Not a surprise. I don't use facebook any more.

This article raises interesting points about Facebook signups, but the statistics are meaningless because fewer than 50 users were surveyed.

So you're saying you didn't actually read the entire article... The data in the last 75% of the article were based on 70,000 organic signups split by beta/post-beta users.

This article raises intriguing points about Facebook signups, but the statistics are meaningless because fewer than 50 users were surveyed.

I just have a fake account for that.

Weird you didn't link to shopbot

Based on a survey of 34 people.

This statement can hardly be made with the numbers that participated in this.

In addition the article isn't very good and the No - Spam option speaks more to users being wary of the application than facebook.

This doesn't seem like the typical quality of article usually voted up on HN - I'd guess people just voted it up from the link title without reading (since people love to hate facebook).

The inspiration for the survey came from the numbers we were seeing on our site (across 10's of thousands of signups). There was a clear preference for signing up with email vs facebook.

The in person survey is too small to provide meaningful numbers, but it was useful to hear real people's feedback and sentiment.

I agree that it seems weird that people would rather give their email than facebook because they "don't want spam". But that's really what they said, so that's not speculation about their reasons. And again, the survey was asking people about their experience and feelings about sites they've signed up for, not just about our site.

I think the difference might be from the social stakes involved, if an app spams your friends then you publicly look bad, if you get a spam email nobody knows but you.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact