This is (kind of) one of the reasons that I don't use third party services to sign in to anything. I'd rather have an email+password option and use a password manager (I'm aware that most people probably don't do this and Flickr isn't offering this).
If/when users do as Flickr is asking, I wonder if Yahoo will redirect them to use Yahoo Mail etc. In any case, I'm not a flickr user anymore but it would be interesting to know how smooth they've made this process.
I always prefer a 1:1 relationship with providers: that is, an account that's tied directly to me rather than through a third-party provider like Twitter, Facebook, or OpenID. (Aside: why is social media managing my passwords? On the third option, it's great in theory and terrible in execution.)
My biggest issue with Flickr is that they tie it to a @yahoo.com email address. I know it's part of the "ecosystem", but c'mon—who uses one of those?
I've always made a policy of not signing into things with Facebook. FB recently tried to encourage people to do so more often by allowing you to prevent them access to your data, or even sign in without letting the website know who you are at all, but that doesn't solve the problem where it's Facebook I don't trust with my Flickr data and not vice-versa.
> This is (kind of) one of the reasons that I don't use third party services to sign in to anything
When you say "this", what are you referring to?
I can see not wanting one company to always know when you're logging into other companies (hence the lure of Persona), but this particular situation (you can no longer use third-party authentication after eight years or whatever and must now use first-party authentication) doesn't seem like a reason at all.
It is the top comment and having a username+password option is still reassuring even if you choose to go with facebook or another third party anyway. Many will only use facebook to login if there are alternatives.
This is really annoying and not the direction I hope internet companies will move toward.
What we need is to be able to login to facebook/yahoo/whatever with google account and vice versa of course; we need to see the idea of OpenID come alive.
I'm completely on the other side of the fence. I NEVER use Facebook or Google (or Twitter) to log into anything. If a company only allows that for sign up, I never sign up for those products.
You're not alone on that side. Every service must have its own user/password. Single sign on with fb/g+/etc is convenient but it is good especially for those companies.
While I do agree with you in sentiment, I don't think it's always better than passport sites.
The problem with every site handling their own logins is that you're creating more vectors for attack. Most people reuse passwords (bad practice I know but it is what most non-technical people do) and not all sites are properly secured - in fact some don't even encrypt passwords! So at least passport sites outsource the data protection issues to larger businesses that you'd expect (no; demand) to have experience to handle that data securely.
I personally favour the passport/OpenID idea, from a user experience point of view.
In contrast to the problem you've stated, if I were to exclusively use my Google account to log into websites, it becomes a single point of failure if the service was down, and if it were to be compromised.
> In contrast to the problem you've stated, if I were to exclusively use my Google account to log into websites, it becomes a single point of failure if the service was down, and if it were to be compromised.
Very true. Sadly there's no real right or wrong answer here; a single point of failure but a better secured portal, or a decentralised network with arguably less secured portals.
Personally I try to use a balance of both: Twitter passports for sites I don't trust and passwords for sites I do trust. But that's just my personal preference.
> Very true. Sadly there's no real right or wrong answer here; a single point of failure but a better secured portal, or a decentralised network with arguably less secured portals.
This is exactly right. And, as you mentioned above, there are more kinds of people out there than are present in this thread.
I have a password manager and generate a new random password per site, so I don't have any desire to use a single log-in for almost all sites. However, many (most?) people reuse a single password (or a handful of them), and until that changes, they're likely much better protected by having a single well-protected authentication point.
You're right in principle but couldn't be more wrong in practice. I certainly don't have time to educate all 7 billion people in the world about password managers and you're clearly doing very little in that area either (aside kicking off condescending rants at your peers....) so deliberately implementing a scheme that's shit for 99% of the worlds internet users just so it's better for last 1% who are technically minded is just elitist and wrong.
Which ever solution is implemented needs to work for all groups of internet users - not just yourself ;)
There are more vectors for attack, but the damage for any given one is more self-contained ... when there's one giant target, on the other hand, sure it's harder to get in, but if you do you've gotten into everything.
You don't need to. Autogenerate password for every site, and let them fail within their silo. It's more and more manageable even on mobile devices.
If a company can't manage passwords securely, they won't be able to keep your data any more secure anyway, so you should entrust private data to site you don't trust, independently of how they handle sign in.
Facebook made changes recently to prevent third-parties from being able to access your Facebook data/identity; unfortunately, the reason I don't use FB/Google/Twitter to sign into things is because it's them I don't trust, not the third-party site.
I'm of the opposite opinion because the seven laws of identity (http://www.identityblog.com/?p=352). Specifically law 3 (justifiable parties):
Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.
No no and no. What happens when those companies are no longer around that you are signing in with? Stackoverflow did this with OpenID and I eventually needed to create a StackExchange account to login.
I predict this will be a trend soon, also people are going to ditch services like disqus. Big websites want to have total control over their client account and comments. This is not really clever to always trust third parties, especially with comments which are a huge part of the SEO.
Let me add: Hopefully they will end using 3rd party comment systems that forces you to either break the rules (fake Facebook etc accounts) or sign every comment with you full online profile.
(In at least a few foras I frequent the result is that in most controversial case you miss out a whole lot of reasonable but not politically correct voices. Real trolls either don't care about Terms and Conditions and create another fake account or they troll using full name and address.)
It's interesting that the Huffington post went the other way, just this week. Dropping their in-house commenting system in favour of facebook-comments:
In some way it makes sense, as you ditch the whole dynamic part of your page generation, allowing you to effectively use a static dump for your website. You can then update that periodically. Facebook is left to pick up all the hosting hassles and expense. Also you tap into the Facebook ecosystem. Having said that I doubt I'd even leave a Facebook comment on another website, I haven't yet.
Perhaps that is what they already had. If they were to use your app, they'd still have to manage and carry the costs associated. That probably isn't their main motivation.
I remember a few years ago whenever you clicked on a Guardian news link in Facebook it would try and get you to sign up to their Facebook app/plugin, that would then publish on your timeline what you'd been reading, let alone commenting on. I thought that was a bit ghastly.
I'm assuming that when you make a comment through Facebook on the Huff post, it displays on your timeline or some such, providing additional reach for the story.
They may lose some Flickr users but this should strengthen Yahoo's walled garden.
I still like Flickr, where I post my very best pictures. I use Google+ and Dropbox to automatically archive every picture and video I take with my smartphone, but use Flickr to actually look at my new and old photos.
That's a pretty bold move, given over 100k people a day/800k a month use the facebook auth alone[1]. and though looks like its on a bit of a decline. Maybe losing 100k users a day doesn't matter much to yahoo.
"Number of users per day" is a vanity metric. It doesn't matter to a business like Yahoo. The thing that actually matters is whether or not those particular users make money for Yahoo. If they're run the numbers and discovered that Facebook users don't turn in to paying subscribers or click on adverts (and they can't find a way to do that) yet cost them $0.25 per day in bandwidth then turning off Facebook login will increase their profits by £200k/month due to the saving.
I don't think this is a short term profit-based decision like your example suggests. I think this move is done to convert some Flickr users over to Yahoo!'s own passports rather than promote their competitors.
There was a time (back in the 90s) when Yahoo! logins offered more services than Google accounts. I'd be surprised if Yahoo! didn't see getting back on top as an eventual end goal (even if it seems rather optimistic at the moment). So it would make sense not to have competitors linked into their own resources when they have their own passports already.
definitely a fair point, though personally, based on absolutely nothing, I don't think it is likely that 'those that login via facebook/google' have a drastically different behavior pattern (when it comes to stuff like paying or clicking). Would love to see anyone that has any such data.
Thus there are 130k daily users of the top 5 brands.
If we go one for the long tail of the less popular brands, we will probably double the estimate. So it gives us 200-300k daily users contributing images. Losing 100k of them is a lot. But are Facebook users uploading images to Flickr? Are they active commenters? Are they active at all?
Assuming that user contrbutors, commenters and silent visitors ratios are typical 1:9:90, we may guesstimate 2M daily commenters and 20-30M daily visitors.
I suppose that most Facebook users on Flickr contribute few images and logged in with Facebook to leave an occasional comment or two. So this will likerly affect only 5% of commenters.
Your numbers assume that there is no overlap between those groups. It's entirely possible for someone to be both a Daily Apple User and a Daily Canon User (e.g. a professional photographer with an iPhone).
You're making a false assumption here that those users will stop logging into Flickr when Facebook auth is removed; the more likely scenario is that the majority of those users will create a Yahoo ID and use that, rather than abandoning Flickr entirely.
I wasn't really stating that assumption, and I agree, many will convert, but I was simply referring to what they are 'betting with'. Yes that's the most they can lose (ignoring that people pissed off at this move may leave even if they didn't use fb/g+), but its still how much you put in the pot. At least for me.
We're obviously not all in agreement about how identity should work online (let alone how it works offline), which is kind of a big problem considering identity is something every single one of us automatically has from birth. We may never agree on it, but we may at least mostly agree on it one day (outliers never go away).
In the meantime, I'm okay with some level of fluctuation in the practice of online identities, since it indicates some level of (at least attempted) innovation, and trial-and-error at the internet level is never really that bad of a thing.
So yeah, this would probably be annoying for a while. But let's see how it pans out.
I've had my flickr account since before they were acquired by yahoo. That, combined with yahoo's crappy user sign-in experience, means that my flickr account, yahoo account, and some other junk account I accidentally created while trying to log in once 5 years ago, are now all conflated. To this day it's still not completely worked out.
If they are going to remove anything it should be the purple bar at the top of the screen. The layers of navigation remind me of someone with all the toolbars installed on their browser. I've used Flickr for years, but unless they step up the design of the site I'll be searching elsewhere to showcase my photography.
I used to be a huge proponent to single click sign in, in theory it's great. The problem I found with my own startup was that by allowing Twitter, Facebook or Google+ sign in, it was a point of confusion for the user. The amount of duplicate, even triple accounts was far higher that what I would have expected.
After reviewing the pros and cons, I switched to a simple email/password combination which also solved another problem of having to ask the user for their email address.
There really is a need for a true single sign in provider, in which you link your identity accounts to one 'super' account and then sign in with that, allowing whatever information is available from each as you wish, or simply a blank profile with only your identifier to link back to you.
Doesn't every sign on method provide the user's email address?
As far as I understand it, you're supposed to create a single account in your database using the email address as the identifier, and link all the sign on methods to the same account.
I really hope they don't f* up it again, like the time when Yang-era Yahoo! bought Flickr, forced you to get an Yahoo-ID and then deleted it after 6 months of inactivity, effectively locking you out of your own photos. That was great.
I wish they would keep it, since I really don't want another account to log into just to use the site, but I admit they handle it a lot better than Hacker News did with this transition page. With Hacker News the Google login and whatnot just disappeared one day and I lost my account and had to start over.
The account creation page (for those who like me used Flickr without a Yahoo account) is a mess – for any account name I tried entering, it said that an account with the same name already exists.
Finally managed to create my Yahoo account somewhere else in the settings.
I just went to my settings, changed the password somewhere in them, signed out, signed in using my gmail address and the new password, and it worked.
But yeah, flickr is buggy. The Android app on my tablet never seemed to load anything (except on rare occasions), and I uploaded a large amount of photos a couple of times, edited the names and tags, and some of the names/tags were lost. But I enjoy some of the groups there, got some good advice on buying a medium format SLR.
Tumblr? Dropbox (I've used this for sharing a large album to family and it worked well)? Self-hosted (maybe Owncloud, could do with more suggestions)? Picasa?
Presumably there'll be a service that lets you host photos out of S3 somewhere.
Flickr does have one huge selling point, which is the 1tb account size for free accounts. Combined with a python upload bot, you can backup all your photos and videos for free to private albums.
The newest version of the UX is also very nice, IMO. I often use it to show friends and family photos over and above just using Windows because the albums look so nice on a big screen.
Well, if you don't mind Google, Google+ lets you handle images pretty well. I would have said picassa before, but that was merged into G+ (and some features were lost I think).
Google+ share the quota with gmail. Gmail currently offers 7 or more free GB. Additional GBs are cheap (although they have new price structure now.)
Also pictures 2048px (*) or smaller doesn't count towards the quota (and you can easily, in g+ settings on phone, choose to only upload photos resized to that size if you don't want to pay for extra storage.)
1) Google+ is not a Photo community. Thus, I can have no expectation of fitness for purpose.
2) It does indeed share the quota with Gmail.
3) 7GB is also ridiculously low as a quota for any larger pictures. Thats 3500 pictures compressed, if each takes 2 MB. Thats easily reachable even for amateurs. Also, the quota is _shared_, clogging my _email account_, if I have one.
4) I'd like to upload originals. A Canon EOS 350, released more than 5 years ago in the consumer space, makes pictures far larger then 2048x2048px.
Picasa, which is Googles Photo community:
1) Has a 1GB limit.
2) Is not a necessarily compelling app, more an G+ attachment nowadays.
Unrelated to your original comment, but as a British person when I see the use of "Excuse me?" it seems very coarse and sometimes can appear rude.
It is interesting, because my wife (who isn't British and English is her second language) uses this often (as do her friends) and sometimes it appears out of place and is misread as rude (which she is not usually trying to be).
I'm not complaining or dissing you at all, I find these small linguistic nuances very interesting :)
This looks pretty good! I am only on Flickr because a better alternative hasn't come out yet. I just want to be able to easily upload tens of thousands of older photos and organize them into galleries with a nice little show-case, maybe do some light tagging.
If/when users do as Flickr is asking, I wonder if Yahoo will redirect them to use Yahoo Mail etc. In any case, I'm not a flickr user anymore but it would be interesting to know how smooth they've made this process.