Did Facebook just say anonymous?

Did Facebook just say anonymous?

Summary: New log-in options designed to provide anonymity, privacy

SHARE:
TOPICS: Security
8

The company that thrives on spreading end-user data across the Internet like a first-grade class with a crate of finger-paint announced plans Wednesday to roll out options in the coming months that allow users to log-in anonymously to third-party applications in order to limit data sharing.

(Excuse me one minute, quickly checking if my dog and cat are sleeping together).

What that means is that Facebook users don’t have to share any of their personal data with third-party app developers, who have basically had options to gut an end-user’s data store like a hooked Lake Trout.

I applaud Facebook’s move, but final judgments always hinge on implementation, which won’t come for a few months.

Do these actions from what has been a privacy sieve signal a preview of newfound respect for the act of authentication? Will it help fuel a trend across the industry toward more user-controlled privacy? Will it give trust a chance?

The FTC likely hopes so. Two weeks ago, the agency pointed the barrel of its privacy oversight right at Facebook and its Whatsapp acquisition, waved in the company’s face Section 5 of the Federal Trade Commission (FTC) Act that addresses unfair or deceptive acts or practices, and was told by bureau director Jessica Rich it better behave responsibly. By way of history, Facebook is still subject to mandated privacy audits dating back to a 2011 settlement with the FTC.

Facebook for its part said Wednesday at its F8 Developers Conference that its users logged into apps and websites with Facebook Login over 10 billion times last year. That kind of volume would go a long way toward educating users  about securing log-in events. And since developers will implement these changes in their apps, Facebook’s changes also could raise awareness among developers to the power of embedded authentication controls within their work.

What Facebook didn’t make clear, however, is if this new option, and one other being offered, will be the only two available for developers to add to Facebook applications, and if the original free-for-all data grab option will be eliminated.

Clearly defined rules, of course, will determine the teeth, or lack thereof, in these new options.

But short those details; Facebook’s moves strike a positive pose.

The new Anonymous Log-in option, which is being tested now and will roll out to more developers in the coming months, basically lets users trial an application before they commit to sharing any personal information. In the past, you could delete the app, but your data was out of its cage.

0430 FBook anonymous log-in
Facebook is developing an anonymous log-in option for developers to embed in their applications.

In conjunction with Anonymous Log-in, Facebook also will roll out in a few months Facebook Log-in.

This option gives users a pick-list of information they can protect or surrender to a third-party app. On top of those two additions, Facebook also re-designed its application control panel to provide better management of applications and sharing permissions.

Facebook controlled log-in
Facebook Log-in allows users to pick the data they want to share.

Authentication is a transaction that requires security, privacy and trust. Without it, the first step onto the Internet is treacherous, if not lethal. Those requirements are the reason the Heartbleed bug was such a fire drill. The bug allowed violation of all three.

What Facebook needs to do now is step-up with a solid implementation of yesterday’s announcement. And it needs to adequately police its application partners.

The company promised in a blog post to review apps that use Facebook Login to help ensure that apps ask for the information they actually need and aren’t posting back to Facebook without permission.

Results of these changes could potentially be far-reaching, bringing visibility to the log-in process for both end-users and developers at a time when identity federation across the Internet is becoming a top-tier topic for many enterprises and service providers.

Doors to change rarely swing wide open, here’s hoping Facebook at least widens the crack in the door that leads to better authentication, security and privacy.

Topic: Security

About

John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • Could be a selfish act...

    Is it possible that Facebook is adding this option because it doesn't want its competitors--Google, Microsoft, Apple, Twitter--to have access to information that FB has collected and can use in its own best interest?
    cybersaurusrex
  • As a developer rI always thought Facebook needed more granularity

    I might not need more than anyone's name, but the app will give horrible warnings about the app needing to steal your dog. There should be a way for devs to uniquely identify a user (so that we can offer session state) without spooking the user.... this would be a big win win.
    Mac_PC_FenceSitter
  • Still required to use your name and profile photo?

    The last photo you posted shows a lot more granularity, but it appears that for the login you are still required to use your name, profile photo, gender, etc - so the "anonymity" part is really a lie?

    Also, is this going to be controlled by the developers or users? Will developers be allowed to say "no anonymous logins"? Because I'd really want it to be something controlled by the user, not the developer.

    But then again - considering Facebook requires your real name (theoretically), I'm guessing the developer has control.
    CobraA1
  • I bet you have to pay for it.

    In some way the user will pay for the loss of revenue Facebook incurs. Nothing is free on the internet.
    fierogt
  • And pigs might fly!

    They are only "perhaps" offering what should have been there from day one!

    Untrustworthy bunch!
    dumb blonde
  • Privacy?

    Privacy is a word which should be deleted from all dictionaries in all languages as there won't be any regardless of what companies say or do as long as the USA is king of the road... sadly!

    I believe that China is the only country with that option as long as they continue with the type of government they have and laws. It is an example that democracy and privacy does not exist. For instance: China penalizes corruption and the last article I read says death for corrupted people including government officials. If that would be the case in the USA, we would not have government at all and I drink to that. Bridge of privacy is corruption after all.
    Cicuta2011
  • Privacy!

    I think that using the words Facebook and privacy in the same message are an Oxymoron in the most foul way. They have co-opted the meaning and the spirit of both.
    Kevin McNeely
  • Privacy, Trust, & Facebook ... The Two Don't Go Together

    I don't use Facebook anymore and a lack of trust/privacy was the #1 reason. They scour every bit of data you and your "friends" give them and sell it to anyone and everyone, including our government.

    My data is exactly that ... MY DATA.

    Go away Facebook.
    padapa