The company that thrives on spreading end-user data across the Internet like a first-grade class with a crate of finger-paint announced plans Wednesday to roll out options in the coming months that allow users to log-in anonymously to third-party applications in order to limit data sharing.
(Excuse me one minute, quickly checking if my dog and cat are sleeping together).
What that means is that Facebook users don’t have to share any of their personal data with third-party app developers, who have basically had options to gut an end-user’s data store like a hooked Lake Trout.
I applaud Facebook’s move, but final judgments always hinge on implementation, which won’t come for a few months.
Do these actions from what has been a privacy sieve signal a preview of newfound respect for the act of authentication? Will it help fuel a trend across the industry toward more user-controlled privacy? Will it give trust a chance?
The FTC likely hopes so. Two weeks ago, the agency pointed the barrel of its privacy oversight right at Facebook and its Whatsapp acquisition, waved in the company’s face Section 5 of the Federal Trade Commission (FTC) Act that addresses unfair or deceptive acts or practices, and was told by bureau director Jessica Rich it better behave responsibly. By way of history, Facebook is still subject to mandated privacy audits dating back to a 2011 settlement with the FTC.
Facebook for its part said Wednesday at its F8 Developers Conference that its users logged into apps and websites with Facebook Login over 10 billion times last year. That kind of volume would go a long way toward educating users about securing log-in events. And since developers will implement these changes in their apps, Facebook’s changes also could raise awareness among developers to the power of embedded authentication controls within their work.
What Facebook didn’t make clear, however, is if this new option, and one other being offered, will be the only two available for developers to add to Facebook applications, and if the original free-for-all data grab option will be eliminated.
Clearly defined rules, of course, will determine the teeth, or lack thereof, in these new options.
But short those details; Facebook’s moves strike a positive pose.
The new Anonymous Log-in option, which is being tested now and will roll out to more developers in the coming months, basically lets users trial an application before they commit to sharing any personal information. In the past, you could delete the app, but your data was out of its cage.
In conjunction with Anonymous Log-in, Facebook also will roll out in a few months Facebook Log-in.
This option gives users a pick-list of information they can protect or surrender to a third-party app. On top of those two additions, Facebook also re-designed its application control panel to provide better management of applications and sharing permissions.
Authentication is a transaction that requires security, privacy and trust. Without it, the first step onto the Internet is treacherous, if not lethal. Those requirements are the reason the Heartbleed bug was such a fire drill. The bug allowed violation of all three.
What Facebook needs to do now is step-up with a solid implementation of yesterday’s announcement. And it needs to adequately police its application partners.
The company promised in a blog post to review apps that use Facebook Login to help ensure that apps ask for the information they actually need and aren’t posting back to Facebook without permission.
Results of these changes could potentially be far-reaching, bringing visibility to the log-in process for both end-users and developers at a time when identity federation across the Internet is becoming a top-tier topic for many enterprises and service providers.
Doors to change rarely swing wide open, here’s hoping Facebook at least widens the crack in the door that leads to better authentication, security and privacy.