[OpenID] Facebook support for OpenID. Where?
Peter Watkins
peterw at tux.org
Thu May 21 02:34:20 UTC 2009
On Wed, May 20, 2009 at 10:13:50AM -0700, Andrew Arnott wrote:
> Has Facebook made any concessions or promises about whether they leverage
> their opportunity to scrape user data from all these .js HTTP GETs? Maybe
> they don't use it and it's no big deal to them to not have that source of
> data. It may be an innocent consequence of offering the .js on every page
> of an RP.
>
> (halo on head must assume good intentions everywhere. :-p)
:-) Their privacy policy seems to say that they only use this information for
individuals who 1) are Facebook users and 2) are logged in to Facebook.
http://www.facebook.com/policy.php
"...we may receive some information even if you are logged out from Facebook, or that pertains to non-Facebook users, from those sites in conjunction with the technical operation of the system. In cases where Facebook receives information on users that are not logged in, or on non-Facebook users, we do not attempt to associate it with individual Facebook accounts and will discard it."
The important phrase there is "will discard it".
Their policy says much about the old old Beacon offering which attracted much
criticism and, IIRC, offered less obvious benefit to the end user than Facebook
Connect does. The policy talks about opting out of Beacon, but I see nothing
about opting out of Connect. On its face, it seems to say that if you're logged
in to Faceboot and hit an RP that uses Connect, Facebook can & will associate
the traffic with you. Maybe somebody here who has a Facebook account can check
if there are any Connect settings that Facebook users can choose from.
The main thing of note for the OpenID community is that Connect creates a
dilemma for everyone involved, as they make it feasible for the OP to learn
more about the individual than pure OpenID does. OpenID, by its design, is
more trustworthy than Connect.
Chris, I don't know why you think I'm paranoid for these privacy concerns.
Facebook takes in revenue from targeted advertising on its site. If data-
mining users' activity on 3rd party sites that use Connect helps them target
ads better, Facebook would have a good reason to try mining that data. Better
ad placement should mean higher ad revenues, and higher user satisfaction,
at least for users who like seeing "more relevant" ads (vs. what I expect
are the minority, those of us who find it creepy when a site we've seldom
visited displays ads suggesting it knows where we've been).
-Peter
More information about the general
mailing list