The problem with Facebook Connect
Robert Scoble has posted a rant after the location sharing app Glassmap automatically posted to his Facebook Timeline without his permission. He attempts to place blame in a strange place:
Who is to blame?
Silicon Valley’s investors. In this case Paul Graham (Glassmap is a Y Combinator company, which really should be better than this as Silicon Valley’s premier startup incubator). They push these companies to go as viral as possible. So all these companies push as hard as they can to get viral.
This is wrong and it exposes a common misconception that people have about startup investors. Investors are not like parents. They do not punish or reward specific behavior; they only offer guidance, and usually only after being asked. I know that Paul Graham has an acute product sense, and I honestly doubt that he would endorse posting automatically to someone’s Facebook Timeline (he always pushes the “make something people want” idea more than anything else). But even if he did, he would not be the problem. The problem is Facebook for offering apps the ability to abuse user trust.
I have always been bewildered by the way Facebook implemented Facebook Connect. It is an awesome idea in theory, and could potentially become the de facto standard login system for the web, but it has developed a terrible reputation for giving connected apps the ability to post to your Timeline and spam your friends. It has happened to me so many times that I don’t even bother connecting to apps anymore unless I trust them 100%.
What’s worse, I think this years old problem could be solved incredibly easily, and it’s mainly a branding/naming change. Facebook should create two separate levels of Facebook Connect: Facebook Login and Facebook Share.
I want to be able to use Facebook Login everywhere, without worrying about an app posting anything as me. Login apps would have full access to my open graph, just as Connect apps have now. They would just be unable to post anything as me.
Share apps would be Login apps with a single added permission: the ability to post things as me. That’s it. It’s clear, concise, and I know exactly what will happen. I want to be able to easily enable this feature later, after I trust an app, when it tries to post something as me to Facebook. Upgrading the permissions of an app to Share could use something similar to the location dialog popup on iOS, possibly, but there is probably a better solution.
The final important thing here is that every app that uses Facebook Login or Facebook Share should be required to work with only Facebook Login. So if an app initially asks me for Facebook Share access (which should be the default), I want to be able to easily deny access and use Login instead with no problems. This is simply impossible with Facebook Connect; you either accept all of the permissions a developer asks for or you don’t get to use Connect.
This solution seems obvious to me, and I assume Facebook has thought a lot about this. But, oddly, they’ve decided not to do anything. As it stands, Connect is huge scar on Facebook. Users have been trained to immediately treat it with suspicion, and that has ruined its effectiveness. In the startup community, almost no one I know believes in Facebook Connect as an effective login system because of its reputation for spamming and illegal posting.
Connect could be an extremely powerful tool. And it should be. But it can work only if it respects and protects user expectations.
You should follow me on Twitter here.