I applaud Facebook’s move, but final judgments always hinge on implementation, which won’t come for a few months.
Do these actions from what has been a privacy sieve signal a preview of newfound respect for the act of authentication? Will it help fuel a trend across the industry toward more user-controlled privacy? Will it give trust a chance?
The FTC likely hopes so. Two weeks ago, the agency pointed the barrel of its privacy oversight right at Facebook and its Whatsapp acquisition, waved in the company’s face Section 5 of the Federal Trade Commission (FTC) Act that addresses unfair or deceptive acts or practices, and was told by bureau director Jessica Rich it better behave responsibly. By way of history, Facebook is still subject to mandated privacy audits dating back to a 2011 settlement with the FTC.
In reality the situation is not as clear cut as it might at first seem.
For a start, this does NOT mean that you can login to Facebook anonymously. No...they still want to know who you are. Oh...and in case you had any thoughts that Facebook itself would not know which applications you're logging into - you can forget that. They will still collect that data along with other data that learns how much you use third party applications. In addition, the 'new' anonymous login is only meant to work for applications that you might try before you buy.
There is another element to this. the Facebook login itself will give users options as to what information they are prepared to share with third party applications.
A stroke of genius?
Looked at from a personal standpoint, you have to give Facebook credit, as Fontana does, for drawing attention to ongoing problems, especially around those where you inadvertently allow third party apps to post to Facebook on your behalf or where you provide much more information to the app than you intended. The question comes - how many people will review information to be shared when wanting to get hold of that next application?
In applying these new methods Facebook is retaining for itself all the data it needs to target users with advertisements while potentially hobbling partners from obtaining any meaningful data. From where I am sitting, this looks like the first step in Facebook becoming the de facto data broker for the internet. If that holds true then at a stroke, Facebook has created a much bigger market for itself than the advertising market alone. It could (and probably will) charge application developers for access to useful data, arguing that it is their access point that's driving the data collection process.
Putting on my enterprise hat, this is something that all enterprise app vendors have fought shy from doing. More prosaically, that market is too diffuse and fragmented for any single vendor to adopt a similar position. The one exception for the long term might be Salesforce but we're a long way from that.
All of this presupposes that Facebook login becomes the ubiquitous access point for many applications. There's a degree of forecast truth there. How many of us for instance prefer holding username and login details for the myriad of services we use? Isn't it better to simply authorize Facebook to do so on our behalf? Isn't that convenience itself worth more to us as users, even if it means providers don't get the data they need, without paying some sort of entry tax?
Those enterprises that use Facebook login as a way of easing end user friction will need to be sure that they cherry pick the right information they need rather than seeing the login process as a way of scooping up as much data as possible.