- The website can pull the list of my friends without me granting the permission?
- How come theres no identification or some sort of security or privacy approval check point?
- Is this part of FB? Why don't they reside it in FB domain?
- Is this going to give room for phishing attack?
The new FB likebutton.me
Did a Google search, and found out about Facebook new initiatives, like Open Graph, social plugins, auto-login... where "users won’t even need to click on a Facebook Connect button to get started." Read more.
Facebook software engineer, Alex Li, described the new changes in FB blog.
On each Community Page, you’ll be able to learn more about a topic or an experience—whether it’s cooking or learning a new language—and see what your friends and others in the Facebook community are saying about this topic. Community Pages are still in beta, but our long-term goal is to make them the best collection of shared knowledge on a topic. We’re starting by showing Wikipedia information, but we’re also looking for people who are passionate about any of these topics to sign up to contribute to the Page. We’ll let you know when we’re ready for your help.
Austin, Facebook Product Manager, described how the new social plugins work in FB blog.
How do the plugins work?
While these buttons and boxes appear on other websites, the content populating them comes directly from Facebook. The plugins were designed so that the website you are visiting receives none of this information. These plugins should be seen as an extension of Facebook.
You only see a personalized experience with your friends if you are logged into your Facebook account. If you are not already logged in, you will be prompted to log in to Facebook before you can use a plugin on another site.
At a technical level, social plugins work when external websites put an iframe from Facebook.com on their site—as if they were agreeing to give Facebook some real estate on their website. If you are logged into Facebook, the Facebook iframe can recognize you and show personalized content within the plugin as if the visitor were on Facebook.com directly. Even though the iframe is not on Facebook, it is designed with all the privacy protections as if it were.
Security and phishing concern.
With this new feature introduced. I'm sure this is going to give A LOT of rooms for phishing scams. Not many users out there are security savvy. And I'm very sure that there are people that do not even know that they need to check the login page originate from facebook.com domain. With this loosely coupled cross-domain integration, I'm sure sooner later there are bound to be people who is going to fall for this trap.
Sometimes, its just hard for people to identify and recognize the "true" Facebook tags when you have tons of Facebook-like website out there.
With Open Graph, now you don't even need Facebook account to retrieve status updates from FB. For example, https://graph.facebook.com/search?q=facebook&type=post will show you 25 recent status updates.
I'm sure all these new implementation in Facebook will make FB a gold mine for scammers and data miners. Facebook had made mistakes before. Lets see about this time.
Readings and references
- An article that I stumbled upon - "Deciving Users with Facebook like button".
- Another article thats worth to read on Facebook security - "Privacy of Open Graph, Social Plugins and Instant Personalization on Facebook". This article has few Facebook privacy and security guides, which I strongly recommend people to check out.
Catastrophe
Anyone else feeling the facebook-is-so-going-to-be-another-friendster catastrophe that I'm feeling?
No comments:
Post a Comment