Facebook Connect, authentication and human behaviour

Reading Time: 4 minutes

A row erupted a few weeks ago over the use of the Facebook Connect authentication system to confirm the identities of commenters on Techcrunch. I spent a while thinking about this before putting fingers to keyboard on this. In order to think about it I wanted to reflect on the process from a number of different angles:

  • Why would Techcrunch do this?
  • Why Facebook Connect?
  • Why are people concerned?
  • What does it all mean?

Why would Techcrunch want to do this?

Techcrunch like similar media operations notably Gawker Media realise that the community interaction is a key part of their sites. Their journalists may know their beats, but chances are at least some of their readers have deeper domain knowledge or a different perspective from ‘being in the trenches’.  Gawker Media looks at its community numbers as part of the businesses performance metrics.

However the ‘health’ of these communities is not just about the number of comments, but keeping the quality high. This is something that these companies, social networks like Flickr and Quora have put a fair amount of thought into keeping that quality high. Techcrunch eventually must have decided that having people file under a real identity. The problem is that even if Techcrunch asked for a real name it may not get it. So it defaulted that authentication to a third-party service: in this case Facebook. Facebook has a really strong record of ensuring that people have put down their real name as their identity.

Why Facebook Connect?

Facebook has one of the biggest computer infrastructure set-ups in the world. The company has prided itself in the past as the biggest user of MySQL database technology and this takes a lot of technological savvy. Something that every Facebook user has to do is log-in and log-off, this identity is also used to give permissions to third-party code (for instance Facebook applications). Once Facebook grew its network to a critical mass, extending it’s authentication out to third-party sites is a natural progression of their technology.

A secondary aspect of this process is what it does for the third-party site. Using Facebook Connect absolves them from a potentially costly development or purchase of an equivalent system. Secondly if things go wrong, like they did with Gawker Media, the third-party site can blame Facebook rather than suffer a tarnished brand.

Why are people concerned?

If you look at the proto-culture that formed around the web, it came from people like Stewart Brand and Kevin Kelly who had a libertarian viewpoint as exemplified by the back-to-the-land movement that was part of the hippie culture and a general distrust of ‘the man’. Because of this privacy was an important part of web culture.

There are a number of reasons why privacy is considered important:

  • It allows people to share information more freely. That is the reason why journalists get background or ‘off the record’ briefings. Conversely, when real ID is in force (like South Korea) it can impact  or ‘chill’ speech on subjects such as corporate malfeasance. Interestingly business schools are scrutinising the social network profiles of potential post-graduate students, which means that the stakes for privacy are high
  • Historically authoritarian regimes like the Nazis and the subsequent Soviet-orientated East German regimes looked to have an insight into every aspect of people’s lives and that was generally considered unhealthy amongst westerners
  • Hackers fought a concerted battle with the US government in order so they could develop encryption for consumers. Originally this was for electronic privacy, but most people use it to secure credit card payments. Given this battle was hard-fought, geeks are loath to give up their right to privacy

A second complementary aspect to privacy is the unscrupulous commercial exploitation of consumers data. Some 10 years previously Windows Live ID (or Microsoft Passport as it was then known) was touted as a one sign-in for e-commerce sites and the EFF (Electronic Frontier Foundation) criticised the service would have full access to and usage of customer information. Given that Facebook has already had issues over consumer privacy protection, people’s concerns over Facebook Connect are understandable.  At one time Monster.com and eBay relied on Microsoft Passport, but Microsoft cancelled it in 2004 – Facebook has already screwed over partners so often there is even a phrase of it, to get Zucked, so you have to wonder why people would rely on Facebook?

In terms of the architecture of the web, openness has been at the centre of the web ethos. Prior to the web; competition and innovation was stymied by the tight grip that Microsoft held on the computing platform. AOL tried to do this unsuccessfully with its walled garden. You can judge how successful this was by pondering how much value was destroyed with the AOL | Time-Warner merger, that AOL has been laying off people for 11 years straight and the fact that few people hear ‘You’ve got mail‘ any longer.

What does it all mean?

According to Steve Cheney Facebook Connect has a chilling effect on Techcrunch commenters, using their real name and providing a strident (not rude, but strident) opinion could be enough to kill a job interview down the line. Robert Scoble disagrees with Cheney and thinks that:

  • Most people will have principle and say what they think
  • Google will surface the content anyway

Google will surface content, but most people don’t have access to ways that would authenticate content beyond their name or a user name that would know to be attached to that person. Secondly, most people have more realpolitik than Scoble. And to be honest with you Scoble would have been hard to fire because of his profile, so he had a lot less to lose than your average worker, especially in this economic climate.

What I find more interesting is that Techcrunch lost a golden opportunity to get everyone to get an AOL ID which could have then been also used for their instant messenger service or on other AOL portfolio sites. There is nothing like using your own technology to be an advertisement for it.

Further reading

Steve Cheney: How Facebook is Killing Your Authenticity
Robert Scoble: The Real “Authenticity Killer” (and an aside about how bad the Yahoo brand has gotten)
ReadWriteWeb: 4chan Founder: Anonymity is Authenticity