If Facebook Becomes The Internet's Authentication System, Can Citizen Scores Around The World Be Far Behind?
from the network-effects dept
One of the reasons the digital world is so exciting — and so attractive to startups and investors — is that network effects help companies to grow quickly, until they end up with what amounts to a monopoly in a sector. A particularly powerful monopoly that is exercising people at the moment is Facebook, and for multiple reasons. Its huge user base is making it so attractive to advertisers that traditional publishers are badly impacted. Another issue is that its reach is so great that it is hard to stop so-called “fake news” from being shared rapidly and widely across the social network, with potentially serious real-world effects.
But there’s a third aspect, so far little remarked upon, that is brought out well in a post by Jason Ditzian on The Bold Italic site. For the last decade, he’s been a keen user of City CarShare, a nonprofit car-sharing service with vehicle stations around the Bay Area. Here’s what happened:
City CarShare was recently bought by a corporation, Getaround. And Getaround built its platform on top of Facebook. So when I went to migrate my account over to them, I found that there’s literally no way to do it as a non-Facebook user. If I want to share cars with my fellow city dwellers, I?m compelled to strike a Faustian bargain.
To access the services of Getaround, one must authenticate their identity through Facebook.
Ditzian writes that the Getaround site is so tightly integrated with Facebook that it claims there’s no way to provide alternative authentication systems. As more companies choose to do the same, using Facebook as the foundation of their services, they too will inevitably require users to possess a Facebook account. That, in its turn, will make Facebook’s authentication system even more powerful, driving even more companies to use it — and even more people to sign up to Facebook just so they can use these services.
Leaving aside the serious issue of Facebook extending its online monopoly to become the Internet’s de facto authentication system, there’s another concern. As more and more services build on top of Facebook, Facebook’s terms and conditions may require access to some or even all of the extra information they can provide about their users’ activities and interests. That would enable the social network to fine-tune the deal it offers to advertisers, something it is naturally keen to do so that it can boost its rates to drive sales and profits. As Ditzian writes:
If we give in to the sheer gigantic sweep of Facebook and the convenience it creates, and feed all our collective information into its ever-more-intelligent algorithms; if news is read and messages are sent primarily within the Facebook network so that each of these interactions sows new data points in our profiles; and if we build up thousands upon thousands of these innocuous-seeming interactions over years and years, and those interactions are overlaid with face-recognized images, marketing data from online purchases, browsing histories and, now, GPS-tracked driving data, is this total bartering of privacy worth the buy-in to Zuckerberg’s “supportive,” “safe,” “informed,” “civically engaged,” global community?
The greatest threat here may not be from Facebook itself, which, after all, is a business that wants to make as much money as possible, rather than a Machiavellian scheme to enslave mankind. But there are other powerful actors — national governments — that would love to have access to that rich store of information in order to use it not for profit but for the purposes of political and social control. As Techdirt has reported, China is already creating its own “citizen score” system that will draw heavily on information provided by social networks. The US, too, is starting to carry out “mandatory social media checks” as part of increased scrutiny of visa applications from some areas in the world. A single sign-on for key services makes gathering that information much easier.
The more Facebook becomes the point of control for using the Internet, the more governments will be inclined to require its “cooperation,” in the form of providing access to its data, as a condition of allowing it to become the Internet’s authentication service in their territory. Paradoxically, the more useful that Facebook becomes, the more vulnerable it will be to the threat of exclusion from a country. That may not be to Facebook’s liking, but it’s another consequence of the network effects that have made it so successful.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: authentication, scoring
Comments on “If Facebook Becomes The Internet's Authentication System, Can Citizen Scores Around The World Be Far Behind?”
Just what happens if for any reason that Authentication can no longer be trusted. Just switching to another authentication service would be a non-trivial exercise. Just look at how carefully Google is handling the Symantec Certificate problem, which is losing trust in a major trusted authority.
Trivial if the platforms support an alternate way. But from experience the alternate way is usually Google and nothing else. There are costs related to integrating your business to those authentication systems so most folks won’t bother going for a third, 4th, 5th system. What could be done and actually must be done is to set up a standard in which such systems can be integrated easily to any site. That would be more useful than fighting against some of them becoming too dominant.
In any case, I do sympathize with the guy. One of the reasons I still have a FB account is the fact I need it to authenticate into a few useful services.
Re: Re: Re:
The OpenID system already exists to do that. Nobody bothers working with it. Facebook is already too big.
Re: Re: Re: Re:
True, I had forgotten about it. And I do use it, rarely but I use. That’s about what I was thinking. Thanks for the reminder.
Re: Re: Re:
Yeah; Facebook down, and thousands of people trying register an alternative identity, and the email systems sees a flood of emails from the companies and it gets blocked as a spam site.
Re: Re: Re:
“One of the reasons I still have a FB account is the fact I need it to authenticate into a few useful services.”
One of the reasons I don’t use a few (maybe) useful services is the fact that I don’t have a FB account.
Yeah, but having backup authentication methods just makes SENSE.
What happens when Facebook gets taken down by hackers or just has a generic outage?
Re: Re: Re:
and now we see where they got the idea for that Black Mirror episode:
Why would anyone trust Facebook?
It’s a company founded by a sociopath, staffed by assholes.
Maybe the North Koreans will do us a favor and nuke their HQ: now that’d make my day.
Re: Why would anyone trust Facebook?
Not to mention Facebook has been in decline for years, with the decline starting in the US, where they have a net negative account ‘growth’ due to old users deleting their accounts.
Only a fool ties themselves to a company that’s been in decline for years and is no showing no signs of reversing that decline thanks to increased competition.
The building of complacency.
I guess this is a good way to bang the populace into complacency. Once you have a critical number of important services tied to Facebook you can’t risk having your Facebook account banned.
That pretty much means Facebook becomes funny cat pictures and nothing else, as saying anything critical of anything becomes too risky.
I’m sure it would occur to nobody to make a separate Facebook account for each service one needs to log into.
what garbage crap is this faceplant who uses that?
OH YA STUPID PEOPLE THAT WOULD DANCE NAKED LIKE LIL FRUIT FLIES IN THE STREET GIVING AWAY ALL THERE RIGHTS
Um, does your mommy know your on her computer?
Who cares? This only affects people who use Facebook.
Well, someone can’t read.
Re: Re: Re:
It clearly says the company in question uses the Facebook login.
I care and I don’t use facebook. Why do I care? Well, that is pretty simple if you bother to read and think about what is happening. More and more companies are using facebook for authentication.
This means more and more often when I go to do something I find I can A) sign up for facebook or B) give up on whatever service I was trying to use.
This could be a very serious issue if companies keep going in this direction. More and more often it is just assumed everyone has a facebook account.
Re: Re: Re:
Re: Re: Re: Re:
Neither is ride-sharing, but in some cities, ride-sharing is the only viable way to travel for people who cannot afford the expenses of owning (or leasing) a vehicle outright. Per the article, Jason Ditzian lost the ability to use ride-sharing because the only company providing it switched to using Facebook. There are plenty of useful things that people want to do, some of which may be necessary to participate in modern society, that are not "human rights" protected under the law, but that could similarly become extremely inconvenient or wholly inaccessible. Travel around a city with inadequate public transportation, as here, is a big one. Various sites that permit user commentary have switched to Disqus or Facebook as the sole way to post comments on the article. Want to contribute to public discourse, but refuse to interact with those services? Too bad, go be a hermit.
Per your glib reference to Tinder, how long until it becomes infeasible to get a date without a Facebook account? Can you still arrange a group outing of 5-10 friends without routing it through Facebook? The list of social activities goes on, and the common thread is that coordinating with people requires some sort of go-between.
Re: Re: Re:2 Re:
Wikipedia: Nuclear football
So it’s still possible, but authenticating and coordinating through Facebook looks simpler.
Re: Re: Re:2 Re:
Re: Re: Re:3 Re:
So true. We also have plenty of choices of how to connect to the Internet, so it’s totally unreasonable to complain when both of the viable ISPs impose tight restrictions on Internet use. Why, we should just start a rival ISP that’s more customer friendly! I think I have enough seed money sitting in my couch…
Re: Re: Re:2 Re:
Ah, Mr. Zuckerberg, so nice to see you’ve joined the discussion here on TD.
Regarding your implication that the choices are to "…go be a hermit, infeasible to get a date, no way to arrange a group outing of 5-10 friends without routing it through Facebook" OR use facebook:
What you’re saying is factually inaccurate. There are currently a myriad of obvious/alternative ways to do all those things. For you to imply the opposite is not only doing a disservice to yourself, your friends, and society, it also leads me to believe you either are getting paid by facebook or possibly just own stock in the company. Or are you just a simpleton-sheeple?
In the end, Jason Ditzian was faced with a decision – and he chose to make a deal with the devil (and not to pursue/create alternatives).
Now he may have had no other reasonable choice. But you my friend, you have MANY other choices. Perhaps at your next facebook arranged group outing, you and your friends can put your massive intellects together and list out the obvious alternatives to arranging your lives through facebook – AND I suggest also discussing – what the long term implications to you, your children/their children, and society are for your collective participation/support of that insidious platform.
Remember, your deal with the devil is helping to compel everyone else’s. …and for what? Convenience. Lame.
Friends don’t let friends, facebook.
Re: Re: Re:3 Re:
The people who complain the loudest about Facebook are the most addicted to it. If they actually tried living without it, they would find out it isn’t the necessity they make it out to be.
Facebook is making a fortune on learned helplessness cognitive dissonance.
Re: Re: Re:4 Re:
Speaking of cognitive dissonance….
The story is about someone who DOES live without it, who IS trying to live without it. Only to find it a requirement for non-Facebook, non-internet things like car rentals.
The story you imagine is not what the rest of us are reading.
Re: Re: Re:5 Re:
Speaking of false dichotomy…
The comment is about someone else who DOESN’T live without it, who IS complaining that they can’t live without it. Only to pretend it a requirement for non-Facebook, non-internet things like car rentals when there are in fact, other options.
The comment you imagine is not what the rest of us are reading.
Yeah it only affects 20% of the worlds population. No big deal.
Re: Re: Re:
“20% of the worlds population”
Who voluntarily chose to use the service.
Re: Re: Re: Re:
The point was relevance of the article about Facebook not consent. Not surprising you missed the point, again.
Third Party Doctrine
Smith v. Maryland and United States v. Miller form the basis of what has become the third-party doctrine. Under this doctrine, if you voluntarily provide information to a third party, the Fourth Amendment does not prevent the government from accessing it without a warrant. The Court wrote in Smith, you have “no legitimate expectation of privacy” from warrantless government access to that information.
Without a warrant, or even probable cause, the Feds can ask Facebook to turn over any and all information they have on you already. We only have Zuckerbergs assurance that they aren’t doing that already and that they won’t in the future. Facebook is becoming a smorgasbord fit to tempt the LEO community into becoming a true glutton.
It will be up to the Supreme Court to ultimately decide, and all of the speculation I have read basically says “shake the magic-8 ball”. Until then, placing this much raw data in any one companies hands is problematical.
Re: Third Party Doctrine
Why would the feds ask for access to Facebook’s data. Their access is probably already built into the platform.
Developers who use ASP.NET are adding Facebook login support whether they want to or not.
New versions of Microsoft’s Visual Studio have dumped the tools for the old ASP.NET Authentication and Authorisation system, replacing them with a new system that supports logins from Facebook, Twitter and other social media.
Sorry but this is click bait. I don’t even use Facebook.
Extrapolated hyperbole pays the bills.
Oh well since YOU don’t use Facebook, let’s scrap the whole article. What would your highness rather see instead?
‘Click bait’ that you apparently still clicked on, yet didn’t actually read.
The person mentioned in it didn’t use Facebook either, and as he found out not using Facebook meant he also couldn’t use a completely unrelated service, as to use it he had to use Facebook.
One of the points being raised(the other being that so much personal data being focused in one place and used as authentication makes for a very tempting target for governments) is that ‘If you don’t like Facebook, just don’t use Facebook’ is becoming problematic because other, non-Facebook services are tying themselves to the company, such going without Facebook means you’re forced to go without other services as well, in this case a ride-sharing service.
DISASTER WAITING TO HAPPEN
1) Single point of failure. If Facebook
goes down for any length of time, then
no one will be able to use the services
that use it for authentication. Likewise,
if a country decides to ban it, same
thing for all of its citizens and probably
anyone visiting there too.
2) User security. Okay, so we’re all using
Facebook to log in everywhere. All it
takes is one hack now (remember Yahoo)
to steal the user database and voila,
hackers now have everyone’s login to
everywhere. Just think of all the havoc
that will ensue with regard to fraud and
identity theft, etc.
I’m sure the criminals are salivating
at the thought.
3) Privacy. Too many fools have their entire
lives up on social media sites like this.
Now the advertisers, spammers, and other
assorted scam artists have access to all
kinds of information about you, possibly
even what online services you subscribe to.
I really don’t need anyone else knowing
what I do, where I go, and when. At least
this one can be mitigated by setting up
a secondary account with either no or
false personal information. I advise
anyone who’s forced to use Facebook as
an authentication method to do this.
The above is just what I can think up
in a 5 minute window. I’m sure if I sat
down and really thought about it some
more, I could come up with even more
reasons why this is a disaster waiting
to happen. YOU’VE ALL BEEN WARNED!
Facebook bans now mean people can't get services
Relying on Facebook for authentication is a huge problem for a lot of reasons, a big one being that people can get Facebook users they don’t like banned.
And Facebook has nobody to appeal to or contact if you are unreasonably banned, or if you are locked out of your account for other reasons. As a free service, Facebook users don’t have access to customer service helplines of any kind, because they aren’t Facebook’s customers, advertisers are.
Facebook lacks the policies and customer service needed for a universal “authentication” platform.
Two years ago I was effectively banned from posting comments to the local newspaper’s comment section when they decided to require login via Facebook and I didn’t (and don’t) have a Facebook account. Seems like the only people that did not have Facebook accounts are the intelligent ones as the comments section now reads like a cesspool.
“Seems like the only people that did not have Facebook accounts are the intelligent ones as the comments section now reads like a cesspool.”
That’s because the paper abandoned any attempts to create a culture in their forums – creative a positive culture takes work. Instead they just farmed out the forum without a care. Doesn’t matter if they did that using FB or any other platform. The lack of any care is the difference.
Paradoxically, the more useful that Facebook becomes, the more vulnerable it will be to the threat of exclusion from a country.
What exactly was the reasoning behind this statement? I didn’t see much in to support this either way in the post.
Playing the devil’s advocate, there’s some support that the opposite may actually be true. The more that facebook becomes responsible for this type of authentication, the less willing governments will be to exclude it from their territory. Suddenly cutting their citizens off from every online service they use? I’m sure it will do wonders for their support base.
In other words, most governments aren’t going to be "allowing" facebook to do this in their territory, they are going to be "discovering" that facebook has already done it. And after that, it’s an open question who has the bigger stick.
Fuck them all
I’m a Gen-Xer. Technology has been incorporated into my life for a long time but not my entire life. I can live without my electronics and electricity if necessary. I’ve had power outages that lasted long enough to disable all my devices.
A removable cell phone battery is a good thing in an emergency where you can keep a couple of charged batteries. It’s too bad manufacturers have so little foresight. A widespread 10 hour power outage would be more of a disaster than it should.
For those who’ve never been without their devices it would be prudent to spend a couple of days without them. Our connection to the outside world is broader but much more tenuous than in days of low or no-tech. It makes us vulnerable to those with nefarious intentions.
I needed a Facebook account for one site, so I created one; “Bob Smith”. He has no friends, no photos, no videos, no likes and no personal information. Pretty much the same as the Google+ account I was forced to create in order to continue commenting on YouTube videos.
Facebook deleted my first account; Ben Dover.
There's already a citizen score
A credit score is a citizen score. Or else why would background checks look at it?
Need a ride? Use the “telephone” mode of your fancy handheld device and call a taxi.
If it's really about authentication,
Okta just went public. They ought to be able to provide secure authentication and nothing but. Then again, maybe it really is about “Citizen Scores”.
This is a fantastic article. Excellent questions. I’m really excited that my voice will be heard here in the comment section as well. Normally I’m not allowed to speak because I don’t use Facebook…