back to article Time to ditch the Facebook login: If customers' data should be protected, why hand it over to Zuckerberg?

Mark Zuckerberg recently endured a grilling from the US Congress over Facebook's inability to stop bleeding user data. A week later, investors rewarded his company with a $50bn increase in its market capitalisation on news that – surprise! – a massive userbase pays big dividends. But it's worse than 87 million users' data that …

Anonymous Coward

'Facebook's login-to-other-sites service lets scum slurp your stuff'

Executive Scum at Facebook, also help Scum outside Facebook slurp you. Lets just leave it there:

---------------

How Facebook Helps Shady Advertisers Pollute the Internet:

https://www.bloomberg.com/news/features/2018-03-27/ad-scammers-need-suckers-and-facebook-helps-find-them

20
0
Anonymous Coward

Corporations promote their Facebook-URL way above links to their own websites

....."It's time for the corporate world to stop paying lip service to the sensitivity of their customer data, and shut off access to Facebook and its partners. Forget #deletefacebook, businesses need to #deletefacebooklogin.".....

People need to actively boycott corporations that rely on social media as a primary point of contact... Most lean on you to get at your social media profile upon filing a complaint etc. 'British Airways' and pals, here's looking at you... Enough already! Wake the fuck up corporations. Stop being Zuckerberg's Bitch! .... Or don't and watch YOUR 'holy' BRAND SUFFER!

22
0
Silver badge
Happy

Re: Corporations promote their Facebook-URL way above links to their own websites

People need to actively boycott corporations that rely on social media as a primary point of contact...

People don't actively boycott. You might, but your granny and your kids won't. It needs legislation.

6
0
Anonymous Coward

Re: Corporations promote their Facebook-URL way above links to their own websites

@ Smooth Newt

"You might, but your granny and.."

I disagree. Looking to government as saviour and deliverer in all things is mistaken.

1. Kids probably shouldn't be on FB.

2. If Granny wilfully insists on remaining ignorant, it is not up to the gov't to nanny her or get involved in social media beyond some basic privacy protection rules. Gov'ts deciding how sites can and cannot authenticate smacks of nanny state. If site A wishes to use FB login, fine. If someone is dumb enough to login into that site with FB, that's their problem, not mine, not the gov't's and so on. Personally, I do not log into any sites using FB save FB itself. Except on one computer, FB and related FB snoop domains are in the hosts file pointing at 0.0.0.0.

3.It doesn't take too much to learn a bit about the Internet and privacy. If people are unwilling to be bothered at all, it's not too much the gov't's responsibility to protect them beyond some basics. Having the gov't decide if sites can or cannot employ FB's services to manage credentials is entirely too much interference.

0
0
Silver badge

Re: Corporations promote their Facebook-URL way above links to their own websites

We needs a new presence protocol so that users can maintain identities separate from applications. We need to be able to create SAML logins and then have them hosted with arbitrary providers, such as ISP or facebook, but without them being linked to any particular application.

Then facebook depends on your identity and not the other way around.

1
0

Re: Corporations promote their Facebook-URL way above links to their own websites

Your comments are all valid - the only thing I don't see is why you use Facebook at all!

1
0

Re: Corporations promote their Facebook-URL way above links to their own websites

"FB and related FB snoop domains are in the hosts file pointing at 0.0.0.0. "

You might want to add these to your Host file.

::1 localhost #[IPv6]

::1 facebook.com

::1 www.facebook.com

::1 login.facebook.com

::1 www.login.facebook.com

::1 fbcdn.net

::1 www.fbcdn.net

::1 fbcdn.com

::1 www.fbcdn.com

::1 static.ak.fbcdn.net

::1 static.ak.connect.facebook.com

::1 connect.facebook.net

::1 www.connect.facebook.net

::1 apps.facebook.com

::1 edge-star6-shv-02-ams2.facebook.com

#IPv4

0.0.0.0 a.ns.facebook.com

0.0.0.0 b.ns.facebook.com

0.0.0.0 .facebook.com

0.0.0.0 .fb.com

1
0
Silver badge

Does the site you're planning to use have a log in with Facebook option? If so treat it as a warning even if you're not going to use it because you never had a Facebook account.

14
0
Anonymous Coward

Not supporting Facebook (I don't have an account or use it). But supporting a Facebook login on your site isn't necessarily indicative of anything. Facebook logins, like Google etc. are using OpenID, so by providing Facebook login support, you're essentially just supporting OpenID logins, which is fine in of itself. Once you support one, you support them all, it's just a case of giving your login page the options and URLs for each OpenID provider.

There is of course a risk: That is can you trust the OpenID provider? Facebook could potentially use the tokens issued to access your site services as the user they authenticated and pillage their info.

So agreed, I wouldn't want Facebook specifically supported on my site, but continuing to support OpenID is a good thing as - if we ever do get a P2P / Nextcloud style social network, OpenID will allow each user to authenticate themselves to each-others "clouds". It would also let you login to 3rd party sites with your personal cloud used to authenticate you - never exposing your username, password or personal details to the 3rd party site.

The fact these sites support a Facebook login, means they can easily be switched to alternative OpenID providers.

This has a nice diagram of how OpenID works - scroll down to overview and follow the steps below the diagram. The 3rd party site would be the relaying party (Web app server), Facebook the OpenID provider:

https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/csec_oiddesc.html

0
0
Anonymous Coward

Never thought a SSO managed by big data slurpers was a big idea...

I had envisioned the tracking long ago - why should they have offered the service, otherwise? Avoided like pest any service who didn't offer a local logon.

At least my bank don't use it - user, password and OTP from an HW token. Just, they are now attempting to replace the HW token with a phone app. I'm trying to resist and keep the token, but I don't know how long I will be able to stand...

7
1
Anonymous Coward

Re: Never thought a SSO managed by big data slurpers was a big idea...

" I'm trying to resist and keep the token, but I don't know how long I will be able to stand..."

My mobile phone is dumb. Saves me from a lot of "meal snaps" from young friends.

4
0
Silver badge

A lot of times logins are not even necessary to use a website yet some websites won't let you continue until you login.

If go to a online store and it requires me to create a login before I can purchase rather than offering me a 'guest checkout' unless what they are offering i cannot find elsewhere I will leave the website and go to another website to purchase my items.

31
0
Anonymous Coward

"[...] yet some websites won't let you continue until you login."

One site wouldn't accept the order form unless you filled in your phone number. What's more it only accepted a mobile number. I aborted the order.

10
0

That is usually for delivery reasons - and the mobile may be incase you're out when they arrive.

I any be wrong, and don't know what you were ordering, but I wouldn't automatically assume this was sinister. Delivery companies often require a contact number.

5
0
Anonymous Coward

Another annoyance about such sites

They keep prompting and pestering you to log in or sign up for a new account, and block your browser page view with an overlay.

Linkedin (owned by Microsoft), Pinterest and Facebook are some examples.

3
0
FAIL

Matt Asay is Head of Developer Ecosystem at Adobe.

KETTLE POT

Adobe sign in page

https://accounts.adobe.com/

Or sign in with Facebook or Google

36
0

Re: Matt Asay is Head of Developer Ecosystem at Adobe.

That, and this:

https://www.theregister.co.uk/2018/03/27/adobes_cloudy_marketing_tools_gain_new_ai_powers/

We are really against others doing what we would like to be doing ourselves.

9
0

Re: Matt Asay is Head of Developer Ecosystem at Adobe.

"We are really against others doing what we would like to be doing invented ourselves with the Flash Cookie".

There, ftfy.

9
0

Whaddya mean ditch it?

I imagine like most people reading this, I've never used either of 'em.

Anybody care to fess up?

8
1
Silver badge

Any business that says

Like Us on FaecesBook gets an automatic pass.

Just sayin'

There I said it!

7
1
FAIL

Bottom-right of this very page, what do we see?

The Register

Sign up to our Newsletters

Join our daily or weekly newsletters, subscribe to a specific section or set News Alerts

And there it is : a Facebook logon option!

A big The Register mistake Shirley?

11
5

Appears to just be a link to The Register's facebook page to me.

5
2
Silver badge

@Wiltshire

There is no Facebook logon option. It's a link to El Reg's Facebook page.

3
1
Silver badge

Re: @Wiltshire

Why does El Reg need a Facebook page ?

4
0
Anonymous Coward

Re: @Wiltshire

Why does El Reg need a Facebook page ?

… to spread their stories on that platform?

like… the same way they also need to share them over Twitter, LinkedIn, Google+, reddit, and whatever-else-have-you?

4
0
Silver badge

Re: @Wiltshire

Wrong... go to the FB link on the article page for this any other story... and then click the FB link. You'll see this:

Log in to use your Facebook account with TheRegister.

Email address or phone number:

Password:

Yes.... El Reg seems to be Zucking us if we're so inclined to use FB.

2
0

Re: @Wiltshire

Wrong... go to the FB link on the article page for this any other story... and then click the FB link. You'll see this:

Log in to use your Facebook account with TheRegister.

Yes, you'll have to be logged on to Facebook if you want to use the button to share the story on Facebook, same as the other "share with …" buttons next to it.

The OP was talking about the footer Facebook button, which along the others are mere links to The Register's presence on those platforms.

0
0

Re: @Wiltshire

Wrong...

"go to the FB link on the article page for this any other story... and then click the FB link. You'll

see this:"

Sorry ElReg, your Fecal link doesn't work on my platform. Below is what I see. Does anyone here know that FecalBook has over 8000 IPv4/IPv6 addy's they own.

This site can’t be reached

www.facebook.com refused to connect.

Try:

Checking the connection

Checking the proxy and the firewall

ERR_CONNECTION_REFUSED

Somethings in life you just gotta LOVE!

3
0

It was obvious

As someone who grew up with the baby WWW of the 90s, using a login from just one company for multiple website always seemed like a horrible idea - and I never did it. The problem is people just don't care. They've handed this huge american company everything, and they don't care.

26
1

Convenience

Yeah, so here's the thing... Most people aren't Reg readers and couldn't care less.

Convenience of 1 login system - versus - continuously registering and remembering different passwords (no, they don't use a password manager, and possibly don't even use different passwords).

If only there was an easy solution. Oh yeah there is - login through Facebook. Data gets slurped in the background? They're not aware of it because they can't see it, and therefore don't know or care. It's too late to change things.

Whoever offers convenience wins. Even if it comes at a price.

As this is the Reg I should point out that I'm stating how the majority of people see it and what goes on in the real world, not what's necessarily "right".

19
1
Silver badge
Devil

Burke updated...

“The only thing necessary for the triumph of evil is for good men people to do nothing continue posting about every activity, every meal, every bowel movement and encourage their family and friends to do likewise.”

13
0

Re: Burke updated...

I have long maintained that the way forward now is to post plentiful descriptions of others' meals and pix of each other's bowel movements and render the data absolutely valueless.

If it weren't for the potential 'accessory to the crime' nastiness of it, I'd offer a service whereby you send me a second phone, registered in your name, that you fund from your bank account and I'll take it with me everywhere I go and make calls from every month - that way you're in two places at the same time, so which one is really you?

If we were to do that in groups, however, although giving multiple phones to multiple friends might be a bit expensive to start with, and costly to maintain, ten people walking about with your mobile identity whilst far from foolproof against state actors should be enough to give most lowlife dataslurpers a run for their money.

Of course, carrying ten mobile phones with you everywhere you go could become a trifle burdensome and I suspect some alternative device might be necessary - some sort of multi-SIM phone that weren't the smallest and lightest device in the world but would at least hold ten SIMs say.

5
0
Anonymous Coward

Post F8 - Zuck thinks we've forgotten already. Do we even know 10% of the Ugly Truth at Facebook?

http://www.bbc.co.uk/news/technology-43594959

http://www.bbc.co.uk/news/technology-43668607

2
0
Anonymous Coward

my sons school forced me to use google/facebook

needed to get my sons report numbers, I was forced to use my google/facebook login, no other way to access on crapitas sims system.

I was f**king annoyed as I NEVER ever use them for that shit anywhere.

You have just reminded me I need to have some harsh words with the school about f*&king security.

12
0
Silver badge

Re: my sons school forced me to use google/facebook

Good luck finding anyone who understands. If they did, they wouldn't have had it in the first place.

14
0

Re: my sons school forced me to use google/facebook

Looks to me like SIMS supports more than just Facebok - but lots of OpenID compatible logins, including their own (SIMS ID):

HTTP://WWW.SIMS-PARENT.CO.UK

1
0
Anonymous Coward

I think Facebook and Google logins for external sites are for the lazy people

Who don't want to create a new account just to use each of those sites.

It could be an online game, a dating site, the comment section on a news site etc.

Certain news sites also make commenting via Facebook login mandatory, because they believe that using 'real' (traceable) identities will cut down on the 'trolling'.

Some online games too, entice gamers to log in to their Facebook account and share (referral links) or like the game to receive bonuses and rewards in-game. The kids wouldn't care about security or privacy concerns.

1
0
Anonymous Coward

Re: I think Facebook and Google logins for external sites are for the lazy people

The CrowdJustice page for the fund-raising campaign against the Snoopers' Charter has a link to encourage donors to use FaceBook to spread the word. That does seem like a paradox.

0
0

dropping your FB account is not enough

FB is insidious (darth insidious even)

1> start a new browser profile (copy bookmarks across but not FB or Inst..)

2> BLOCK all cookies from FB and associated companies

3> block using "No Script"™ or similar the FB & Inst... web sites

4> block using "Ghostery"™ or similar the FB & Inst... web sites

5> for extreme paranoia set FB address to 127.0.0.1 (not recommended)

4
0
Anonymous Coward

Re: dropping your FB account is not enough

"5> for extreme paranoia set FB address to 127.0.0.1 (not recommended)"

Why is this (not recommended) ?

I have FB and others blocked on HOSTS as well as the router, I haven't experienced any issues.

If you want to get really "paranoid" you can distrust the DigiCert High Assurance certs but it would probably cause issues with other sites.

And since I'm talking certificates, you may want to disable the Globalsign nv-sa cert on your Android device and/or Firefox browser if it's found. ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

0
0
Bronze badge

Modern Definitions

Facebook Partner = Facebook customer that purchases user data

Ride Sharing service = Gypsy cab

0
1

I've seen that...

I've seen 'login by facebook' option on a few sites. You mean some people actually use that option?

I even do have a facebook account, and don't use 'facebook login'. Lots of people in these comments are saying it's popular and 'for lazy people'. Really? I'm pretty lazy - but it never occured to me to use that option - partly because I've no idea what my facebook login and password is - you type it in once when you register and it never asks for it ever again AFAICT. If it ever asked me I'd have to open a new account - I don't even know what email address it's linked to to request a reset...

Honestly, I'm absolutely flabbergasted that anyone uses 'facebook login'. Are you really sure? Is there any actual hard data on how many people use it?

As other posts have said - it's just openid - so it's not like its presence on a web site counts for anything - the developer just added it by ticking a box. Sure it's insecure - but adding the option on our login page makes us look all millenial - no-one is actually going to use it, least of all millenials (never seen a snapchat login option).

1
1
Anonymous Coward

Re: I've seen that...

"[...] no-one is actually going to use it, least of all millenials "

I received an email yesterday requesting continued financial support for the next phase of the Liberty "The People vs the Snoopers' Charter" crowdfunding via CrowdJustice.

At the bottom is a big blue button - "Share On Facebook".

WTF

1
0

FaceBook Login

User_Name: Fuck'nMe

Password: Fuck'nYou

I think I'll crankup a WinXP VM and see if the above work.

1
0

tracker blocking

Tracker blocking prevents me seeing user comments on a news website in Firefox. If I want to comment on this particular site it is easiest to use the Opera browser, which leads me to think Firefox has stricter blocking and protection.

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018