back to article Time to ditch the Facebook login: If customers' data should be protected, why hand it over to Zuckerberg?

Mark Zuckerberg recently endured a grilling from the US Congress over Facebook's inability to stop bleeding user data. A week later, investors rewarded his company with a $50bn increase in its market capitalisation on news that – surprise! – a massive userbase pays big dividends. But it's worse than 87 million users' data that …

  1. Anonymous Coward
    Anonymous Coward

    'Facebook's login-to-other-sites service lets scum slurp your stuff'

    Executive Scum at Facebook, also help Scum outside Facebook slurp you. Lets just leave it there:

    ---------------

    How Facebook Helps Shady Advertisers Pollute the Internet:

    https://www.bloomberg.com/news/features/2018-03-27/ad-scammers-need-suckers-and-facebook-helps-find-them

  2. Anonymous Coward
    Anonymous Coward

    Corporations promote their Facebook-URL way above links to their own websites

    ....."It's time for the corporate world to stop paying lip service to the sensitivity of their customer data, and shut off access to Facebook and its partners. Forget #deletefacebook, businesses need to #deletefacebooklogin.".....

    People need to actively boycott corporations that rely on social media as a primary point of contact... Most lean on you to get at your social media profile upon filing a complaint etc. 'British Airways' and pals, here's looking at you... Enough already! Wake the fuck up corporations. Stop being Zuckerberg's Bitch! .... Or don't and watch YOUR 'holy' BRAND SUFFER!

    1. Smooth Newt
      Happy

      Re: Corporations promote their Facebook-URL way above links to their own websites

      People need to actively boycott corporations that rely on social media as a primary point of contact...

      People don't actively boycott. You might, but your granny and your kids won't. It needs legislation.

      1. Anonymous Coward
        Anonymous Coward

        Re: Corporations promote their Facebook-URL way above links to their own websites

        @ Smooth Newt

        "You might, but your granny and.."

        I disagree. Looking to government as saviour and deliverer in all things is mistaken.

        1. Kids probably shouldn't be on FB.

        2. If Granny wilfully insists on remaining ignorant, it is not up to the gov't to nanny her or get involved in social media beyond some basic privacy protection rules. Gov'ts deciding how sites can and cannot authenticate smacks of nanny state. If site A wishes to use FB login, fine. If someone is dumb enough to login into that site with FB, that's their problem, not mine, not the gov't's and so on. Personally, I do not log into any sites using FB save FB itself. Except on one computer, FB and related FB snoop domains are in the hosts file pointing at 0.0.0.0.

        3.It doesn't take too much to learn a bit about the Internet and privacy. If people are unwilling to be bothered at all, it's not too much the gov't's responsibility to protect them beyond some basics. Having the gov't decide if sites can or cannot employ FB's services to manage credentials is entirely too much interference.

        1. grumpy-old-person

          Re: Corporations promote their Facebook-URL way above links to their own websites

          Your comments are all valid - the only thing I don't see is why you use Facebook at all!

        2. JWLong

          Re: Corporations promote their Facebook-URL way above links to their own websites

          "FB and related FB snoop domains are in the hosts file pointing at 0.0.0.0. "

          You might want to add these to your Host file.

          ::1 localhost #[IPv6]

          ::1 facebook.com

          ::1 www.facebook.com

          ::1 login.facebook.com

          ::1 www.login.facebook.com

          ::1 fbcdn.net

          ::1 www.fbcdn.net

          ::1 fbcdn.com

          ::1 www.fbcdn.com

          ::1 static.ak.fbcdn.net

          ::1 static.ak.connect.facebook.com

          ::1 connect.facebook.net

          ::1 www.connect.facebook.net

          ::1 apps.facebook.com

          ::1 edge-star6-shv-02-ams2.facebook.com

          #IPv4

          0.0.0.0 a.ns.facebook.com

          0.0.0.0 b.ns.facebook.com

          0.0.0.0 .facebook.com

          0.0.0.0 .fb.com

      2. P. Lee Silver badge

        Re: Corporations promote their Facebook-URL way above links to their own websites

        We needs a new presence protocol so that users can maintain identities separate from applications. We need to be able to create SAML logins and then have them hosted with arbitrary providers, such as ISP or facebook, but without them being linked to any particular application.

        Then facebook depends on your identity and not the other way around.

  3. Doctor Syntax Silver badge

    Does the site you're planning to use have a log in with Facebook option? If so treat it as a warning even if you're not going to use it because you never had a Facebook account.

    1. Anonymous Coward
      Anonymous Coward

      Not supporting Facebook (I don't have an account or use it). But supporting a Facebook login on your site isn't necessarily indicative of anything. Facebook logins, like Google etc. are using OpenID, so by providing Facebook login support, you're essentially just supporting OpenID logins, which is fine in of itself. Once you support one, you support them all, it's just a case of giving your login page the options and URLs for each OpenID provider.

      There is of course a risk: That is can you trust the OpenID provider? Facebook could potentially use the tokens issued to access your site services as the user they authenticated and pillage their info.

      So agreed, I wouldn't want Facebook specifically supported on my site, but continuing to support OpenID is a good thing as - if we ever do get a P2P / Nextcloud style social network, OpenID will allow each user to authenticate themselves to each-others "clouds". It would also let you login to 3rd party sites with your personal cloud used to authenticate you - never exposing your username, password or personal details to the 3rd party site.

      The fact these sites support a Facebook login, means they can easily be switched to alternative OpenID providers.

      This has a nice diagram of how OpenID works - scroll down to overview and follow the steps below the diagram. The 3rd party site would be the relaying party (Web app server), Facebook the OpenID provider:

      https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/csec_oiddesc.html

  4. Anonymous Coward
    Anonymous Coward

    Never thought a SSO managed by big data slurpers was a big idea...

    I had envisioned the tracking long ago - why should they have offered the service, otherwise? Avoided like pest any service who didn't offer a local logon.

    At least my bank don't use it - user, password and OTP from an HW token. Just, they are now attempting to replace the HW token with a phone app. I'm trying to resist and keep the token, but I don't know how long I will be able to stand...

    1. Anonymous Coward
      Anonymous Coward

      Re: Never thought a SSO managed by big data slurpers was a big idea...

      " I'm trying to resist and keep the token, but I don't know how long I will be able to stand..."

      My mobile phone is dumb. Saves me from a lot of "meal snaps" from young friends.

  5. mark l 2 Silver badge

    A lot of times logins are not even necessary to use a website yet some websites won't let you continue until you login.

    If go to a online store and it requires me to create a login before I can purchase rather than offering me a 'guest checkout' unless what they are offering i cannot find elsewhere I will leave the website and go to another website to purchase my items.

    1. Anonymous Coward
      Anonymous Coward

      "[...] yet some websites won't let you continue until you login."

      One site wouldn't accept the order form unless you filled in your phone number. What's more it only accepted a mobile number. I aborted the order.

      1. AllTheShizzle

        That is usually for delivery reasons - and the mobile may be incase you're out when they arrive.

        I any be wrong, and don't know what you were ordering, but I wouldn't automatically assume this was sinister. Delivery companies often require a contact number.

      2. katrinab Silver badge

        I do hope that 07890123456 isn't a real phone number.

    2. Anonymous Coward
      Anonymous Coward

      Another annoyance about such sites

      They keep prompting and pestering you to log in or sign up for a new account, and block your browser page view with an overlay.

      Linkedin (owned by Microsoft), Pinterest and Facebook are some examples.

  6. DarkLordofSurrey
    FAIL

    Matt Asay is Head of Developer Ecosystem at Adobe.

    KETTLE POT

    Adobe sign in page

    https://accounts.adobe.com/

    Or sign in with Facebook or Google

    1. Muckminded

      Re: Matt Asay is Head of Developer Ecosystem at Adobe.

      That, and this:

      https://www.theregister.co.uk/2018/03/27/adobes_cloudy_marketing_tools_gain_new_ai_powers/

      We are really against others doing what we would like to be doing ourselves.

      1. GIRZiM Bronze badge

        Re: Matt Asay is Head of Developer Ecosystem at Adobe.

        "We are really against others doing what we would like to be doing invented ourselves with the Flash Cookie".

        There, ftfy.

  7. Lord Schwindratzheim

    Whaddya mean ditch it?

    I imagine like most people reading this, I've never used either of 'em.

    Anybody care to fess up?

  8. chivo243 Silver badge

    Any business that says

    Like Us on FaecesBook gets an automatic pass.

    Just sayin'

    There I said it!

  9. Wiltshire
    FAIL

    Bottom-right of this very page, what do we see?

    The Register

    Sign up to our Newsletters

    Join our daily or weekly newsletters, subscribe to a specific section or set News Alerts

    And there it is : a Facebook logon option!

    A big The Register mistake Shirley?

    1. roblightbody

      Appears to just be a link to The Register's facebook page to me.

    2. anothercynic Silver badge

      @Wiltshire

      There is no Facebook logon option. It's a link to El Reg's Facebook page.

      1. Khaptain Silver badge

        Re: @Wiltshire

        Why does El Reg need a Facebook page ?

        1. Anonymous Coward
          Anonymous Coward

          Re: @Wiltshire

          Why does El Reg need a Facebook page ?

          … to spread their stories on that platform?

          like… the same way they also need to share them over Twitter, LinkedIn, Google+, reddit, and whatever-else-have-you?

      2. Mark 85 Silver badge

        Re: @Wiltshire

        Wrong... go to the FB link on the article page for this any other story... and then click the FB link. You'll see this:

        Log in to use your Facebook account with TheRegister.

        Email address or phone number:

        Password:

        Yes.... El Reg seems to be Zucking us if we're so inclined to use FB.

        1. Marco Fontani

          Re: @Wiltshire

          Wrong... go to the FB link on the article page for this any other story... and then click the FB link. You'll see this:

          Log in to use your Facebook account with TheRegister.

          Yes, you'll have to be logged on to Facebook if you want to use the button to share the story on Facebook, same as the other "share with …" buttons next to it.

          The OP was talking about the footer Facebook button, which along the others are mere links to The Register's presence on those platforms.

        2. JWLong

          Re: @Wiltshire

          Wrong...

          "go to the FB link on the article page for this any other story... and then click the FB link. You'll

          see this:"

          Sorry ElReg, your Fecal link doesn't work on my platform. Below is what I see. Does anyone here know that FecalBook has over 8000 IPv4/IPv6 addy's they own.

          This site can’t be reached

          www.facebook.com refused to connect.

          Try:

          Checking the connection

          Checking the proxy and the firewall

          ERR_CONNECTION_REFUSED

          Somethings in life you just gotta LOVE!

  10. roblightbody

    It was obvious

    As someone who grew up with the baby WWW of the 90s, using a login from just one company for multiple website always seemed like a horrible idea - and I never did it. The problem is people just don't care. They've handed this huge american company everything, and they don't care.

  11. andy 103

    Convenience

    Yeah, so here's the thing... Most people aren't Reg readers and couldn't care less.

    Convenience of 1 login system - versus - continuously registering and remembering different passwords (no, they don't use a password manager, and possibly don't even use different passwords).

    If only there was an easy solution. Oh yeah there is - login through Facebook. Data gets slurped in the background? They're not aware of it because they can't see it, and therefore don't know or care. It's too late to change things.

    Whoever offers convenience wins. Even if it comes at a price.

    As this is the Reg I should point out that I'm stating how the majority of people see it and what goes on in the real world, not what's necessarily "right".

    1. werdsmith Silver badge

      Re: Convenience

      Yep. The rest of us are being shit on by faecebook users.

  12. Zog_but_not_the_first Silver badge
    Devil

    Burke updated...

    “The only thing necessary for the triumph of evil is for good men people to do nothing continue posting about every activity, every meal, every bowel movement and encourage their family and friends to do likewise.”

    1. GIRZiM Bronze badge

      Re: Burke updated...

      I have long maintained that the way forward now is to post plentiful descriptions of others' meals and pix of each other's bowel movements and render the data absolutely valueless.

      If it weren't for the potential 'accessory to the crime' nastiness of it, I'd offer a service whereby you send me a second phone, registered in your name, that you fund from your bank account and I'll take it with me everywhere I go and make calls from every month - that way you're in two places at the same time, so which one is really you?

      If we were to do that in groups, however, although giving multiple phones to multiple friends might be a bit expensive to start with, and costly to maintain, ten people walking about with your mobile identity whilst far from foolproof against state actors should be enough to give most lowlife dataslurpers a run for their money.

      Of course, carrying ten mobile phones with you everywhere you go could become a trifle burdensome and I suspect some alternative device might be necessary - some sort of multi-SIM phone that weren't the smallest and lightest device in the world but would at least hold ten SIMs say.

  13. Anonymous Coward
    Anonymous Coward

    Post F8 - Zuck thinks we've forgotten already. Do we even know 10% of the Ugly Truth at Facebook?

    http://www.bbc.co.uk/news/technology-43594959

    http://www.bbc.co.uk/news/technology-43668607

  14. Anonymous Coward
    Anonymous Coward

    my sons school forced me to use google/facebook

    needed to get my sons report numbers, I was forced to use my google/facebook login, no other way to access on crapitas sims system.

    I was f**king annoyed as I NEVER ever use them for that shit anywhere.

    You have just reminded me I need to have some harsh words with the school about f*&king security.

    1. Dan 55 Silver badge

      Re: my sons school forced me to use google/facebook

      Good luck finding anyone who understands. If they did, they wouldn't have had it in the first place.

      1. aaaa

        Re: my sons school forced me to use google/facebook

        Looks to me like SIMS supports more than just Facebok - but lots of OpenID compatible logins, including their own (SIMS ID):

        HTTP://WWW.SIMS-PARENT.CO.UK

        1. werdsmith Silver badge

          Re: my sons school forced me to use google/facebook

          Yeah, SIMS is not faecebook/google only. Unless someone has customised a portal.

  15. Anonymous Coward
    Anonymous Coward

    I think Facebook and Google logins for external sites are for the lazy people

    Who don't want to create a new account just to use each of those sites.

    It could be an online game, a dating site, the comment section on a news site etc.

    Certain news sites also make commenting via Facebook login mandatory, because they believe that using 'real' (traceable) identities will cut down on the 'trolling'.

    Some online games too, entice gamers to log in to their Facebook account and share (referral links) or like the game to receive bonuses and rewards in-game. The kids wouldn't care about security or privacy concerns.

    1. Anonymous Coward
      Anonymous Coward

      Re: I think Facebook and Google logins for external sites are for the lazy people

      The CrowdJustice page for the fund-raising campaign against the Snoopers' Charter has a link to encourage donors to use FaceBook to spread the word. That does seem like a paradox.

  16. hekla

    dropping your FB account is not enough

    FB is insidious (darth insidious even)

    1> start a new browser profile (copy bookmarks across but not FB or Inst..)

    2> BLOCK all cookies from FB and associated companies

    3> block using "No Script"™ or similar the FB & Inst... web sites

    4> block using "Ghostery"™ or similar the FB & Inst... web sites

    5> for extreme paranoia set FB address to 127.0.0.1 (not recommended)

    1. Anonymous Coward
      Anonymous Coward

      Re: dropping your FB account is not enough

      "5> for extreme paranoia set FB address to 127.0.0.1 (not recommended)"

      Why is this (not recommended) ?

      I have FB and others blocked on HOSTS as well as the router, I haven't experienced any issues.

      If you want to get really "paranoid" you can distrust the DigiCert High Assurance certs but it would probably cause issues with other sites.

      And since I'm talking certificates, you may want to disable the Globalsign nv-sa cert on your Android device and/or Firefox browser if it's found. ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

  17. MachDiamond Silver badge

    Modern Definitions

    Facebook Partner = Facebook customer that purchases user data

    Ride Sharing service = Gypsy cab

  18. aaaa

    I've seen that...

    I've seen 'login by facebook' option on a few sites. You mean some people actually use that option?

    I even do have a facebook account, and don't use 'facebook login'. Lots of people in these comments are saying it's popular and 'for lazy people'. Really? I'm pretty lazy - but it never occured to me to use that option - partly because I've no idea what my facebook login and password is - you type it in once when you register and it never asks for it ever again AFAICT. If it ever asked me I'd have to open a new account - I don't even know what email address it's linked to to request a reset...

    Honestly, I'm absolutely flabbergasted that anyone uses 'facebook login'. Are you really sure? Is there any actual hard data on how many people use it?

    As other posts have said - it's just openid - so it's not like its presence on a web site counts for anything - the developer just added it by ticking a box. Sure it's insecure - but adding the option on our login page makes us look all millenial - no-one is actually going to use it, least of all millenials (never seen a snapchat login option).

    1. Anonymous Coward
      Anonymous Coward

      Re: I've seen that...

      "[...] no-one is actually going to use it, least of all millenials "

      I received an email yesterday requesting continued financial support for the next phase of the Liberty "The People vs the Snoopers' Charter" crowdfunding via CrowdJustice.

      At the bottom is a big blue button - "Share On Facebook".

      WTF

  19. JWLong

    FaceBook Login

    User_Name: Fuck'nMe

    Password: Fuck'nYou

    I think I'll crankup a WinXP VM and see if the above work.

  20. bigtreeman

    tracker blocking

    Tracker blocking prevents me seeing user comments on a news website in Firefox. If I want to comment on this particular site it is easiest to use the Opera browser, which leads me to think Firefox has stricter blocking and protection.

  21. MooseMonkey

    I don't even trust facebook...

    ... with my facebook login!! What sort of muppet would allow other accesses too?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019