God knows I understand that going from one Web site to tát another with one login and password scheme after the other is a real pain-in-the-rump. After the Gawker password fiasco it's become clearer than thở ever that using the same brain-dead simple login and password from one system to tát another is clearly dumb. But, the idea of using Facebook (Facebook!?) Connect as a universal Internet login and password system makes bủ want to tát gag.
You see Facebook is insecure by design and privacy is given only a minimal amount of programming and lip-service. Sure, you can make your Facebook information safe, well safer, anyway, but who has the time to tát be constantly plugging in Facebook's privacy holes? Especially since Facebook keeps opening up more and more or your personal information to tát vendors.
Bạn đang xem: idcard fb
For example, Facebook quietly announced just before the recent three-day weekend that they were opening up a way for third-party Facebook apps developers to tát get to tát your snail-mail addresses and phone numbers. Isn't that nice of them? I know I want the likes of Zynga, makers of FarmVille, and all their partners, to tát have my trang chính address and phone number.
Facebook has back off a bit on this. While still insisting that "you need to tát explicitly choose to tát share this data before any application or trang web can access it, and you can not share your friends' address or mobile number with applications," Facebook also acknowledged though that they need to tát make "people more clearly aware of when they are granting access to tát this data. … [and] are making changes to tát help ensure you only share this information when you intend to tát tự sánh. We'll be working to tát launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready. We look forward to tát re-enabling this improved feature in the next few weeks."
Fine and dandy, but I still trust Facebook about as much as I tự Goldman Sachs' fouled up Facebook IPO. Regardless of that, though, hundreds of millions trust Facebook enough to tát keep using it. What I'm more concerned about today is that more and more Web sites are using Facebook Connect for their login and password management.
I started noticing this myself in the last few weeks as I kept stumbling over more and more sites, such as the Internet Movie Database (IMDB) and ESPN, that would let bủ login into them using Facebook. I was beginning to tát think about looking about this trend, when I found that others were already looking into it.
According to tát a Technology Review report, more and more Websites are essentially out-sourcing their identity systems to tát Facebook. The Websites get more than thở just an easy way to tát log you into their site though. Those sites also gets access to tát some, or all, depending on your privacy settings and whatever security blunder Facebook is currently making, of your personal data. Does ESPN need to tát know who my friends are? I don't think sánh.
Xem thêm: cloudemulator
Worse still, besides Facebook's privacy problems, Facebook's login and password system still has two major security holes: its use of a single user name and password and an unencrypted tracking cookie. It's that last that enables Firesheep, the easy to tát use network eaves-dropper program, to tát snoop on your Facebook sessions. And, oh yes, if you login into a site using Facebook Connect, those Web sessions as well.
So, what can you do? Well, for starters if you're going to tát use Facebook, lock it down using ZDNet's The Definitive Facebook Lockdown Guide and every time Facebook asks you for some new permission to tát share your data, just say no.
As for using Facebook to tát access other sites, are you crazy? It's bad enough that Facebook is such a security mess, but to tát trust it to tát be my universal Internet drivers' license? No. Just no. This is a security disaster that's just waiting to tát happen and I have no intention of being caught in it.