April 21, 2014

avatar

No Facebook, No Service?

The Idaho Statesman, my sort-of-local newspaper, just announced that it will follow the lead of the Miami Herald and no longer allow readers to post anonymous comments to online stories. Starting September 15, readers who want to make comments will have to login through Facebook. This is the second time I’ve encountered a mandatory Facebook login for users trying to gain access to a third-party service. The first time was when I tried to sign up last year for the music streaming service Spotify. (Spotify now allows users to create an account using an email address, but it didn’t always.)  I’m not a Facebook fan for reasons related to Facebook’s privacy and information practices, but that’s really neither here nor there. The question is whether I should have to be a Facebook user to access services on the Internet that have no natural or necessary connection to Facebook. I’m not talking here about giving users the option to login through Facebook if they want to share their online activities with Facebook friends. I’m talking about conditioning access to a non-Facebook service, or to some aspect of that service, on a user’s having a Facebook account. Internet users are accustomed to dealing with lots of intermediaries, from broadband providers to search engines, to get access to services and information. The Internet is all about mediated transfers of information. I get that. But this strikes me as a troubling new layer of intermediation.

The Statesman’s motivation for the change in policy is to stop abusive, trolling behavior in comments. The idea, I suppose, is that people will be less inclined to say stupid things if they have to “own” their speech through some process of authentication. Or maybe they will be less inclined to speak at all if they have to go through an extra step to do it. Putting aside (very big and important) questions about the need to protect anonymous speech—both online and offline—in a democratic society, it seems to me that using Facebook as a means of authentication is flawed at best. Anyone can create a pseudonymous Facebook account.

And then there’s the question of user choice. Why make Facebook the exclusive intermediary platform? What about other social media platforms like Linked In and Twitter? Do they provide less reliable authentication? Or are they just not as hegemonic? Does Facebook offer financial or other incentives to online providers to choose Facebook as the gateway to their services?

Does anybody view this practice as a positive development for users? If so, I’m genuinely interested in hearing why. (By the way, you will not be required to login through Facebook to comment on this post.)    

Comments

  1. Zachary Fletcher says:

    If it makes news article comments even a little less awful it could be a positive thing. For better or worse, Facebook is probably the most ubiquitous link between folks’ “real” and online personas.

  2. Joel Berman says:

    I like the idea of an identity service. If it is trustworthy it solves a lot of the cracked password issues we have seen. I am not sure Facebook is the only such trust service and Twitter, LinkedIn, OpenID and a few others should also be accepted. And I think you will see the ability to create alternate identities on these services become more difficult as time goes on.

    The Government of India has set up an ID service, but I am not sure it can be used outside of Government items. http://uidai.gov.in/ And I read that the USPS is thinking about offering such a service.

    The only issue I see is whether to accept anonymous comments and I would let the free market decide if that is a good idea.

  3. Billy The Clown says:

    The flip side is facebook provides a single id/password.

    I routinely use a number of sites, maintaining passwords can be a bugger.
    Different rules for different sites, some never expire, some expire every 30 days.

    I would like to see facebook sign on spread more, the only downside is every time I log in using to some sites it wants to post on my wall that I used that site. I wish face book would allow me to permanently opt out on that

    Bill

    And Yes I use facebook everyday

    • John Millington says:

      Getting your comment posted on your wall is the main reason sites are doing this. Real names and single-signon are just the justification (although it’s not a totally false one; there’s some truth to it).

      When you use Facebook’s comment system, by having it default to posting on your wall, the site is having _you_ default to advertising their site. Then your friends might see the link to their page, load it (and its ads) and maybe even participate so that _they_ will advertise the site too.

  4. Frank Bonner says:

    I agree with your view. I do not use Facebook for similar reasons. However on a wider point it is not a very secure practice to use one service to access another. I prefer to have a separate set of login details for each service that requires logins at all. I would suspect that money has changed hands somewhere otherwise this is either an ideological attack on anonymous speech or a lazy response to a supposed problem.

  5. Tito says:

    There is really two parts to this: OpenID and “only facebook”

    With Open ID I am focusing on the idea, not the specific protocol.

    There are a lot of benefits to not having to remember as many logins and passwords. Yes, I use Keepass, but most people dont and it’s still easier to use my google ID for a number of sites. Plus I get the benefit of being able to get 2-factor through my google account for a large number of sites that would almost certainly not have implemented it. It’s also far easier for the sites to implement OpenID securely than to implement their own password storage, password reset, account recovery, etc. The spate of insecure password hashing and subsequent compromises this spring could have been averted. Registering and using the account is also far easier. It’s a few clicks if you are already logged in, and if not it’s account information you know well.

    It is a big win in terms of security and ease of use.

    Privacy is a problem, in that the ID provider now knows the different sites you use and when you login to them. Additionally, just like with mobile phone apps, a lot of sites are asking for a lot more information than they really need for you to log in from. Of course, since most apps just use it as an ID provider, you can create different accounts, much like people already do to avoid spam. Email accounts aren’t verified, so you can have as much or as little privacy as desired.

    The second piece of this is the “only facebook” issue. To me, this is the core of the issue. Facebook has the problems you mentioned, and goes to much greater length to link to a real, public identity.

    There isn’t a technical reason to limit which providers. Stack overflow allows a wide variety of different identity providers. (see http://stackoverflow.com/users/login). Service providers like Janrain make supporting a ton of different ID providers extremely easy. The only reason I can think of is to remove the privacy of online speech (or attempt to anyway).

  6. paul says:

    Can we say “leveraging a monopoly for entry into a new market”? Of course we can. Facebook already has the user identification infrastructure, so it’s easy to provide it for other sites. And identifying users, blocking trolls, maintaining a comment system and so forth is expensive. (The comment systems of organizations that have gone over to this are, as far as I can tell, actually extensions of facebook’s own system.)

    Sure, you could provide logins through a bunch of different ID providers, but that would take work that newspaper owners are unwilling to fund. It would also take cooperation from Facebook, which seems unlikely.

    And although it might limit trolls (albeit creating a fake facebook identity is fairly easy), it also limits discussion, just as it would if a newspaper announced that it would only accept physical letters to the editor delivered by hand or by fedex. Perhaps an interesting datapoint is the political site Talking Points Memo, which is in the process of getting rid of a third-party-run comment system, both because the feature set is inadequate and because many of the site’s thoughtful commenters and sources don’t want their identities there linked to everything else they say or read everywhere else on the web.

  7. jdgalt says:

    There are plenty of good services out there for verifying posters’ identity (Disqus and WordPress being the two I use most often). But I refuse to be on Facebook because of its privacy consequences. If that means certain newspaper sites won’t let me post anymore, I’m guessing I’ll be around longer than they will.

  8. Can't Say says:

    I work at a place where we’re about to do this stuff to our users, for the reasons stated below.

    I believe wanting non-Facebook users to not participate in discussion, is mainly just an external rationale. It’s sold to the public as being an anti-troll move, and also to simplify logins. And there really is _some_ truth to that, seriously. But it’s just the partial truth.

    The biggest reason for a site requiring its users to have and use Facebook profiles, is that websites want referral traffic from Facebook, because Facebook has lots of users. The idea is this: if you post a comment about something on my site, using Facebook’s comment system, then that comment is both on my page _and_ on your profile. A link to the page of mine that you were commenting about, is _also_ on your profile. Hopefully, your friends will see the activity, click the link, and join in and then _their_ friends will be exposed to a link to my site.

    Which means, hopefully we’ll get a pageload, some ad impressions, and possibly a new user. The users end up advertising for the sites they use.

    The reason Facebook is *The* One, and that Twitter or Linked In are viewed as inferior, is that those services have fewer users and (especially in the case of OpenID) won’t generate as many referrals.

    Also, Facebook logins are just a gateway toward using facebook comments. By sites keeping their own comment systems but requiring Facebook logins, they’re just conditioning people toward a later transition where switching to Facebook comments will be less of a shock. (“Hey, you have a facebook account anyway.”)

    Facebook is a horrible site and no person should use it, yadda yadda .. but they are absolutely BRILLIANT. Its popularity is now feeding back on itself, making it more popular, getting more people dependent on it. Best of all, Facebook does _not_ have to pay anyone to create the dependency. Those of you who see hidden conspiracies where money changes hands, aren’t getting it. The lure of their referred traffic is payment enough. Sites do this willingly.

    Sadly, if Freedom to Tinker used Facebook comments, then I would not have been able to post this comment to explain why sites are motivated to do that.

  9. pete.d says:

    Wow.Of all the topics posted recently on FTT, this is the one that (ironically) generates a large number of comments? :)

    Anyway, I’m decidedly against the whole single-point-authentication approach, and that’s not even counting the travesty that is Facebook. For a site to use Facebook as their centralized authenticator? Ludicrous.

    One of my local news media sites switched to Facebook for commenting a year or so ago, and while it’s not like the quality of the comments was ever that high (lots of the usual extremes represented from any side of an issue), the move to Facebook only made it worse. Now when there are comments at all, they pretty much have zero value-added content, consisting only of the ranting.

  10. Lori says:

    Two other examples of Facebook-only login that I can think of are wethedata.org (which looks to me like corporate PR masquerading as a “movement”) and americanidol.com.

    One third party login engine I would like to see implemented more places is Mozilla Persona. It’s simple and unobtrusive, but of course it doesn’t contribute anything to a company’s marketing strategy, which is why you don’t see it much.

  11. John Hawkinson says:

    It seems important to mention that the New York Times has a special arrangement with Facebook for commenting on its web site. It has a category called “Trusted Commenter,” where your comments are posted without approval; moderation approval otherwise can take several hours, if it ever happens.

    A prerequisite for being a trusted commenter is connecting a Facebook profile to your NYT account. See http://takingnote.blogs.nytimes.com/2012/03/16/another-comment-about-your-comments-on-comments/.

  12. Eli The Man says:

    I feel the need for a person to express themselves anonymously is crucial for a few reasons. First, because if you are linked to facebook when you are posting on another site, then people who read your posts can judge you based on things they see on your facebook. That can be invasive, especially if your post has nothing to do with facebook and readers hold things against you for reasons other than the content in your post. Second, if your opinions posted on a site are considered dangerous or they worry people that it will start an uproar outside of the internet (not that it is likely) then the government would be able to access your information through facebook due to it’s questionable privacy policies. Lastly, I feel it is important to protect anonymous posting simply because it is important to be able to share an idea without people having any other judgements on you.
    I personally have refrained from commenting on some things solely because I was asked to sign in through facebook. Because of this and the probability of other people doing the same thing, I fear that measures such as these could be discouraging people from using their voice when they feel passionately about something. Recently in my Ethics in the Digital World class I was told that there is a company that gives out loans and they will actually look at your facebook account and your friends on there in order to determine your ability to be a good customer (in their eyes) and I feel that could be a danger in linking many things to a facebook account. Just because you post something on a website should not allow people to know any more about you than you state in your post.

  13. Emma D. says:

    I, too, have been increasingly frustrated by various sites and services wanting me to sign in using my Facebook account. I signed up with Spotify when the only option for creating an account was to use your Facebook. I went ahead and did so but I ended up wasting a lot of time trying to figure out how to basically disassociate the two accounts. I used my Facebook to sign up, but that didn’t mean I wanted all of my Facebook friends to know the specific details of every song I listened to, playlist I created, etc. While it is interesting to be able to see in Spotify what my Facebook friends are listening to, I would just as soon not. Additionally, I have talked with several friends who didn’t understand the extent to which Spotify could share their information, both within Spotify itself as well as through Facebook. Many of them would generally prefer that the information not be shared at all, but end up having little control over the situation due to the functions of the service or lack of knowledge about how to change privacy settings. I think this raises an interesting question about privacy and wanting to keep different parts of our online person private in different venues. To tie back to your discussion about Facebook and news sites, I can see that someone might want to keep their thoughts expressed in the comments of news stories separate from their Facebook profile for the sake of privacy in such a public venue. While I understand the basic desire to have users identify themselves, I think that having users sign in using other services such as Google or Twitter works just as effectively. I will note, however, that because of the ability to make a fake or pseudonymous account I’m not sure how effective any of these options are when it comes to making people own up to their comments and/or preventing trolling.

  14. Derrick Gyamfi says:

    I think service providers, in an attempt to prevent anonymous comments to online stories, have instituted a number of measures including logging in to some sites via your facebook account. if this is so, what mechanism has been instituted to ensure that the information people use to create facebook accounts is correct?
    On the question of why facebook and not any other social network, well judging from my background, I think facebook is more popular and widely used as compared to others.
    I, however, do not believe that this is a better way of preventing people from posting anonymous comments to stories online. This is because people use false information to create these accounts , and thus using facebook as a means of authentication is not the best.

  15. EV says:

    As other people have said, I dislike the idea of having to log onto my Facebook account (or any other social media account) to comment on or sign up for a third party website. As someone who doesn’t regularly use social media websites, dislikes logging into Facebook (which I’ll only do if given a very good reason), and hates sharing my activity other than with people I consider myself close to, I find it very discouraging. And from what I understand about how social media tends to work, if you sign into a third party website using your social media account, you may end up sharing your activity on that site on said account. Again, I don’t like telling all my “friends” (that is, people who have added me) what I’m up to on another site. Additionally, by logging in with a social media account the sites may have the right to personalize ads or could even determine if I would be “troublesome” based on who my friends are. Both completely violate my privacy–that is, doing something without anyone knowing what I’m doing.

    Regarding the topic at hand, I agree with Derrick Gyamfi in regard to why forcing people to log onto Facebook to comment is not a better idea. I understand allowing people to comment anonymously puts the site at risk for receiving scathing or other inappropriate responses; however, as was pointed out people can just make Facebook accounts using false data and comment with them. Being pseudonymous may not be the exact same thing as being anonymous, but the results can still be similar. On another note, there may be some people who do not comment anonymously and do not have a Facebook account nor wants to make one for whatever reason(s). By making this change, the site will likely lose those commenters. That being said, I can’t think of any better alternative to allow people to comment and allowing anonymous commenting at the same time. They will either have to stay subjected to anonymous/pseudonymous commenting, or they will have to stop commenting altogether.

  16. Emily Eadie says:

    It’s surprising to me that it’s only Facebook savvy. You see a lot of sites now that have the option of signing in to services like Facebook, Twitter, Google+, etc., in order to share information or make comments linked to an account, and I could understand maybe having something like that be mandatory, since users would be able to decide which social networking provider they felt comfortable with and use that account.
    I’m in a class on Digital Ethics, and recently, we all took a look at the privacy policies of an internet service we used, and Facebook, as you and several commentators mentioned, is not a shining example of a comfortable privacy policy. But I’ve also looked at the Gmail and Google+ privacy policies, and find them to be agreeable (by me, at least), and might not mind signing in to one of those accounts to respond to an article on one of these news websites.
    I also think Emma D. had a good point about not wanting to tie a response on a news site to your Facebook for personal reasons. That hadn’t occurred to me, but I can definitely see why that might be a concern.
    I think it would achieve the desired results (ie., less trolling) if they widened the spectrum of services with which you could log in.

  17. BBald says:

    Hello, I am taking a class on Digital Ethics and have an assignment to comment on some blogs. I hope you don’t mind me stepping in and doing so from time to time during the semester.

    I have to agree that using my Facebook account to log in just to post a comment or use a website is not something I’m keen on. I understand why companies do it (as “Can’t Say” stated above). These reasons are a positive to the company requiring the Facebook login as they should get many more “hits” from this link.

    However when you look from the users perspective I fail to see any substantial positives. Most of the users of Facebook that I know (which even though it’s quite a few is still only a fraction of the total number of Facebook users), don’t actually know how much information they are making public using Facebook and connecting their Facebook accounts to other companies websites. This can result in potentially embarrassing or harmful information being available to those that it was not intended for. But on the other side how much of this information really needs to travel between Facebook and the website using Facebook authentication? Will the website using Facebook authentication pull info from the users Facebook profile?

    The only positive for the user that I see is that the user does not have to create another login to add to their ever growing collection of logins.

  18. Nathan T. says:

    Wow, this post got a lot of replies. I will read those after my initial thought.

    Annemarrie you ask “Does Facebook offer financial or other incentives to online providers to choose Facebook as the gateway to their services?”

    Need you ask? Facebook offers their entire API’s to online providers that chooses Facebook as the gateway to their services. In other words and quite literally; your newspaper wants to have all the information about you they can collect through your use of Facebook (most likely for the same purpose as Facebook collects such info; to sell advertising space). And it wouldn’t matter if they used LinkedIn for instance, since LinkedIn is linked to Facebook’s API’s as well; so LinkedIn has all the same data as Facebook. It is all a matter of money, they get more money for advertisements, and they get more advertisements based on the more information they have about their audience. That is the reason any newspaper makes this decision.

    Now as for their claim it is to stop the trolls; well my news agency went through a similar growing pains; and I expressed my disinterest in both non-anonymous and third party login options. They finally decided to dedicate staff to pre-moderate all forum posts and limit number of posts per account. Of course they try to take out duplicate or aliased accounts by the same person when they detect it. But why did they decide that route? Because for them it wasn’t about money, they already get tons of money from advertisements being one of the largest media companies in the West (very likely if your “sort-of-local newspaper” is Idaho based, you would likely be familiar with some products of Deseret Media Companies–though you may not know the name). DMC gets plenty money so they really were trying to stop the trolling.

    However, I guarantee you as plain as day that the Idaho Statesman is all about advertising and they want the data they can harvest by you logging in to Facebook through their gateway. That is the only reason they need Facebook.

  19. No Facebook says:

    Another unmentioned aspect of this slow facebook creep is its infrastructure taking down seemingly unrelated sites when there are problems. This happened in February to cnn, washingtonpost and others.

    Barry Ritholz at the Big Picture blog has a couple posts about dealing with comment trolls. I recollect his cohort Josh Brown at thereformedbroker.com recently switched to fb comments simply because disqus was terrible for moderating comments.

  20. Antonio Fiorentino says:

    I do not like Facebook and try to avoid it. The warning sign should be clear to people choosing the Facebook sign-in – when they are told that the third party provider will be rewarded with much information that Facebook can provide on you.

  21. kakaz says:

    Did You noticed that when You have two accounts on facebook, for example John Smith and Anna Bravo and You use THE SAME PASSWORD facebook service will match them, and matching would be even perfect if You use strong, so unique, password?
    Well – that is how it works…
    Even if You use one account on laptop and other on tablet for example, they may be matched if You use the same password it it is unique enough…

  22. edpo says:

    No chance would I use Facebook for even Facebook purposes, much less to comment elsewhere.

    The blog Lawfare, for instance, uses Facebook commenting, which is basically (on a site that deals with security issues) a guarantee that you will not build a community of users.

    I will never migrate to Facebook. So to the extent websites incorporate Facebook commenting, I will just be left out of the discussion. My voice might not me that important, but collectively our voices are too important to require one commercial company the ability to gateway our thoughts and expressions.

  23. Linda Catoe says:

    Hi Annemarie,

    I’m responding to your post as part of an assignment in my Digital Ethics class. I find this whole business of being badgered into sharing or signing in through Facebook every time I do anything online, really off putting. While I understand the trolling issue with newspaper commenting, I don’t really see it as a valid reason to impede 1st Amendment anonymous speech rights. With the state of newspapers such as it is, with icons of journalism disappearing right and left or being swept up into larger entities, don’t they need all of the comments they can get? More to the point, though, while I am an advocate of accountability, I agree that we should have the choice to sign in not only through Facebook, if we have to go through multiple steps to access something, but through other ID services. The more I feel Facebook leaning over my shoulder, the more I just want to avoid it whenever I try to transact business or look at anything online. Integrity, Facebook?