tag:blogger.com,1999:blog-7120556183800964088.post5339258953436305697..comments2024-01-19T03:22:59.320-08:00Comments on SoCal CTO: When to Use Facebook Connect – Twitter Oauth – Google Friend Connect for Authentication?Tony Karrerhttp://www.blogger.com/profile/15408035995182843336noreply@blogger.comBlogger21125tag:blogger.com,1999:blog-7120556183800964088.post-42959768288449489132012-07-11T05:23:50.818-07:002012-07-11T05:23:50.818-07:00"In the case of Disqus, you can leave a comme..."In the case of Disqus, you can leave a comment pretty easily which increases the likelihood of the action." - This increase the number of spammers very easily who spam others website for the sack of SEO. Nice that Google lets Panda and Penguin to work on.Rita Dawsonhttp://coxcommunicationsinternet.blogtrue.com/article/10714019/Cox-Communications-and-other-service-providersnoreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-74609834810581134592011-01-08T12:22:02.771-08:002011-01-08T12:22:02.771-08:00The info shared here is a bit out of date which sh...The info shared here is a bit out of date which should change the recommendations.<br /><br />Last April, Facebook relaxed the data storage policies for 3rd parties and we can now store data beyond 24 hours (http://www.insidefacebook.com/2010/04/21/facebook-removing-24-hour-caching-policy-on-user-data-for-developers/). <br /><br />Additionally, you can request the email address during your FB connect authorization request which means that sites/services shouldn't have to separately ask for email address as referenced in the blog post.<br /><br />However, what is still true, is whether or not you want to take a deep dependency on Facebook. They may change their policies again in the future.Trevinhttps://www.blogger.com/profile/05096044261477443121noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-63144276681552661822010-02-02T01:23:03.489-08:002010-02-02T01:23:03.489-08:00Thanks Tony.Thanks Tony.Unknownhttps://www.blogger.com/profile/05110860846153090815noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-91780294865287185052010-02-01T13:53:40.783-08:002010-02-01T13:53:40.783-08:00Kevin - you can use the Fb:photo with the stored I...Kevin - you can use the <a href="http://wiki.developers.facebook.com/index.php/Fb:photo" rel="nofollow">Fb:photo</a> with the stored ID.<br /><br />The list of allowed <a href="http://wiki.developers.facebook.com/index.php/Storable_Data" rel="nofollow">storable IDs</a> include the photo ID (PID). <br /><br />So, pictures are easy enough to grab (although overhead is a bit unknown).Tony Karrerhttps://www.blogger.com/profile/15408035995182843336noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-55770583559687291032010-02-01T12:41:29.221-08:002010-02-01T12:41:29.221-08:00Very useful conversation Tony. Your last comment s...Very useful conversation Tony. Your last comment states that you can store IDs which can then be used to go back and get the information you want - name, Image URL. OK<br /><br />What I am trying to understand is that: if you want to show the profile picture of a FB connect user on your website say 48 hours after that user last logged into your website... e.g. he left a comment and another user looks at the page and a profile picture is needed for the page... can we just use the ID to take that picture or can we only grab that picture when that particular user is logged in? (and we need the off line extended permission to do this?)<br /><br />Sorry for all these FB connect questions but you certainly know 1000 times more about it than we do! Thanks!Unknownhttps://www.blogger.com/profile/05110860846153090815noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-13180203860526586792010-01-15T09:32:41.389-08:002010-01-15T09:32:41.389-08:00Brian - you can store IDs which can then be used t...Brian - you can store IDs which can then be used to go back and get the information you want - name, Image URL. I don't believe that's what most implementations are doing.<br /><br />I'm pretty sure there are lots of implementations on top of FB connect that keep that data around even though it violates the TOS.Tony Karrerhttps://www.blogger.com/profile/15408035995182843336noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-14656633197044330212010-01-15T09:19:08.130-08:002010-01-15T09:19:08.130-08:00In addition to that last question, this page seem...In addition to that last question, this page seems to suggest that there are things you can store indefinitely, like the picture and name. http://wiki.developers.facebook.com/index.php/Storable_DataBrian Citizenhttps://www.blogger.com/profile/05252169689371169769noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-10474211822880302942010-01-15T08:24:30.247-08:002010-01-15T08:24:30.247-08:00Thanks Tony. Since we cant store the picture and n...Thanks Tony. Since we cant store the picture and name after 24 hours, does that mean other users cant see the picture and name of a Facebook Connect user unless they are logged in?Brian Citizenhttps://www.blogger.com/profile/05252169689371169769noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-8731251610824295642010-01-15T07:57:12.836-08:002010-01-15T07:57:12.836-08:00I'm not sure a whole lot of sites are willing ...I'm not sure a whole lot of sites are willing to have a significant percentage of their users unable to login for any length of time. That said, I also don't know that the recent issues with Disqus are a good indicator.Tony Karrerhttps://www.blogger.com/profile/15408035995182843336noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-84498810763530407362010-01-14T16:09:40.112-08:002010-01-14T16:09:40.112-08:00I don't think there is a solution. Just tradeo...I don't think there is a solution. Just tradeoffs. For short term downtime of the third-party authenticators you can really only push them to improve their infrastructure. For long term worries of third-parties disappearing collecting users emails is probably the easiest solution.Abraham Williamshttps://www.blogger.com/profile/01392328206399007226noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-21874309672065199672010-01-14T15:49:46.452-08:002010-01-14T15:49:46.452-08:00I agree that it's annoying to have to do that ...I agree that it's annoying to have to do that next step - like you do with Group.com - but it's risky not to put your users through that step.<br /><br />Love to hear the solution.Tony Karrerhttps://www.blogger.com/profile/15408035995182843336noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-60792639048590930552010-01-14T15:18:56.650-08:002010-01-14T15:18:56.650-08:00I always get annoyed when I get asked to enter a p...I always get annoyed when I get asked to enter a password after connecting with Twitter or Facebook. Not only does it mean more work for me but most people are going to use a weak password that will be easy to guess.Abraham Williamshttps://www.blogger.com/profile/01392328206399007226noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-49211041421340745922010-01-14T13:27:22.591-08:002010-01-14T13:27:22.591-08:00Brian - great questions and this is exactly the ki...Brian - great questions and this is exactly the kinds of conversations that sparked this post. I'm thankful for the example and clarifications from you.<br /><br />The 24 hour rule is that Facebook only allows a site to store personal data that it hands off for 24 hours. The user should be able to decide to turn off access to your site (from FB) and then you can't get that data anymore.<br /><br />If you get the picture and name via Facebook, you can't store it for more than 24 hours. After that you have to ask FB for it again.<br /><br />If you collect data on your own, e.g., ask them for an email address, then that's your data, not FB's data. You are allowed to store that and use it.<br /><br />My belief is that there are a lot of sites that will pull it across and then ask the user to edit it on their site so that it can be stored locally. This is a bit murky and I believe that FB would consider this a violation. Love to hear anyone who knows about this?<br /><br />So you have to be careful about what you will ask from the user. Even if FB offered you an email address, you probably would want to grab it separately so that you clearly own it and so that it can be used to look them up at a later time.<br /><br />For what I believe you are describing - emailing the user at a later time - you definitely need to own the email address. The 24 hour limit would be a problem.<br /><br />I'm planning to talk about notifications in another post sometime soon.Tony Karrerhttps://www.blogger.com/profile/15408035995182843336noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-47623860813666525252010-01-14T13:05:08.012-08:002010-01-14T13:05:08.012-08:00Thanks Tony. I think I understand clearly now. Th...Thanks Tony. I think I understand clearly now. There are some sites that use full integration of Facebook connect and require no extra registration info. The only thing that comes up is the " Allow Facebook Access" prompt. I believe that the social network I quoted does it that way.<br /> <br />When you said what you would do to get the registration process started, I'm assuming that you are also saying that I can get as little information as I want from FB Connect (just a name,picture,& permissions)but have them fill out all other demographic data I want.<br /><br />The part that I still have a little confusion on is the storing of info for only 24 hours. So lets say we collect only the name, picture, and permission to post on their wall, but we ask all other demographic info on our own form. We cant store or access the facebook generated info (Be able to send a weekly email using a users name in the greeting), but it is available when the user logs in? <br /><br />It seems that what you are saying is we can let Facebook authenticate the less meaningful information while asking for and storing the more meaningful data for potential revenue sources if the community agrees to those methods (data mining, lead Generation,general advertising).Brian Citizenhttps://www.blogger.com/profile/05252169689371169769noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-11420016640312097312010-01-14T10:30:10.841-08:002010-01-14T10:30:10.841-08:00Chris Brogan is talking about a different use of F...Chris Brogan is talking about a different use of FB Connect. He tells us "You don’t get a database of users. You don’t get a way to message people participating in your event, except for “in stream,” the way everyone else is using the app. You don’t have any sense of demographics, nor any control abilities to block trolls or other unwanted types."<br /><br />That's true for some examples of how people are using FB connect. It's a bit like how people use Disqus. If they do everything for you, it's easy, but you don't really have your own users, any way to message them, etc.<br /><br />In the case of Going.com and what I'm suggesting in my post, you are creating your own user. You can take advantage of FB information and then add your own. Any FB specific actions - you don't own that data. But if they act on your site, then you do own the data.<br /><br />The TOS for Facebook Connect limits storing information that you've obtained about a user to 24 hours. <br /><br />Again, I'm not fully understanding what this other social network is saying.<br /><br />For your use case - grabbing picture, name, etc. is probably not a bad way to ease people into it. And if you have the concept of lurkers or people who do only lesser activities, then it might make more sense.Tony Karrerhttps://www.blogger.com/profile/15408035995182843336noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-57030896271405569722010-01-14T10:06:09.141-08:002010-01-14T10:06:09.141-08:00Thank You Tony. Yes you answered my question abou...Thank You Tony. Yes you answered my question about auto filling. Forgive me for not clarifying Chris Brogan's statements. I dont want to misquote him. Here is the article I was referencing. http://www.chrisbrogan.com/how-facebook-connect-points-the-way-towards-velvet-rope-networks/.<br /><br />We also talked to another established social network that uses facebook connect because it makes it easier for users to sign up. However, They said "Facebook does limit the amount of data that you're allowed to collect so if you're trying to make money via advertising there's definitely a downfall."Brian Citizenhttps://www.blogger.com/profile/05252169689371169769noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-52283011176690876502010-01-14T09:46:25.675-08:002010-01-14T09:46:25.675-08:00Brian - thanks for stopping by and commenting. I&...Brian - thanks for stopping by and commenting. I've updated the post based on your comment and questions. Take a look back at the post for more on what Going.com is doing.<br /><br />The short answer is that you can use FB Connect to get back name, picture and demographic data. You would still have to create your own user information and authentication mechanism that's a piggy-back on top of them. I.e., still ask for email/password. But using FB connect you wouldn't have to ask for all that other information and would be able to publish to their wall.<br /><br />In terms of value for advertising - yes it provides demographic data that might be interesting to use to target ads. However, in the short-run, you probably aren't doing anything that sophisticated with advertising to make it have value.<br /><br />I have no idea what you mean about Chris Brogan and FB Connect and advertising. Maybe he meant FB Apps? Can you clairfy?<br /><br />Also, let me know if I've answered your question.Tony Karrerhttps://www.blogger.com/profile/15408035995182843336noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-7888878350430027462010-01-14T09:24:43.577-08:002010-01-14T09:24:43.577-08:00Cliff - it's very interesting to hear you say ...Cliff - it's very interesting to hear you say that. I get the fact that since you have clients who essentially share a login/ID, it won't work on the admin side.<br /><br />However, I'd think on the user side you might be a case where it does make sense. Fast registration. Possibly viral.<br /><br />I'd also think that a bit deeper integration with FB might make sense - events, etc.<br /><br />But I've really not thought through it that much.Tony Karrerhttps://www.blogger.com/profile/15408035995182843336noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-56288188326317985642010-01-14T09:14:40.196-08:002010-01-14T09:14:40.196-08:00My partner and I have been looking at the same iss...My partner and I have been looking at the same issue for the niche social platform we are building. We are new to most of this. Is it possible to use facebook connect to just populate the fields that you want answers to (and they dont want to fill out) and then collect that information for back end revenue generating purposes? When I signed up for going.com using facebook connect it populated my facebook interests into their "Interests" field and saved them. It then found others that have similar interests on the site. (Im not sure if they used facebook connect as well). I am wondering if they are able to use that data when they sell ad space or for their event advertising model. Chris Brogan and others have highlighted that it might not be beneficial to use facebook connect if your revenue source is going to be advertising. Foursquare seems to do what you mentioned in your email section, by asking for an email address after pressing the facebook connect button. Can you simply use facebook connect for generating a picture, name, and age?Brian Citizenhttps://www.blogger.com/profile/05252169689371169769noreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-78944496279279307312010-01-14T08:21:53.912-08:002010-01-14T08:21:53.912-08:00Every time we look at whether to add one of these ...Every time we look at whether to add one of these third-party login systems to SureToMeet we decide against it. It wouldn't help event organizers because they frequently create their account using an organization-specific e-mail address (e.g., events@myorg.org). <br /><br />The e-mail addressees of members and prospects that invitations are sent to are frequently different from both the personal e-mail addresses those people use on Facebook and Twitter, and different from the business e-mail addresses used on LinkedIn.<br /><br />For example, a few major corporations use SureToMeet for internal project meetings and cross-department activities. Some of these same people have later used different e-mail addresses for organizing casual personal activities.<br /><br />I think two forces will motivate the majority of users to not use third-party logins. One is their natural desire for privacy (i.e., keeping their LinkedIn contacts separate from their Facebook friends). The other is the increased enforcement by corporations of only business use of business e-mail addresses, which has its own set of privacy issues as well. <br /><br />So, while I like the concept of these third-party login systems -- I've created profiles with all of them -- I don't actually use them often because they don't express the profile appropriate for the site I'm logging into.Cliff Allenhttp://blog.suretomeet.comnoreply@blogger.comtag:blogger.com,1999:blog-7120556183800964088.post-35767274774153146442010-01-14T07:52:14.813-08:002010-01-14T07:52:14.813-08:00Carsten - thanks for the input. Good suggestion t...Carsten - thanks for the input. Good suggestion to always ask if they are a returning user. You then shift to helping them to identify the SAME authentication source. Obviously, you can prompt for something like the name to help with that.<br /><br />Essentially you and I land on the same thing - you still need to associate another login with the account. <br /><br />But I don't believe it can be "at any time" - you need it fairly early in case the user doesn't come back for a while and forgets.<br /><br />My understanding is that most of the Open ID providers are not currently transferring emails. Is that not true?<br /><br />I've read that FB Connect will provide it - but hadn't seen that particular article.<br /><br />Thanks again. Helpful comments.Tony Karrerhttps://www.blogger.com/profile/15408035995182843336noreply@blogger.com