MAY 3 2010
Category: Behind the scenes, FatCap News by syd
As you may or may not have heard and read, there was a conference in late April 2010 for Facebook Developers. Long story short, Facebook announced it will (once again) make its model evolve, this time into a decentralized social platform. One of the innovation they presented was a new Facebook Connect layer, which is an application that makes possible for Facebook users to log-into any website with their Facebook account. We thought about it, then started to write some code, spent the night, then came to totally connect FatCap and Facebook, whilst keeping a permanent focus on privacy. Hence this article, where we go deeper into details, especially on the latter point.
Why we chose to connect
We are web users and producers for more than 14 years now. And there is a thing that we always felt bad about, this thing is the login/registration process of any website.
We used this experience to provide the best experience possible for registration on FatCap, using very modern techniques of auto-completion, smart geo-location (to select the default country), so that the form would be fillable in less than 40 seconds.
But still, you have to check your email afterwards, validate your account, come back and login with your email adress and password. We feel it is overwhelming, given that you probably already have a Facebook account, a Twitter account, a Gmail, maybe even a Spotify and a Flickr account. In brief, it’s too much passwords to remember. And Facebook connect makes it possible not to have to remember your FatCap account anymore.
How it works?
When you visit FatCap, you have a login page. Now, there is a “Connect with Facebook” button on the bottom of the page. The first time you click it, you will have a Facebook page asking you if you authorize FatCap to use some of your personal data. Here is a list of what we need:
- Your name (but you will be able to overwrite it permanently when setting your nickname)
- Your profile picture (but it will disappear as soon as you load an avatar)
- Your birthday, but we retreat it and only keep the year, exactly like when you register on FatCap
- Your email adress, because we need it to send you notifications,
- Your gender (cool for personalization)
And that’s it. Whatever additional information we may have, we do not use them. Once you have given us the right to use those data, we redirect you to a light subscription form, with only three fields: nickname (defaults to your Facebook name), city, and you also have to agree to our terms and conditions.
Once you validate, there is no additional verification, you will not receive an email, you are just logged-in, and can start interacting immediatly. You also have access to the exact same functionality as “in house members”, meaning you have a dashboard, you can load pictures, videos, you can comment on everything, etc.
But the best part is when you come back. Because you have already let us interact with your facebook account, you will only have to click the blue button “connect with facebook”, and you will be immeditaly logged into FatCap. No login, nor password to enter. All it takes is about half a second. Great, isn’t it?
Why it’s a delicate subject
This new Facebook is at the center of a major controversy, given that Facebook, with 500M members in the world, is in the position to gather enough data to profile almost anyone in the world. They will not present it that way, but they will definitely end up doing something with all the data provided by the websites using their “social graph”. And experts agree to say they will use those data some day for advertising profiling purposes. By using Facebook connect, anywhere on the web and not only on FatCap, you should always keep in mind that you’re also saying to facebook that you are a visitor of this website. From that fact, Facebook can use your interest on street-art (or cars, if you use facebook connect on a automotive website), to adjust your profile (that they already do with anything you like, like pages or groups, etc..)
This concerns almost everyone. But what is also important is that if you connect your account through Facebook, it is extremely easy for any authority requiring a database extract (never happened so far, knocking on wood) to track down your profile, so your name, etc… (we do store your facebook ID in our database). What they will do with this name and FB account, you can only know, depending on what you’ve loaded on it.
So, why do we use it given our focus on privacy is our #1 priority? Well, mostly because 75% of our traffic are not artists. And also because in the 25% that do are artists, only a few of them, maybe 5%, have real illegal artistic activities. Many artists who perform on legal walls, sell canvases in galleries, etc.. have no problem to let people know their name, and simply don’t have anything to hide.
We also made the conclusion, through our own Facebook experience, that most illegal writers create separate profile, dedicated to their activity of writer. These people are clever enough not to give any personal information on those profiles, so they are “kind of” protected.
So, we are confident that most people won’t risk anything using the Facebook connect (except for the use of data for advertising by Facebook, but every 500M member are in the same spot, even me), and can really benefit this improved user experience, thanks to the speeded-up registration process, and the one-click login. We think it will also help people outside graffiti, all the persons who are not enough “fans” to create an account and all, to be able to interact, even for one or two times, and that connecting that easily will help them to come back more often and share their thoughts with everyone.
We won’t stress that enough, but if you want the most secure and privacy-compliant experience, always use the 100% FatCap registration, and log-in using your email and password. We store extremely minimal data, and interact with strictly no-one, and we never will.
Technical considerations: We are one of the first website to implement this new authentification scheme with facebook. We decided to do so because it’s built on top of oAuth 2.0, an open-source authentication technology based on SSL to secure signatures and authenticate a user in a fully secured way.
The “like” button
We also implemented one of the “social plugin” introduced by Facebook late Apr 2010. It’s the “like button”. It enables any reader to “like” any article, picture, or video in the website. It also let you see your FB friends who already liked it. We think the “Liking” is a good alternative to comments, especially for lazy users (no offense, I’m probably the king of laziness). And using the Facebook thing makes it easier to share the article with your network, and brings more value than if we implemented an in-house liking system (which was on the works by the way). Reg. privcacy, you have to know that you might see the name of your friends, but that we do not have any of that data on our servers. All the “liking” process is 100% on Facebook servers.
To conclude, we think the recent direction taken by Facebook is a major breakthrough in the way A/ the information will be shared (liked instead of linked), and B/ the way users interact into the WWW. By mixing the technology they offer, and our strong existing layer (already optimised for maximizing security and privacy), we’ve come to a very stable system that will let users have a much better daily experience on FatCap.
We would be happy to read your thoughts, and your suggestions.
Syd & Vince