Facebook Connect Vs. OpenID: The Format War for Your Identity
Facebook Connect officially launched on Thursday and gives its members access to third-party sites using their Facebook login/password. This feature is available to all FB’s members on (so far) 24 partner sites including: Digg, Twitter, Citysearch, CBS, CollegeHumor, Hulu and others. In addition to instant access, Facebook Connect promises data portability: taking your friends, profile pics and privacy settings with you as you transverse the web. Facebook Connect will give us a well-needed rest from profile-fatigue, but at what cost?
The data portability debate has been going on for some time now. The DataPortability Project has been promoting open source standards for data portability since 2007. They encourage use of the well-known OpenID authentication protocol which has already been adopted around the web by Google’s Blogger, AOL, Yahoo, etc – as well as having been incorporated into open source platforms like Drupal and WordPress.
It seems now that it may be Facebook Connect (with their 120 million users), and not OpenID, that will lead the data portability movement. This is alarming news for privacy advocates. Facebook has had controversial privacy issues in the past with its Beacon failure, misleading delete buttons, and opt-ing out. If Facebook Connect does eventually become the standard ID for the internet, then one of the obvious questions is: Do we trust our online identity to the Facebook corporation, with almost every page on the Internet arguably becoming a Facebook page, or serving as some extension of the Facebook platform?
Chris Saad from the DataPortability Project helped answer a few of my questions about Facebook Connect’s departure from open source standards. “Facebook Connect does not use open standards. So we do not endorse their implementation”, Saad explained. “Facebook Connect is much like Microsoft’s Passport/Hailstorm project from a number of years ago. It’s an attempt to provide a proprietary single sign-on for the web”.
I asked, “How does Facebook Connect differ from OpenID?”
Saad: “OpenID is a key building block towards an open data portability ecosystem that will rival Facebook in both size and scope. A solution that no one owns and is open as the document web is. OpenID is a piece of technology that is critical to the data web. It’s not a complete solution by itself, however. What’s needed is agreement on the methods and protocols for a user to control the sharing of their data as well. The community is working hard on all of these issues, however, we’re just at the beginning of the story.”
We seem to be staging the next format war for our digital identities[1] – and as history has shown us, the best standard doesn’t always win. In the famous QWERTY vs. Dvorak keyboard battle, the “inferior” QWERTY keyboard had already gained widespread adoption by 1936 when the “better designed” Dvorak layout was developed – here it is often said that the early adoption of a standard, or as many say “luck”, influenced the market’s choice. In the famous VHS/BetaMax battle it has been said that Sony, despite releasing the BetaMax one year prior, lost out to JVC’s VHS due to JVC’s “aggressive licensing” techniques[2]. The point being that independent of the quality, the commercial sector can greatly influence standards. Yet, the VHS/BetaMax battle is an interesting metaphor here for Facebook because perhaps the first one out the gate doesn’t have to prevail in light of a better alternative. Futhermore, on the web we’ve seen dramatic format switching take place over only a few years (ex. Friendster -> MySpace ->Facebook).
So another way of thinking of it: Facebook Connect may be Facebook’s Achilles’ heel. This war might play out more like the Internet Explorer vs. Firefox debate, where open standards, open source and customizability can slowly triumph over evil corporate ownership. If Facebook is unwilling to evolve – or if Beacon-esque privacy troubles arise – there could be backlash. IF we are optimistic, Facebook Connect may actually be one of the “best things to happen to OpenID” and data portability in general.
1- Yahoo, MySpace and Google have also launched similar data portability projects this year
2 – In addition, BetaMax had better quality, but shorter record time than VHS
* – Get OpenID: http://openid.net/get/
Read more from Chris Castiglione on his technology blog and at One Month (where you can learn to code in 30 days).