Don't let Facebook's single sign-on expose your awkward moments

Sites and apps are adding the ability to sign in through social media, but people should be wary of sharing their private lives

Maybe you've already used your Facebook or Twitter account to sign in to other apps or services, and been burned. Maybe you've watched a NSFW video that a social site then posted to your Facebook Timeline. (Yeah, that happened.) Or maybe you've planned your dream wedding through Pinterest without realizing that your friends could see your activity--and you're not engaged. Or even in a relationship.

Social logins can embarrass you, but they can also make your life easier. Hey, it's one fewer username and password to remember.

Three major brands--Facebook, Google, and Amazon--rule our lives, and make it oh-so-easy to log in to outside apps or make purchases on other sites. Facebook currently dominates in social logins, but Google+ entered the fray in February, and is already nipping at Facebook's heels. Login with Amazon rolled out on Wednesday, so now you can use your Amazon account to shop on non-Amazon sites, play games, and download apps.

Risky business

Facebook knows an awful lot about you. It knows your birthday, your top movies, your favorite music, and your friends. It's a storage locker for all your vacation photos and Instagrammed brunches.

When you use your Facebook ID and password to shop online or log in to an app, you're allowing other brands to access some--but not all--of that info. Facebook's privacy policy outlines which details it shares with third-party apps or sites when you use your Facebook account to log in. The social network shares some of your basic public information, such as your name, cover photos, gender, network, and friends list--as well as any posts or photos you set for public viewing--when you give other sites or apps access to your Facebook account.

Just because Facebook limits the public information it shares doesn't mean that an app you download or a retail site you log in to with your Facebook username won't ask for access to more info (such as the pages you like) or for permissions (such as the ability to post to your wall). This is when you can say no. Google+ and other social networks have similar social-login policies.

Even so, people are still wary of social logins. More than 60% of social network users think businesses will sell their profile information if they log in with their social accounts, according to a December 2012 online survey commissioned by social-login company Gigya. Almost 50% of users said they would rather skip social logins altogether than risk giving personal info to another site or to an app.

Gigya, which has big-name clients such as Dell, Lush Cosmetics, Nike, and Redbox, had been looking for a way to reassure people that using social logins on those businesses' high-profile sites wasn't harmful. Last December, Gigya introduced a privacy seal, monitored by the Washington, D.C.-based think tank Future of Privacy Forum, which it bestows (after a thorough audit, of course) on sites that don't sell their users' social data.

"To get the seal, I have to promise the consumer, 'I'm on the hook for deception; I'm legally committed to what I say,'" says Future of Privacy Forum director Jules Polonetsky. "We have the ability to remove the seal and report that [to the Federal Trade Commission]."

Gigya CEO Patrick Salyer told TechHive that consumers are 18% more likely to log in to a site with their Facebook or Twitter accounts when they spot the seal.

Sharing is caring

Retail brands, app developers, and video game platforms love social logins. They can find out who you are, as well as who your friends are, based on information you've added to your social network profiles over the years. That info makes it easier to sell you stuff.

But social logins can also be helpful for users, if you don't mind sharing some of your information. (Of course, if you do mind, signing in with your social account is always optional.)

"For the consumer, the sign-up process becomes much quicker and easier," says Michael Olson, product marketing manager for social-identity site Janrain. "It eliminates the need to create yet another password. From the website's perspective, they're improving conversion rates and collecting richer profile data, with permission."

Security is a huge issue when it comes to social logins. Most of us use the same password across multiple sites, which security experts say is the worst possible thing you can do if you want to prevent hacking. Social logins can be more secure if you have an impenetrable password, or if you change your password frequently. (Note, though, that you still have security issues if you use the same social-login information across multiple sites.)

"The pain of having to create yet another username and password is a big deal," Gigya's Salyer says. "It's a huge pain point, and a growing pain point for mobile."

If you want to buy something on your tablet quickly, but you have to register for a new account on the e-commerce site, you might just give up halfway through the process and abandon your shopping cart. According to Gigya's research, people who use social logins are five times more likely to make a purchase. It's just easier.

When you log in to a site with your Facebook, Google+, or Amazon account, you're also getting more-personalized results. Future of Privacy Forum's Polonetsky says he uses social logins on sites like TripAdvisor or Yelp to see what his friends like or recommend.

"[Social login] adds some credibility," Polonetsky says. "Last year when I was researching hotels in Paris, there were friends that had liked or been to a particular hotel, so I reached out to them. I think there's a huge value to consumers when companies respect the way the data is intended to be used. The concerns arise when companies end up being overly aggressive about sharing in ways users didn't intend."

You have a choice

Although the major social networks have safeguards in place to make sure that companies must ask for access to your information, you may still have reservations about social logins. Mozilla's solution is Persona, a second beta version of which was released in April. Persona is a social plug-in that lets you create a single identity unattached to any social profile or personal information beyond your email address and password.

"The fundamental problem is that social sign-in conflates the act of signing in with granting permission to publish in your name," Mozilla principal engineering lead Lloyd Hilaiel said via email. "Persona will fix this problem by solving sign-in in isolation. This lets us give people exactly what they want: an easier way to sign in, without any new passwords, and without any unexpected surprises."

Sites and apps are moving away from requiring social logins--for instance, Pinterest and Spotify dropped Facebook exclusivity last year. But there's always the option, and sometimes, it's a useful one.

This story, "Don't let Facebook's single sign-on expose your awkward moments" was originally published by TechHive.

Infographic: Starting salaries for computer science grads
View Comments
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies