While many developers believe that opening up access to user emails may corrupt the Facebook Platform ecosystem, the company appears to be moving forward with the transition. Dan Peguine of HonestyBox forwarded us a screenshot last week of a prompt which asks the user to offer their email to the application developer (pictured below). While this is most likely an initial test, it’s clear that Facebook will soon grant developers access to user emails. If things stay on schedule, this could be the largest implementation of an OpenID-like authentication system ever.
For those readers who are unaware of what OpenID is, it’s essentially an authentication protocol which results in the end user only having to remember one login for any site they register for. It also optionally grants site owners and application developers access to personally identifiable information such as e-mail addresses, a user’s full name, and phone numbers. Facebook Connect and the Facebook Platform has essentially served as a wrapper around OpenID but until recently, no personally identifiable information aside from a user’s name was granted to developers.
If all goes as planned, developers will have access to a user’s email if that user explicitly grants them access to the email address. If the user chooses not to grant access to their email, the developer of the Facebook application or Connect-enabled website can optionally grant access to their service. In other words, the developer can make the following decision: if you don’t give me your e-mail, I’m not giving you access to my app. Or they can choose to grant you access to their application anyways.
The Concerned Developers
Many developers are concerned about this new system. The logic is that one developer can now effectively damage the entire ecosystem. The concern of the developers is somewhat rational and somewhat ironic. It’s rational in the sense that if one bad application developer gets access to a ton of user emails and starts spamming them heavily, users will be much less likely to release their email to other applications in the future. However this a concern that all websites need to deal with nowadays.
Many of us have become much more hesitant of handing out our email address. The reason is that we know as soon as we provide an email address, there’s a good chance that we’ll soon begin receiving unwanted emails. You are asked for your email when you are standing at the checkout counter of your favorite retail store, when you are checking into a hotel for your business trip, and the same goes for all the new websites you register for that don’t currently support Facebook Connect, OpenID, or any other modern authentication protocol.
It’s a fact of life for most active internet users: that moment where we hesitate and question our decision to grant someone else access to our email address. It’s that exact moment which Facebook developers are rightly concerned about. Currently, at least a third of Facebook users willingly add/install Facebook applications without thinking twice about it. The only potential risk of adding another application is that you’ll get bombarded with notifications, most of which are not emailed directly to the user. Facebook is responsible for battling application developer spam but with this impending change, the issue of spam is in the hands of the user and application developers.
While the user may have been annoyed by Facebook applications in the past, their trust hasn’t been broken yet. While the aggressive IQ Quiz advertisements, which were a violation of the Facebook advertising guidelines, may have violated many users’ trust of platform advertisements, most users are still willing to install applications. Facebook Connect and even OpenID was never developed to be a spam-busting system though, it was simply designed as a tool for validating a user’s authentication. In other words: it ensures that you really are who you say you are.
Facebook has been criticized on numerous occasions for being a walled garden. Over two years ago I suggested that Facebook can’t remain to be closed and with the launch of Facebook Connect it became increasingly clear that the wall would eventually disappear. David Recordon, one of the original architects of OpenID and OAuth and now a Facebook employee, wrote back in March that Facebook would no longer be a walled garden by 2010.
It appears that this transition is on track to be completed by early next year when Facebook will have officially opened up completely. What’s ironic is that the walled garden for Facebook provided obvious protection and comfort not only for Facebook but also for the application developers. So to all those application developers who found comfort in the “Great Wall of Facebook“, it’s time to face the facts: the wall is coming down. For Facebook, it’s a confident stance: Facebook users won’t stop using Facebook, they’ll just stop handing out their emails.
It also means that Facebook believes they have a large enough of a map of the global social graph that the risk of users leaving is far outweighed by the benefit of giving users complete control of their identity data. For developers it’s added risk but it was an inevitable step and the writing has been on the “walls” for years. The movement also reduces some of the risk that aggressive developers present to Facebook currently. When you register for an application or Connect-enabled website in the future, the agreement will be between you and that developer, not with Facebook, which is how it falsely appears under the current system.
While the screenshot above may just be a test and may not be how Facebook implements the transition from giving developers proxied emails to actual email addresses, it’s clear that the shift is taking place. All we can do now is sit back and continue to watch how the story of Facebook’s controlled wall destruction unfolds.