Facebook Moves to Standardize and Own Customer IDs
Adorning the walls of Facebook's Palo Alto, Calif., headquarters are multiple prints of Rene Magritte's iconic painting The Son of Man. The image of a man's face partly obscured by a green apple is considered a critique of people's attempts to conceal their true selves. It's also an apt metaphor for the millions who spend time on the Web trying to keep their own identities hidden, say executives at Facebook, the world's largest social network. "Part of what Facebook is trying to do is help people take the apple away," says Facebook Vice-President of Product Chris Cox. There's good reason to push people to be up front about who they are on the Web, where million of users enshrouded in anonymity engage in everything from bullying to spamming, identity theft to financial fraud. To help users establish their identities online, Web sites such as Amazon.com (AMZN) and eBay's (EBAY) PayPal require customers to enter personal information on a site-by-site basis. Yet there's a dearth of widely accepted identity standards—the online equivalents of a driver's license or Social Security Number. "There isn't anything built into the architecture of the Web that lets you verify who you are," says Jules Polonetsky, director of the Future of Privacy Forum. Facebook wants to change this by becoming a kind of digital calling card, what Cox calls an "identity medium" for transactions between the individuals and businesses inhabiting the Web. An early step was the creation of Facebook Connect, a program that lets users log into their profile and interact with Facebook friends on various sites across the Web. In a little more than a year since it was established, almost 60 million, or one-sixth of Facebook's 350 million subscribers, have used Facebook Connect to expand their personal profiles beyond the walls of Facebook.com. Facebook just curbed privacy optionsTo help Facebook establish ID standards that are even more universally accepted, the social network in August hired engineer David Recordon, co-founder of OpenID, a nonprofit foundation that maintains a set of open standards for Web identity. "Standards are the plumbing layer of the Internet," says Recordon, 23. "In order for them to be successful they have to be freely shared." OpenID was created in 2005 as a way to let people use a single name and password when they leave comments on multiple blogs, and it's currently offered by major Web sites, including Google (GOOG), AOL, NewsCorp.'s (NWS) MySpace, and even Facebook. Yet it's still not widely used, in part because of Facebook's easier-to-use system. "The open community has not met the challenge to provide a better alternative to Facebook Connect," says Chris Messina, an OpenID board member. In trying to help users build online identities, Facebook is often faulted for what critics say are attempts to make a buck by undermining privacy. Beginning on Dec. 9, Facebook made a series of privacy-setting changes that include revoking users' ability to hide their name, gender, profile picture, and city of residence from anyone who views their profile. It also gave Facebook Connect partners access to that same information. "The changes will actually reduce the amount of control that users have over some of their personal data," wrote Electronic Frontier Foundation attorney Kevin Bankston in a blog post. At the same time, the changes may help companies that are looking to profit from Facebook's data hoard. On Dec. 2, Internet portal Yahoo! (YHOO) announced a partnership with Facebook that will let users of the social network identify themselves on Yahoo sites and share articles, photos, and other content with friends. In a part of the agreement that was not announced, Yahoo also intends to tap Facebook user data to place display ads more relevant to individuals on its own pages, according to a source familiar with the plan. In theory, this means advertisers will soon be able to pay Yahoo to get ads in front of specific demographic groups, such as women from California, as long as those users have shared their Facebook credentials with the site. Cox says most services on the Web become more useful when the providers know something about the users. More than 80,000 sites are currently using Facebook Connect. When people sign in to YouTube with Facebook Connect, the video site prompts them to watch clips and shows that their friends enjoyed. CNN invited online viewers of President Barack Obama's inauguration to identify themselves, using Facebook Connect, and then chat with others watching the ceremony. a "default identity repository?"Other Web-connected devices such as Apple's (AAPL) iPhone and Microsoft's (MSFT) Xbox gaming console have begun powering applications by using Facebook Connect, letting friends play games and catch up with each other, even while they're away from the PC. This is just the tip of the iceberg, says Facebook's Cox. With a greater variety of devices connecting to the Internet, from TVs to GPS units in the car, Facebook sees potential to work with manufacturers on designing experiences oriented around people, instead of information. "If you as a user could expose your information in a way you are comfortable with, and that was safe, you would have much better experiences with these devices," Cox says. Think of getting in your car and telling the GPS to give you directions to a person, rather than a specific address. Taking on the role of a universal identity manager for all aspects of the Web comes with responsibilities that Facebook may not be ready to assume, says Kaliya Hamlin, co-founder of the Internet Identity Workshop. "I'm incredibly concerned about the fact that Facebook is becoming the default identity repository," she says. "Fundamentally, Facebook is a business. Their business is about monetizing the people in their network." As Facebook pushes to increase its revenues, expected to hit $500 million in 2009, it's likely to find ways to profit from this data, such as by selling it to advertisers. Facebook says it doesn't want to be the only keeper of online identity standards. Recordon says competition from companies such as Google will help push everyone to come up with ways to protect privacy while also helping people maintain their identities. "Innovation is important," he says. Then again, so is making money. The more information Facebook can share exclusively with advertisers and partner Web sites, the more revenue it stands to generate. "When they start allowing brands and agencies to customize audiences, it is a no brainer that it becomes the single biggest piece of their business," says Andy Monfried, CEO of social ad network Lotame. In the long run, profit may prove more alluring than privacy. That's why "it's just too soon to let Facebook determine the future of identity on the Web," says OpenID's Messina.