{"id":78708,"date":"2015-01-31T11:00:57","date_gmt":"2015-01-31T09:00:57","guid":{"rendered":"http:\/\/businesstech.co.za\/news\/?p=78708"},"modified":"2015-01-30T15:28:43","modified_gmt":"2015-01-30T13:28:43","slug":"facebook-downtime-creates-black-holes-online","status":"publish","type":"post","link":"https:\/\/businesstech.co.za\/news\/internet\/78708\/facebook-downtime-creates-black-holes-online\/","title":{"rendered":"Facebook downtime creates black holes online"},"content":{"rendered":"

Checking social networks is a morning ritual for many, and when that routine is disrupted \u2013 as it was recently when Facebook\u2019s servers went down \u2013 its absence can come as a surprise<\/a>.<\/p>\n

But what also becomes apparent is that when the world\u2019s most popular social network is inaccessible, so too are many thousands of websites that rely upon Facebook services.<\/p>\n

Although it lasted less than an hour<\/a>, Facebook\u2019s downtime gave a rare glimpse into the extent to which it \u2013 and other social networks \u2013 have penetrated our daily use of the web.<\/p>\n

Instagram, bought by Facebook in 2012<\/a>, and Tinder, which requires a Facebook account to log in, were among the big sites that were also brought down. But many thousands of websites rely on a Facebook account as a means for users to log in or post comments \u2013 including The Conversation.<\/p>\n

This cascading failure shows how the need for websites to provide a means to authenticate users has given rise to a centralising trend \u2013 and the vulnerability to failure that brings.<\/p>\n

Identity mistakes are costly<\/h2>\n

For the developer of a website or app user management is a difficult problem. You must be able to store, encrypt and decrypt users’ information securely, allow them to reset their forgotten password, offer them a range of secret questions and other account management options.<\/p>\n

The more secure systems use two-factor authentication<\/a>, which requires authentication via unconnected systems \u2013 for example combining username and password, mobile phone text message, fingerprint or keycard.<\/p>\n

If not implemented perfectly correctly, user authentication can be vulnerable to abuse \u2013 as exemplified by the theft of intimate photos from celebrities’ poorly secured Apple iCloud accounts last year, where attackers gained access by abusing password reset features and guessing simple passwords<\/a>. If Apple can\u2019t get it right, what hope for your average developer?<\/p>\n

Outsourcing identity<\/h2>\n

An appealing solution for developers is to outsource the problem to a third-party service. Back in the heady days of Web 2.0<\/a> in the mid-2000s, this problem was first addressed with the development of OpenID<\/a> \u2013 a distributed, open standard for authentication that could work across many sites and services.<\/p>\n

Users chose a single identity provider to securely hold their OpenID digital identity on their behalf, which third-party websites or services could use to authenticate them.<\/p>\n

Initially popular, it fell out of favour with the rise of social networks as companies realised the value in holding their users’ identities themselves. Google will stop supporting OpenID this April<\/a> in favour of the approach taken by Facebook, Twitter, LinkedIn and most other social networks.<\/p>\n

This will involve offering its own authentication service as part of a set of services and functionality aimed at developers, known as an application programming interface (API)<\/a>.<\/p>\n

Using just a few lines of code, a developer can rely on a social network to carry out all the tricky user management business on their behalf leaving them to get on with building their app or website. As a bonus, using a social network API offers other features such as easy content sharing and demographic and social statistics.<\/p>\n

It seems like win-win-win exchange: the developer has less work to do, the user has a smooth log-in experience and the social media site parades its brand across a little more of the web, annexing a little more of online life.<\/p>\n

When Facebook\u2019s down \u2026 so are you<\/h2>\n

So the Facebook crash accidentally communicated a powerful but hidden message to millions of users: we own your online identity. Although news items may jokingly mourn<\/a>for all the humblebrags and selfies lost that morning, we rely more and more on social networks to mediate our online existence.<\/p>\n

They are a vital source of both personal and global news, a source of social capital, define our personalities, manage our relationships and increasingly act as the social glue between our different haunts on the web. The companies controlling them have unprecedented access to much of our lives.<\/p>\n

I\u2019d imagine that the developers at Tinder \u2013 like many developers of other applications that rely on Facebook\u2019s authentication service \u2013 were summoned to emergency meetings this week as bosses realised exactly how dependent their business is on a third party out of their control.<\/p>\n

We should take this brief disruption as opportunity to think about the extent that Facebook and its ilk own, control and facilitate our online lives \u2013 even far beyond their own sites. The disruption was short, but hints at the wider problems in the online identity business.<\/p>\n

If you have thoughts, you can leave a comment. But as with most other news sites you have an important choice: will your identity on The Conversation belong to Twitter, Facebook or LinkedIn?<\/p>\n

By Ben Kirman<\/strong>, Senior Lecturer in Computer Science at University of Lincoln; and Tom Feltwell<\/strong>, Research Assistant at University of Lincoln.<\/em><\/p>\n