Facebook Connect: Scary but good

One of the companies adopting Facebook's new log-in system, Facebook Connect, is CBS, parent company of CNET and publisher of Webware. I'm glad we're on board with this program, even if I do feel it's a bit of Faustian deal. Here's why.

First of all, CNET's own log-in system (which you see when you want to leave a comment on a CNET blog post, write a user review, or participate in other CNET community features) is not universally loved inside CNET. There are factions here at the company who want it changed, or even eliminated in some cases. There are also people who think we could be collecting more data from our registered users. The log-in system here is a political hot potato.

The conflict shows how important the log-in/registration system is, here and elsewhere. The value of a Web service lies in its users. More users means more opportunities to profit--by selling advertising based on what you know about your users, by selling the users services directly, by skimming a portion of the revenues users generate by traveling through your site, and by selling information about the users. If a site doesn't "own" its users, how can it profit?

It can, of course. You don't need to chain your customers to your store to get them to buy things from you. That is the realization creeping across the Web in the guise of new identify and registration systems, of which Facebook Connect is one.

Kinds of identity
Facebook Connect is a centralized identity service. That's not the only model. OpenID is a federated identity play--no one owns the database of users, and anyone can set up or use the standard. Functionally these distinctions are important, but asking users to understand them is a losing game. Users just want easy access to sites they like, and they want to trust that the sites they use won't steal their identity or use it in ways that are damaging to them.

That's why it's good to offer users more than one way to access a Web service. It's great if users can get into CNET services the old-fashioned way, with a CNET ID and password. But if we make it easy for Facebook users to come inside, that's great, too. How about OpenID? Sure, why not? It's a completely different architecture than Facebook's authentication system, but it's the job of people running Web sites to make access to services easy for users, which means supporting as many as possible and making it simple for users to choose the one they want to use.

No one here could look at Facebook Connect and turn down the opportunity to bring new registered users into our network. Even if they are registered elsewhere.

The downside, of course, is that we no longer "own" these users. If Facebook wants to turn off CNET, they can do it. Facebook also now gets monetizable information about the Facebook-registered CNET users. Not necessarily what the users do on CNET, but what they do elsewhere--valuable behavior data. The convenience of using Facebook log-ins has a price for both CNET and users: Facebook knows a lot more about you now.

But this is where we're going. Sites like ours will do what they do: create content and online services, and offer users community around those services. Users' identities are becoming untethered from the sites they use. More and more, services will be giving new visitors options for signing in to access the "registered" features of the sites.

Users get convenience. Sites get more users. Central registration authorities get incredibly valuable user behavior data. I do think everyone wins. Although nothing is free: there's more potential for abuse, on the part of sites and identity providers, than ever.

CNET is scheduled to launch support for Facebook Connect tomorrow.

Further Reading:
Facebook Connect appears set for expansion.
New York Times: Facebook Aims to Extend Its Reach Across the Web.
TechCrunch: Biggest Battle Yet For Social Networks: You, Your Identity And Your Data On The Open Web.