Welcome to the home of Noah Brier. I'm the co-founder of Variance and general internet tinkerer. Most of my writing these days is happening over at Why is this interesting?, a daily email full of interesting stuff. This site has been around since 2004. Feel free to get in touch. Good places to get started are my Framework of the Day posts or my favorite books and podcasts. Get in touch.

You can subscribe to this site via RSS (the humanity!) or .

Facebook Spam and Not Giving Sites Your Login/Pass


Today I got some Facebook spam. It’s the first time it’s happened, it came from a friend and it ended up on my wall. After Twittering about it, Ray pointed me towards these posts on the Facebook blog. So it looks like the problem lies in people giving their username/passwords out to random sites with promises of apps (or something). These sites then take control of a user’s account and send out a barrage of spam.

Okay, now for the rant. The reason this is happening in part is Facebook’s own fault (as well as a lot of other parties). Part of the way these sites have expanded at the speed they have is by asking people to enter their email username/password and then crawling their contact list and showing users/sending out invites appropriately. By encouraging this kind of behavior, Facebook makes it seem okay to give a site (even one you trust) your username and password, which it shouldn’t be. Ever. Period.

OAuth attempts to solve this problem by bouncing you over to the other site for approval, rather than asking for the login info. Google has implemented a version of this, but it’s still not being used by many sites (the only integration I’ve seen is Dopplr).

Now Facebook isn’t alone in this one. Every social site has a feature like this where they ask for email usernames and passwords. This is bad for business.


August 20, 2008