Cycling to raise money for a young man in Africa January 11, 2011

Not my usual geek-centric commentary, just a plug for a friend doing some great work. Heather Anderson has been a friend since she was born, and I’ve had the privilege of watching her career in international service blossom through the years. She’s served in numerous overseas posts, including Jamaica, Lithuania, and several countries in Africa.

On that last front, she has been working with and is now raising money for the education of a young man in Swaziland, Celemusa. Her story is much more compelling than my retelling, so I’d encourage you to check it out at http://www.travelpod.com/travel-blog-entries/cycle4celemusa/1/1294088451/tpod.html. You can find instructions for how to donate and how to spread the word at http://www.travelpod.com/travel-blog-entries/cycle4celemusa/1/1294089690/tpod.html.

Even 10 years ago, getting this type of project off the ground would be much more labor-intensive than it is now – but Web 2.0 and its tools and relationships have helped make broad connection and distribution much easier. Thanks in advance for checking it out, and for your support!

Facebook as your single password on the Internet? January 6, 2011

Source: stock.xchng, plusverde

A recent blog post by Simson Garfinkel (of MIT Technology Review) raises an interesting possibility – that Facebook may be positioning itself to be your pathway to a myriad of other Internet sites, so that you don’t have to manage a plethora of user IDs and passwords. Interesting, strategic, potentially scary – lots of words come to mind when thinking about this possibility.

Facebook introduced Facebook Connect in 2008, and it’s now part of a collection of tools Facebook calls Facebook for Websites. To understand Facebook Connect, think about two different styles of building security. In one model, with a whole lot of exterior doors, you have to have a separate key to each one to get into the individual rooms – analogous to your separate passwords for each website you visit.

With Facebook Connect, you have the potential for a new model – a single exterior door, controlled by Facebook, and a single key – your Facebook user ID and password. Once inside, you can then have access (with no new keys required) to any room allowing use of the Facebook key, and you won’t have to get your key out again (retype your password), either. So instead of carrying many keys (user IDs and passwords), you need only carry one, at least for all those sites that support Facebook Connect. Techies call this single signon.

Facebook for Websites gives the sites that implement Facebook Connect access to a number of additional tools. Those sites allow users to “Like” things on non-Facebook sites, to allow users to easily register for a new site (with data pre-filled from their Facebook account, and Facebook Graph, allowing the site to see all of your Facebook Friends so it can leverage that information for marketing and other purposes.

Facebook Connect (and Facebook for Websites) was created, I believe, with the intent of making Facebook a more central part of its users’ Internet experience. Assuming that people used Facebook as their path to other web sites, that makes Facebook itself even more “sticky” as a destination for its users. Dropping their Facebook account would then require re-creating accounts at those places where they had previously logged in with Facebook.

As Garfinkel notes, this idea makes some sense for users. 500 million of us already have a relationship with Facebook, and have a lot of data there, making it already “sticky”. But there are potential issues, of course, in that Facebook doesn’t have a stellar track record of protecting the privacy of your data that you post there. And if your Facebook account password is compromised (by Firesheep, by someone guessing it, or by any number of other means), you’ve now lost “the key to the kingdom” – all accounts to which you connected with Facebook are now compromised.

Technologists have tried lots of things to solve this problem for consumers – having browsers remember your passwords, separate devices that could store them, specialized services like myonelogin.com to do single signon, etc. All have downsides in terms of both their risk profile and their usability, and Facebook Connect does too. What do you think? How do you manage your Internet passwords?  I look forward to hearing from you.