Orange Link nous demande nos mots de passe: pas au point! [fr]

[en] There is absolutely no excuse, in 2010, for asking people to enter their Gmail, Facebook or Twitter passwords on third-party sites. And that is precisely what the "social media to SMS" service Orange Link is doing for Gmail and Twitter, though they got Facebook right. Laziness or scary cluelessness?

Orange Link est un service d’Orange.ch qui nous permet de recevoir des alertes SMS de services comme Twitter, Facebook, et Gmail (et aussi, d’envoyer des SMS à ces services).

Orange Link

Très cool. J’espère en passant qu’ils sont aussi en train de bosser sur un partenariat avec Twitter comme l’ont fait d’autres opérateurs.

Ce qui est beaucoup moins cool c’est qu’ils nous demandent nos mots de passe Twitter et Gmail!

Orange Link - BAD BAD password anti-pattern

Regardez ce que je disais en avril 2008, il y a plus de deux ans:

I have an interest in social network portability (also called “make holes in my buckets”) — I gave a talk on SPSNs from a user point of view at WebCamp SNP in Cork recently — and I am also concerned that in many cases, implementations in that direction make generous use of the password anti-pattern (ie, asking people for the password to their e-mail). It’s high time for design to encourage responsible behaviour instead. As the discussion at WebCamp shows, we all agree that solutions need to be found.

Les gens ont tendance à être d’une naïveté affligeante avec leurs mots de passe, tant dans le choix de ceux-ci que l’insouciance avec laquelle il les prêtent à autrui ou les entrent sur n’importe quel site qui le leur demande.

Il est irresponsable de la part d’une entreprise comme Orange.ch d’encourager les gens à entrer leur mot de passe sur un site qui n’est pas celui du service en question. On est en 2010, loin de la situation en 2008 référencée plus haut, et OAuth et autres services du genre sont une réalité. Texprezzo et Textendo, qui fournissent la technologie derrière Orange Link, ne nous demandent d’ailleurs pas notre mot de passe Facebook, mais utilisent Facebook Connect pour accéder à notre compte.

Orange Link -- Good

Facebook | Request for Permission

Il n’y a donc aucune excuse pour ne pas procéder avec les technologies similaires à disposition pour Twitter et Gmail. Début 2009, Twitter était sur le point d’implémenter OAuth, ce qui a été fait depuis lors — lire la FAQ de Twitter sur OAuth. Quant à Google (pour Gmail), eh bien, depuis mars 2010 (enfin!) ils parlent aussi OAuth.

Je ne sais pas s’il faut en conclure qu’ils s’en fichent ou qu’ils sont mal informés/inconscients — mais à ce point, j’avoue que ça ne m’inspirerait guère confiance.

LeWeb'09: Facebook, Facebook Connect, Identity (Ethan Beard) [en]

Live notes from LeWeb’09. They could be inaccurate, although I do my best. You might want to read other posts by official bloggers, in various languages!

Mark’s initial idea: give people a better way to connect. Basic information. 5 years ago.

Huge growth now. The core activity on the site hasn’t changed, but now the user base has changed. 70% of the users come from outside the USA.

Not just connections between people, but between people, objects, ideas, places. Building an accurate representation of one’s identity. I’m easily identified as/by a series of connections.

Facebook connect: opening up for others to build upon. Traveling together. Facebook didn’t get this growth by going alone. Taking the connectivity of Facebook outside the platform.

Facebook aspires to be a technology that people use to connect to what they care about wherever they are.

Tool for building applications inside Facebook => connecting outside Facebook, with Facebook Connect. Fanbox: very successful. People are looking for ways to connect to brands and companies they care about not just on Facebook.

Didn’t imagine that gaming would be such a success. Social gaming. Hugely successful companies. And now traditional gaming companies like Sony etc are jumping in.

Examples:

The Huffington Post. Add the network to reading news. What are my friends reading? Using Facebook Connect makes it easy for users to comment and publish back into Facebook stuff they find. Since they added Facebook Connect to Huff Post, 500% FB referrals, 50% comments, 50% user growth *(steph-note: other factors might factor in to explain growth… can’t give 100% credit to Facebook Connect for that, though I’m sure it has an influence.)*

JibJab. Connect is now the primary way to log into the site.

TFI. Integration of Facebook live feed during matches for example.

Bejeweled2 on Facebook. But you shouldn’t be limited to playing on Facebook. With Connect, can play elsewhere but it remains social.

Connect is the glue that ties together your experiences, whatever the device you are using. Ubiquituous. *(spelling?)*

The web is about people and you experience it through the lens of your friends. The graph is the foundation of the social web. *(steph-note: reminds me I have to write a post about the blogosphere as a social network — this stuff is not new)*