I don't think you'll get that kind of security in this space-time continuum...
If you send an open message to X, you just aren't going to keep X from sharing that message with others.
-- There no real way around this. It's essentially the "problem" that DRM aimed to "solve". Thankfully, it couldn't. Only share things that are appropriate for a given friend or group of friends. This applies on Facebook or anywhere.
I'm glad I'm not the only person who thinks this. Friendship is not an idempotent operation. Facebook connects up hundreds of millions of people and makes it extremely simple for them to share information. It's a social internet. To make any kind of attempt to preserve privacy is practically oxymoronic.
* While counting on your friends to not share your data is going to be dicey regardless, at least your data is not automatically going to be sold.
* Facebook changes it's interface and terms of service at it's discretion. You should be in charge of any changes to a sharing process.
* Facebook has the stated aim of forcing everyone on the net to use a single identity. This is a rather Orwellian position that we should avoid (goes with the problem of FB changing their interface and terms of service whenever they wish).
Yes, I've been reading the other comments, and a distributed network would have some advantages, but also disadvantages, a strong analogy being email and smtp.
About the FB identity, that's also very attractive to developers, and Appleseed should solve it somehow: if a website uses FB for user logins it gets almost-instant sign-up, user photo, user name, email (if requested) and access to a whole list of friends.
That's a pretty powerful incentive for websites to get integrated with Facebook.
It really seems like Facebook itself offers any more services as such than the regular web does. It just packages them more nicely - that isn't to say the packaging important, it's clearly very important.
1) people have to remember their service's endpoints, and the interface is getting cluttered with buttons for the major suppliers, and personally I have OpenID accounts by multiple endpoints, and even I had trouble logging in to StackOverflow.
There are 500 million people with an already existing Facebook account. Those people don't have to remember anything besides their Facebook login info.
2) On Facebook both the name and the email address is mandatory, and people want and do share their profile photo. Many people also have location info, which is quite useful for location-aware apps.
This is sparing you from asking (I'm sick and tired of filling my profile info on various sites I visit, but my Facebook account is up to date).
With OpenID you don't know what you're getting about that user.
3) You also get a little extra if you want: like the list of the user's friends, which is evil, but very attractive for me :)
You also get a little extra if you want: like the list of the user's friends, which is evil, but very attractive for me
So you're saying you're hoping just a little bit of Facebook's evil will come your way? Well, this indeed illustrates another reason to build a Facebook alternative... IE, No, I don't want a programming-answer site to tell my friends how much I like it, etc.
I'm having trouble parsing that.
It's like you went bezerk on reading the word "evil".
Maybe you haven't realized it, but when 2 people get connected on Facebook, that's public knowledge already that can be crawled.
If you're going to the normal route of getting your app integrated with Facebook, at least you're informing users that you need that access, and you also give them the option of blocking your app later.
Appleseed uses identities that look just like an email address. For instance, mine is:
michael.chisari@developer.appleseedproject.org
My public profile then is:
developer.appleseedproject.org/michael.chisari
When I'm logged into my home node, I can go to any other Appleseed node, and "remote login" with my Appleseed identity. From there, it uses the same flow as OpenID, just in a more user-friendly fashion.
If you send an open message to X, you just aren't going to keep X from sharing that message with others.
-- There no real way around this. It's essentially the "problem" that DRM aimed to "solve". Thankfully, it couldn't. Only share things that are appropriate for a given friend or group of friends. This applies on Facebook or anywhere.