Facebook really changed things up last week. Oh sure, it's as disrespectful of my privacy as ever, but now it's enlisted the entire web to help. So I'm done with anything that requires a Facebook login.
Facebook made some big changes in terms of how things look and work, but its inexorable drive to drag us all into publicly sharing everything from everywhere with everyone all the time remained consistent. The most noticeable new features that reflect that are Timeline and Ticker. Ticker delivers real-time updates of your friends' actions, while Timeline archives everything you've ever done on Facebook. But the big change, the true assault to your privacy, is under the hood: Open Graph.
Open Graph is a development tool that lets third-party apps and sites report your activities back to Facebook. It's meant to extend or replace the Like button. It's a way for sites and services to jack directly into Facebook from anywhere. If companies use Open Graph, they can publish to your Ticker and Timeline, too, effectively sending tattle-tale updates on anything you do to everyone you know, in real time. And then Facebook gets to keep that data forever. It is the ultimate collection tool, a way for Facebook to monitor you, wherever you go.
The thing about Open Graph is that it's actually very seductive. Now, when I listen to a new song on Spotify (or Rdio, or MOG, for that matter) it shows up on Facebook's Ticker immediately, as it happens. My friends can play it, right then and there. They can also see trends about my listening habits in my feed. And, damn, that's actually kind of cool. It delivers on this cool premise of true real time sharing. In return it only asks for what Facebook has always asked for: our privacy.
When Facebook announced all this at its F8 developers' conference last week, Spotify took center stage. Its demo was a hit, and people applauded! Yay, Spotify!
But the Spotify we knew last week is a fundamentally different business from the one that exists this week for one simple reason: If you want to join Spotify now, you have sign up with your Facebook account. In simple terms, Spotify isn't asking for access to your data anymore. It's demanding it. No Facebook account; no Spotify. In essence, Facebook-sharing is no longer a feature for new users, it's a requirement. It must know that for a company that traffics in what is new and popular and hip, it is taking a decidedly unpopular action. Spotify sold its cool.
Spotify says it's made the move to promote better music discovery. That's lame and untrue. Sure, you can help people to discover new music by forcing them to promote your app on Facebook. You can also do it by listening to a jambox turned up to full volume on a crowded bus. Both of those are pretty shitty ways of doing things. Both are forced exposure.
Spotify isn't the first to offload the account process to Facebook. Hell, it's not even the first music service to require a Facebook account. Turntable.fm (another F8 presenter) has required Facebook to login from its earliest inception. And obviously there are enough Facebook-only apps to keep you Zynga-ing for the rest of your miserable life.
But seeing a service as huge and hyped as Spotify—especially one that's in a footrace with competing start-ups like Rdio and established players like Apple for users—go Facebook-only is troubling. Spotify is going all-in with Facebook. It will not gain a single new user from now on who isn't a Facebook user. Not one. It's shutting the door on billions of people to rapidly gain millions. Yet, surely it's done the math, and thinks that price is worth it. So far, it certainly seems to be paying off. And sadly it probably indicates that a Facebook-required policy will only proliferate.
To be clear, Spotify isn't the big problem. It's just the spear tip. Having an app rat you out for listening to some shitty song is embarrassing. But it gets much worse when you start extending Open Graph everywhere and it begins tattling on far more personal details like, say, your reading habits.
That's not even some crazy what-if. It's already happening at The Washington Post; if you use the Post's Social Reader app, it automatically reports the stories you read to Facebook. As Michael Donohoe points out, your sudden keen interest in cancer stories might alarm your friends and family.
Given the near ubiquity of Facebook Connect across the Web, and the difficulty of ditching your Facebook cookie, you can easily see how all kinds of sites and services and apps are about to start reporting all kinds of things about your behavior, whether or not you are aware of it.
You can already log into Hulu with Facebook Connect, what happens when it starts reporting every single video you watch? Or if Netflix decides it wants to make the same move Spotify has, and suddenly your viewing history is an open page? Or if Amazon decides to connect its new Kindle social network, revealing the title of every book you read, and your pace within it.
And you know what? Even that's fine, as long as its an option. Facebook Connect? No thank you. I'd rather disconnect those streams. But once Facebook becomes a requirement to use an app—once giving apps permission to access and update your Facebook data becomes integrated into their terms of service—you have completely surrendered control of how your data is being used, shared, and sold.
Aside from dropping it in Timeline and Ticker, what is Facebook ultimately going to do with all that data? What will become of the profile it builds of your personality, linked to your real name, five years from now? Ten? Twenty?
I know Facebook is going to crap all over my privacy. And I'm oddly okay with that. It's a Faustian bargain I made with Zuck long ago in exchange for providing me with a platform where I can interact with my parents and in-laws. But I don't want that deal to extend to the entire Web, to every service I use and each site I log into. I don't want my every action recorded in perpetuity or worse, broadcast without my explicit permission. I don't want my humanity commoditized.
And so I'm doing something about it. I'm not Facebook Connecting anything. I'm rigorously monitoring which apps (and holy cow are there a lot of them) have permission to interact with my data.
But mostly, from now on, I'm taking a stand. If an app requires me to sign up (or even sign in) via Facebook—if it requires me to share my data—well then I'm sorry, but I'm going to take my business elsewhere. And I won't be alone.
You can keep up with Mat Honan, the author of this post, on Twitter, Facebook, or Google+.