Earlier this week Facebook experienced a brief and rare outage of all its services, including Instagram and sites that allow users to log in with Facebook, such as Tinder. The outage came at a ripe time for Facebook—late on a Monday night in the U.S.—but people still took notice, flocking to rival social network Twitter to voice their complaints.
What caused the downtime is still in question. Hacker startup and potential scriddies Lizard Squad quickly took credit, and the style certainly reminds one of their similar attacks on Xbox and the Playstation Network. Facebook denied this in a post after the incident, apologetically claiming the length of the outage was caused by an error in “configuration values” and stressing “we take the performance and reliability of Facebook very seriously.”
The price we pay for that service might be the integrity of the Internet itself.
As well they should: Over 13 million sites use Facebook Connect to substitute their own independent login system. While this particular episode didn’t affect most sites—though the inclusion of Tinder and Instagram is still unclear—it’s also not the first time sites dependent on Facebook were affected by the site’s own mismanagement of vulnerabilities. Back in 2013, a specific issue with Facebook Connect brought down the services of CNN, ESPN, Yelp, Gawker, and many others using the service.
It’s a very tenuous security situation for so many sites to become dependent upon one entity. Such setups, known in infosec circles as single points of failure (SPOF), display not just the weakness of Facebook and others like it but the inherent error in other sites relying upon them. Facebook provides a fantastic service by giving users the ability to travel with one identity across the Internet and removing the need for dozens and dozens of accounts. The price we pay for that service might be the integrity of the Internet itself.
And this isn’t just Facebook’s problem. Google and Twitter offer similar login services and potentially face the same weaknesses as Facebook. In fact, Amazon Web Services—which allows companies to host sites and applications within Amazon’s cloud—presents possibly the largest danger. A 2012 outage of AWS brought down Reddit, Netflix, and Flipboard which all use the remote service to save money on managing much of their sites’ server work themselves.
This decentralization of so many sites actually centralizes—and therefore weakens—the security of all these sites. When Facebook or Amazon offer their login service or the servers themselves to a smaller companies, they strip each of those individual companies of worrying about their security and reliability. In doing so, however, they hoist that weight upon their own shoulders, opening up their clients and users to massive failures.
And Facebook doesn’t do this for charity—Mark Zuckerberg has often said he wants Facebook to be the vehicle of the Internet, not just the destination. Facebook avidly wants you to use Facebook to move from place to place, all under the authentication services of Facebook Connect. Users feel safe and secure, sites get a boost of legitimacy, and Facebook gets all the data in between to package and sell to advertisers.
Mark Zuckerberg wants Facebook to be the vehicle of the Internet, not just the destination.
It’s a bold dream, but one that comes with many costs. Tinder—one of the sites that briefly followed Facebook into obscurity this week—outright demands the use of Facebook. In fact, there are scores of tutorials on how to scrub your Facebook of Tinder or vice versa. Tinder is often a very personal place filled with vulnerable moments and details best left out of public life. It’s a poor fit for the officious atmosphere of baby photos and political debates Facebook has become.
So it’s not just Facebook’s vulnerabilities as a site that it brings through Connect, but all the baggage Facebook is consistently criticized for. On Facebook you’re the you everyone sees at work, at school, or around the dinner table. Much of the comment boards around the Internet, however, are full of private details, obscene rants, and general trolling. This is not exactly the material people want attached to their real name and profile photo.
There’s evidence Facebook realizes this. It’s new app Rooms is voluntarily anonymized—a big step after the site offended many in the trans community by forcing them to use their legal names. It reeked of a similar problem Google ran into when they tried to merge Google+ with YouTube to the protest of thousands of YouTubers—including the site’s founder.
In the same way we associate different sites with certain levels of digital security, we also trust different sites with varying levels of personal trust. We adapt and change ourselves to the audience were performing for as much as we might stall at giving a password and username to a site somewhat beyond veracity.
Facebook is making itself carry the weight of the entire Internet.
It’s similar to the status of PayPal as a trusted ombudsman of online exchanges. If PayPal were to have an outage, it would likely disable any transactions through PayPal—equivalent to 18 percent of all payment exchanges made on the Internet. By covering the massive expense of self-authenticating online exchanges, however, PayPal has relieved many merchants and consumers from the struggle of protecting their credentials.
It’s this vein of trust Facebook wants to build in login services, but it offers far more vulnerabilities than PayPal. Not only has Facebook been a popular target for hackers before, but it also drags along the added social pressure of making every offhand comment or unsolicited criticism as public as your vacation photos.
While Google and Amazon face many of these same issues, they aren’t as culturally restrictive as Facebook. It often seems like Facebook is desperately trying to escape who they’ve always been: a place to connect with the people you know. They’re trying to battle YouTube with videos, Twitter with breaking news, and every other competitor by managing the comment boards of most sites you can name.
In trying to fight this existential battle, Facebook is making itself carry the weight of the entire Internet, something not even 1.3 billion users can help them with.
Photo via mkhmarketing/Flickr (CC BY 2.0)