Facebook's Glass Jaw

Facebook finally has a real problem to deal with – an exceptionally rational and well-thought-out strategy by Google that puts the leading social media cloud in the path of a wave of angry users. The only thing Facebook has going for it is that said users don’t yet know they’re angry.

With its denial of service attack on Google’s Friend Connect, Facebook is serving notice that it feels threatened. By what? Users leveraging their Friend data to form communities outside of the Facebook moat? Forget for a moment that we tell Facebook who our friends are, and those gestures are created and owned by us. If Facebook insists on freezing our data as a condition of using their service, the company is essentially recommending we go elsewhere.

Google is smart enough to realize it doesn’t need to win here to help Facebook lose. Friend Connect does more to incentivize OpenId usage than to sell Google services; OpenId proliferation amortizes the complexity of that solution across multiple cooperating Web sites, particularly those that can make money on harvesting social synergies in conjunction with Adsense. It’s a Pay-Me-Now or Pay-Me-Later offer to Facebook: Play along and leverage your social equity or raise your hand and let your customers know how clueless you are.

Facebook insists it is preserving user privacy by neutering their API for its only stated purpose: “[E]nabling users to share their information with the third party websites and applications they choose.” Instead, in a Casablanca-like statement that gambling is going on (Your winnings, sir) one Charlie Cheever notes Friend Connect “redistributes user information from Facebook to other developers without users’ knowledge, which doesn’t respect the privacy standards our users have come to expect and is a violation of our Terms of Service.”

I love many parts of this, but none more than the part about privacy standards our users have come to expect. The API enables users to share their data with site and apps they choose but somehow Friend Connect does its dirty work without users’ knowledge. If the API enables user control, then what part of its use is without the users’ knowledge? Is there an Alzheimers standard that somehow slipped in here?

Of course we all know there’s something about Google’s implementation that is screwing with Facebook’s business model. Facebook is telling us this in case we hadn’t figured out that “enabling” users to do what they want with their data was only allowable with Facebook Connect and not Google or Microsoft or God help us, Twitter Connect. Imagine what happens if our Twitter Follow cloud and its Track filtering enable us to nail up and down connections in real time over XMPP. Oh wait, I can do that right now.

The tortured PRspeak rivals the current Bush Administration press officer’s gyrations in denying our idiot president’s appeasement charges are about Obama, while John McCain drives the Straight Talk Express over the Democratic nominee as he eats a hot dog on the campaign trail. It’s the straight talk we’ve come to expect, but Facebook is squandering some serious good will here for no apparent reason.

Which leads me to suspect that this is not about some strategy but rather the lack of one. Google, not having a social platform but a lot of data that could be useful in one, understands credibility with users is paramount in legitimizing the use of such data. They need our permission. Friend Connect asks for that permission, rather than demand it of its users. In some ways, this is even more egregious in violating user expectations than Beacon, which in the words of Charlie Cheever at least had the advantage of following privacy standards users have come to expect at the time, namely none.

This time Facebook is attacking a service that bootstraps the Facebook API and the same intentions the user has to exploit Facebook synergies around the Web. In other words, Facebook is threatened by users extending the power of the Facebook cloud to other favorite sites and applications under their control. If they allow this, they encourage users to continue to mine Facebook data and the social communities it empowers, thereby maintaining Facebook power rather than diluting it.

Instead, they give Google back the white hat they seemed bent on losing over murky Google Reader assumptions about which Friends are derived from vaguely visible Contact interactions in Gmail and Gchat. Don’t be surprised when Google announces improvements around such Friend discovery based on the very same open standards they have deployed in Friend Connect. And equally unsurprising will be Google statements about just what data is being shared and under whose control. Like: “We never handle passwords from other sites, we never store social graph data from other sites, and we never pass users’ social network IDs to Friend Connected sites or applications.” I’ve heard the explanation, and it’s simple and believable. Users control, not Google.

Honestly, the reason I really care about this is not about Facebook, it’s about Twitter. Twitter has a much more dynamic and central role in my online life than Facebook, and I’d appreciate the ability to model that cloud across Friend Connect and via Facebook’s assets while waiting for Live Mesh to arrive. Once Mesh is available, many of Facebook’s constructs can be rebuilt from the ground up without the tone deaf nonsense Facebook is currently spewing. That fact will likely force Facebook to rework what users have come to expect to avoid being shut out of the very game they invented.