Couldn't agree more. And to the GP, you may think that having Facebook authentication on your site is a benefit to both you and Facebook, but it can also work against you. I for one will NOT use any web services that require Facebook authn.
On the other side, I could just say the exact opposite: I find it infinitely easier when a site supports Facebook authentication. You can't just say "it can also work against you" unless you can show evidence that the target audience of the site, on the balance, will be turned away.
I mean, if we come up with more of these, eventually everyone will find at least one ludicrous. "I for one will NOT use any web site that requires"... "a credit card", "watching advertisements", "authentication of any form", or (probably the only reasonable one ;P) "seeing comic sans".
Actually he only needs one example to say "it can also work against you", and he is that example.
He didn't say "will", or "probably will" even, just "can".
But using FB to login to other sites seems less handy and more like a way to lose all your accounts when one of them gets hacked, and by concentrating so much value in a single account you increase the likelihood of it being targeted.
That is like saying chemotherapy "can work against you" by showing a single skin cell died during the treatment; it isn't "working against you" unless you lose so many skin cells that the chance of killing the cancerous tumor is no longer "worth" the risk.
If you accept "single user got angry" then every single thing you can "can work against you", and the phrase is meaningless: some people hate the color blue, while some other people hate everything /but/ the color blue. Decisions need to be made "on the balance", not because there's one angry user.
I never said we would 'require' FB auth. It certainly is one of the options though. One click login, not having to remember a bunch of different passwords and not having to fill out yet another registration form is very compelling for a lot of people.
We also provide enhanced functionality based on the data that is made available to us. We only ask for the minimal set of permissions. As a result, we get the data which I already outlined.
Another option which we are supporting, for people like you who won't use FB, is BrowserID. That system only gives us an email address. So, because the site I'm building requires all of the same data that FB already provides us, we still have to force you through a 'registration' process at some point.
I'm curious, what exactly is your fear of FB auth that prevents you from using it?
I can't speak for him, but I never use Facebook auth to prevent scumbags from getting a bunch of info about me including a list of my friends with no questions asked.
a) it takes a longer relationship where I'm treated with respect before I trust a site. I'd have to know they weren't going to spam me or my friends, they weren't going to store tons of data, things like that.
b) most of the info I put on FB is fake, I only keep it to untag photos. FB doesn't fit criteria a, haha
c) pretty much everyone trying to get at my social graph
And contrariwise, I never use Facebook auth to prevent Facebook from getting even the slightest amount of information about my usage of other sites that I can avoid giving them.
