The real power of the system becomes evident when you “connect” profile information on your site with Facebook, allowing information to flow through to your site with a button click instead of a lengthy sign-up form. The barrier-of-entry for all aspects of user profiling is reduced — people that wouldn’t bother to sign up for an account on your site at all can still be served personalized information and tracked demographically, and people who would sign-up get their information pre-populated and connected to their social network of choice (assuming that’s Facebook, of course). In a way, it’s similar to the effect that Amazon Payments or PayPal has in merchandising and micropayments — people are more likely to actually check-out with their cart if they can use a name they trust and don’t have to type in their name, address and credit card information over and over again.
The benefits to all parties seemed pretty clear: the user experiences simplified profile management, Facebook serves as a defacto “social action” engine and drives traffic back to its site, and your website gets data it may not have had otherwise. But things aren’t that simple. For instance, who owns the information about the profile that Facebook provided to your website? What exactly can you store from Facebook, and at what point is that data part of your site’s profile and not the users’ Facebook profile?
It’s not a trivial point. It turns out that even major site Digg.com, the example site Facebook shows a screenshot of as a Connect site in it’s Facebook Connect announcement post, didn’t know where the line was. As the writers at AllFacebook.com point out, the Facebook TOS are muddy: different rules about what data can be stored and cached under different circumstances; conditions for people removing or disconnecting from your app; frequent changes due to new functionality and occasionally, public outcry. Compound that with the fact that it’s near impossible for Facebook to police the requirements among the many sites using Connect, and there is a lot of confusion between what a Connected website wants to do, should do, and can get away with doing.
As websites link up with Facebook Connect more and more, the lesson for prospective integrators is to plan for the implications of the TOS on your data collection and make sure you aren’t left in the lurch if it doesn’t match up with Facebook’s rules. A decent back-up plan includes OpenSocial, Twitter and maybe a little bit of praying.