From the beginning, Facebook has helped popular websites become even more popular by allowing people to post status updates full of links that have guided their friends to the Web pages they visited. Then last Thursday, the websites that were closest to Facebook started crashing, and the world learned the potential downside to giving Facebook such a central role on the Internet.
It went wrong when Facebook started mishandling its end of the connection. The API will normally check to see if a user is logged in, then build a box full of information about the user that's seemlessly integrated with the website. For a bit less than an hour last Thursday, the API's background requests for information about the user were redirected to an error page, a result that confused the API and led it to take over the Web page and replace it with a big error message from Facebook. Instead of seeing the news or the weather or whatever their destination would normally display, users saw just a Facebook error.
There has been little talk about how this glitch illustrated just how much data Facebook is gathering about where we browse. Even if you don't click the Like button on the Web page, Facebook learned you were there when the website initialized the Connect API code. It's tracking much of what we do on the Internet.
While this particular mistake is probably an isolated instance that won't cause much trouble, some websites may want to rethink the architecture of their interactions with Facebook. Some sites may want to work a bit harder to isolate Facebook interactions instead of taking the easy solution and opening a big door for Facebook's code to do whatever it wants.
Is the Facebook API too powerful? Twitter has an easier way of adding a status update by using a simple URL like
http://www.twitter.com/home?status=Hello+World. This is far from as tightly integrated or as automatic as the Connect API, but it leaves the control with the originating website, reducing the dangers of a glitch taking down the Web by hijacking the browser session. It also serves to protect the privacy of the users. Developers should spend more time examining options like this.
This story, "How Facebook Connect took down the Web," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.