caída de facebook Dispositivos

Collateral damage beyond the Facebook outage

20/10/21 5 min. read

I’m pretty sure that memes with Facebook outage will flood the net, even Facebook itself for a few weeks, including the “I survived 2021’s Facebook, Whatsapp and Instagram outage” but you may have not, of more specifically, your business could have not survived.

The outage has been already explained everywhere, like The Guardian (for regular users) and Cloudflare (for techies).

meme de facebook
Source Twitter: bymemesof

The real problem behind is not the lack of social networks for a few hours, humanity can deal with that. The real problem was for the ecosystem built on top of Faceboook with the “Continue with Facebook” login.

Facebook
continue with Facebook

What is that, anyway?

It is a centralized service where applications, instead of developing their own login and user security, use Facebook services to do that. In pure theory it is good for those applications as it simplifies the development, reduces the required infrastructure and attracts new users. But sometimes it is not so good, for example when Facebook is down…

facebook model

Many would say it is a small price for the whole benefit. Is that the only price? I bet no. Because Facebook states:

Use Cases

Facebook Login is used to enable the following experiences:

Account Creation

Facebook Login lets people quickly and easily create an account in your app without having to set (and likely later forget) a password. This simple and convenient experience leads to higher conversion. Once someone has created an account on one platform, they can log into your app—often with a single click—on all your other platforms. A validated email address means you’re able to reach that person to re-engage them at a later date.

Personalization

Personalized experiences are more engaging and lead to higher retention. Facebook Login lets you access information which would be complex or arduous to collect via your own registration form. Even just importing someone’s profile picture from Facebook gives them a stronger sense of connection with your app

Facebook

So they (Facebook) gets all the user activity information! That is the typical Enterprise centric identity model: you, and many many others, share your information with Facebook and they will use it for their business.

current model of identity
Modelo actual de identidad

Would a different model be possible?

One model where applications wouldn’t need to develop a complex login system and the user will not share all his data (just the minimum necessary) with the company?

It is. The name is: Self Sovereign Identity model, where the user is the owner of his data. It is not only the owner of his data but also autonomous on matters like identification (there’s an intro from us here a more technical video.

In the case of Facebook outage if the application provider used a SSI model, instead of using “Continue with Facebook”, there would not have been a service cut, because the user could sign by himself a proof of identity. Then the application could verify that either against its database or to a public blockchain, where the nodes are independent and a problem like the one Facebook suffered is simply impossible (or possible only in the case on most internet down).

We can see both models compared:

centralized identy model
SSI model

More on that, the user controls which of his personal data is sent to the Application, the purpose and thanks to blockchain implementation can revert the use of his data. The model becomes user-centric: it is the user who holds his data from multiple sources.

SSI model
SSI Model

What would be the price for SSI model?

For the user: nothing extra. Not even his data, he only shared what is needed to get the service. It the service requires a bank account or credit card for the charges the user will send it only that information (not the postal address, for example). If it is an adult service, the user can provide a proof of age, using ZKP (Zero Knowledge Proofs) that does not disclosure his age or birthdate. And so on.

The companies will have to implement the SSI model, but luckily most of them are opensource and the community is eager to share and help (in Spain we have AlastriaID, in south-America it is Lacchain, Europe is defining EBSI and eIDAS). Hardware and software resources to use SSI are few.

Summarizing, a well built application using SSI wouldn’t have been affected by Facebook outage whilst the personal information of the users would remain under the user control.

Santander Global Tech is the global technology company, part of Santander’s Technology and Operations (T&O) division. With more than 2,000 employees and based in Madrid, we work to make Santander an open platform for financial services.

Check out the positions we have open here to join this great team and Be Tech! with Santander 🙃

Follow us on LinkedIn and Instagram.

Juan Tavira

Juan Tavira

Santander Global Tech

Specialist, architect and interdisciplinary geek passionate about all kinds of innovations. This is easy to say for oneself, but when my computing colleagues, my geek friends and even my wife say so, then it must be true somehow ;-). I also like to build violins as a hobby. I see code

 

👉 My LinkedIn profile

 

Other posts