Facebook Comments Box Plugin Includes Live Code for Google and Twitter Logins

The new version of the Comments Box social plugin for third-party websites that Facebook released last week only gives users the options to login with their Facebook or Yahoo! accounts. However, we’ve just learned that the plugin includes live code supporting logins for accounts from Google, Twitter, and other OpenID providers. This means it might be easy for Facebook to enable logins from additional providers if its relations with these companies improve.

Facebook apparently pulled the public options to use Twitter or Google credentials at the last minute. Facebook recently clashed with Google over data portability and whether users should be able to export email addresses of their Facebook friends to Gmail. Twitter released an app in June that allowed users to see which of their Facebook friends tweet, but a disagreement between the companies led Facebook to block this functionality.

The only legitimate alternative login option to Facebook is Yahoo, which recently began allowing visitors to its network of sites including Yahoo News and Flickr to register for Yahoo accounts or sign in using their Facebook credentials.

Yahoo’s inclusion in the Comments Box could be a repayment for this favor, a sign that Facebook doesn’t consider Yahoo a threat, or the result of it signing some terms or deal with Facebook. Those logged in to the plugin through Yahoo don’t display a profile picture or link back to their account, though, making their comments appear inferior to those from Facebook users.

Modifying the Comments Box

By adding a line of Javascript, Google, Twitter, and other login options can be enabled. Adding  MultiLoginPopup.setProvider('google.com'); initiates the Google OAuth flow, and document.getElementsByClassName(“submitButton”)[0].click() lets users comment from their Google accounts.

A similar code snippet  MultiLoginPopup.setProvider('twitter'); can be used to attempt a Twitter login. This relies on a call to www.facebook.com/connect/twitter_login.php , which is currently unaccessible, causing the authentication to fail. MySpace and other OpenID providers can be enabled by substituting  ‘myspace’, ‘myopenid’ or ‘pip.verisignlabs’ for Twitter or Google.

Note that Facebook prohibits modification of the Like button and its other social plugins. Facebook told us that “to provide a consistent and easily identifiable experience across the web, social plugins may not be altered beyond options that are already documented.” Developers should know that they add this JavaScript at their own risk and could be punished.

To provide a consistent and easily identifiable experience across the web, social plugins may not be altered beyond options that are already documented.”

The fact that this live code was left in the plugin means Facebook may be looking optimistically towards its future relations with other web service giants. Legitimate support for these credentials would open commenting on third-party sites that have implemented the plugin to a wider audience, improving discussion.

The Comment Box’s lack of an anonymous login option discourages low quality comments and trolls, though it may also discourage valuable but controversial comments users might not want their friends to associate with them.

Allowing Google as a login option could permit slightly more anonymous commenting, as many users’ Google accounts aren’t as deeply connected to their friends. Allowing users to comment from a widely held account that is tied to their real identity, but not necessarily their entire social graph, could lead to more heated debate without opening the floodgates to abuse.

Facebook could but doesn’t currently provide a way to limit on a comment-by-comment basis the visibility to friends of comments syndicated from the plugin to a user’s news feed. In the absence of such privacy controls, there’s an increased need for an authenticated but disconnected commenting option.

[Thanks to Tom Waddington for the tip.]