Is Facebook's Widget Policy Too Restrictive?

Last week I began development of a widget for the Facebook Connect platform. The idea was a cross between MyBlogLog and Friend Connect. Why am I revealing my secret project? Well for the most part I can’t develop it anymore. In order for my “widget” to function on another person’s website it essentially needs to be an application and I need to hand over the majority of my code to whoever the site owner is.

Additionally, in order to protect my scripts from any security vulnerabilities I would need to implement a complex cross-site confirmation layer similar to to Facebook’s “cross-domain communication channel file” required for any new Facebook Connect implementation. In other words I would have to create my own implementation of Facebook Connect to securely share any data via JavaScript.

Satisfying the Masses

What I essentially was attempting to take advantage of is the huge gap in those that understand Facebook’s “quick and easy” 8 minute Facebook Connect set up and those that don’t. Most can see the opportunity which lies there. Put it this way: there are 2.2 million people who have joined the Facebook Developers group and there are over 130 million users on Facebook. The remaining 128 or so million people probably don’t understand how to implement Facebook Connect.

It even took me, someone who developed their first Facebook application last year in about 3 hours, a couple days to completely figure out how Facebook Connect works. Call me dense. Yesterday Facebook released information about their fourth party code policy and it’s pretty clear that hosting code on your own server that should be executed on the website owner’s site is not allowed.

Want to develop the next MyBlogLog? You can’t. Want to develop the next Google FriendConnect widget (the project I was working on)? For the most part you can’t. Instead you would need to force the website owner to go through what I believe is an overly complex installation process. Yes, there are millions of people that will understand how to upload a couple files to their site and modify a little bit of code but the rest of the world simply doesn’t understand how to do that.

Should I need to have a basic understanding of JavaScript to understand how to implement Facebook Connect on my site? I don’t think so.

Widget Policy Still Undefined

Facebook is still trying to perfect their widget strategy though. The wiki page “How to Write a Facebook Connect Widget” that Facebook references from their fourth party code page is completely blank. Not really helpful for someone that’s looking to take advantage of the current void in the market.

Clearly Facebook has put themselves in a complex place. On one hand, the company wants to maintain security for Facebook users that log in via Facebook Connect on other sites. On the other hand, they want rapid adoption of Facebook Connect. Additionally, it appears that they want to have a direct relationship with any site that wishes to implement Facebook Connect. Again, not a completely unforgivable offense but this policy also restricts third-party (or now considered fourth-party) developers.

What Facebook has essentially done is they’ve gone and removed the incentive for any developers that wish to develop innovative products that run on on third party websites. While you could implement Facebook Connect within your own content management plaform (e.g. WordPress, Drupal, etc), it requires the person implementing that code to have a basic understanding of the logic going on behind the scenes.


Personally I’ve gone from someone that was overly enthusiastic about Facebook Connect as of last Friday to someone who is essentially indifferent. Yes, adding Facebook Connect support to your blog or website (which we will be doing in the next day or so) may increase engagement but is it as game changing as we all hoped? It is for Facebook. Obviously Facebook wants to have access to all of your activities outside of their site but they don’t want to let other developers figure out other ways to leverage that information easily.

I can’t blame them for a protectionist policy. It’s an easy way to protect others from quickly setting up competing ad networks outside of the Facebook platform. In essence Facebook’s platform has been extended to the rest of the web. If you were expecting brand new opportunities to come from the extension to the general web, don’t expect to see the same gold rush we witnessed when the platform first launched last year.

Despite my disappointment with Facebook’s widget policy in its current state, we’ll continue to track the growth of Facebook Connect (which is growing at around 50 sites per week currently). I can’t blame Facebook for wanting to protect their user data but in its current state, Facebook Connect is not a widget friendly environment.

There are plenty of opportunities for developers (who know how to program) who implement Facebook Connect within their own sites. If you don’t know how to program though, don’t expect any revolutionary tool to come to your site anytime soon. While the uptake of Facebook Connect will most likely increase in the coming weeks, most quick to implement tools are going to have to come directly from Facebook, not outside developers.

Recommended articles