Tag: LinkedIn

What is social sign-on?

Spotify login screen

Spotify login screen with option to login using Facebook

A trend that is being associated with online services or applications is to provide “social sign-on” for new and existing users of these services. This is based around the concept of single sign-on where you use one set of credentials verified by one service to authenticate with one or more other services. This time, the credential pool that is used for authenticating users is your membership with a social network like Facebook or Twitter. The expression is sometimes extended to cover other authentication-data pools like Microsoft’s authentication services associated with Outlook.com/Hotmail, Windows 8 or XBox; or Google’s authentication services used for GMail and YouTube.

TripAdvisor Webpage

TripAdvisor webpage with social sign-on and personalisation from Facebook

In a social sign-on arrangement, your credentials are held and tested at the social-network’s servers and both the online service and the social network create a unique “token” or “key” to link and authenticate your presence on these services. The common methods that these services use are based around the OAuth or OpenID protocols used for single sign-on across multiple services.

Social sign-on concept diagram

Social sign-on concept diagram – relationship between the social network and online service

As well, your social attributes (name, birthdate, etc) that you have stored on the social network’s servers would be copied in to your account on the online service when this account is being provisioned. You will know about this when your social network pops up a screen asking you whether to allow the online service to gain access to your details held at the social network.


There are some key advantages with using a social sign-on setup.

One is to benefit from a simplified provisioning process for your online service. This is without the need to key in the same data across multiple services. It also includes use of a pre-authenticated email address which is considered of high value with forums, commenting facilities and the like because most social networks especially Facebook, Google and Microsoft implement strong measures to combat fraudulent identities.

We also benefit because there are fewer sets of credentials to remember. As well, if a social network implements improved user-security measures like multifactor authentication or “trusted-device” operation, this flows on to the online service we use.

Some of the online services also can provide a personalised experience such as granting you birthday wishes on your birthday, including making those “special birthdays” such as the “big zeros” or the 21sts highly special.


The disadvantages that can occur include weak links in the authentication protocols and a total dependence on access to and the security of a particular social-network account.

This also encompasses situations where a workplace or school may implement measures to shut out access to social networks in the name of productivity or an oppressive regime may shut out access to the popular social networks to curtail free speech. This can limit access to the online service because of its dependence on the social network.

How can it be operated properly

To assure users of their privacy, a social sign-on setup needs to identify any attributes that it is obtaining from a social network and give the user consent to obtain the attributes. As well, the login procedure should allow for one to create a login that is independent of a social network whether in conjunction with a social-network presence or not.

Similarly, the concept of social sign-on could be exploited by social networks and other authentication services to support simple-but-secure login for living-room applications. This is, from my experience, something that needs to be worked on because such devices require a lot of “pick-and-choose” data entry using a remote control’s D-pad to enter user credentials for online services. As well, many different users are likely to use the same living-room device.

Dealing with Internet trolls


How to kill a troll | Naked Security (Sophos)

My Comments

Anyone who has a personal Internet presence on a message board, social network or similar environment or operates such a presence for their company or other organisation can end up facing the worst side of the Internet.

This is typically in the form of the “Internet trolls” who exist on message boards, social networks, blog comment trails and online chat rooms just to cause trouble. This has manifested in online harassment which is mainly in the form of schoolyard-grade activity like foul names or targeted embarrassment attempts. But there have been acts like physical threats against person, animal and property; stalking, sustained harassment and sexual harassment with young women being the main victims.

It included a situation that I faced regarding a café I regularly visited where their Facebook presence was tarnished with foul comments because the business didn’t permit a protest group to put some flyers about their campaign by their cash register. Here, I was defending the café in their stance regarding what had happened.

But what can you do? You could block the accounts where the behaviour is coming and implement technological measures that do this for you. Here, such measures work on logic like blocking relatively young accounts that mention you, accounts with very few followers that mention you or accounts that generate replies containing certain keywords.

On the other hand, you could embarrass the source of the comments. This plays on various analogies associated with social taboos like in-workplace sexual harassment where a person isn’t just hauled up before law courts but the court of public opinion doesn’t look favourably on them. This would be hard to implement in the online world due to the ease in which one can create an anonymous online presence such as with the use of multiple disposable emails or pseudonyms.

Some countries like the UK have given their online-harassment laws more teeth such as legislating for longer prison terms. To the same extent, we should be encouraged to use all of the civil and criminal laws available to us as a tool to deal with Internet trolls, but a key problem is working with the problem from a cross-jurisdictional angle. This is where you identify that the activity is appearing from another state within the same country in the case of countries like Germany, Australia and USA, or another country; such as someone residing in the UK being harassed by someone using a computer located in New York State in the USA.

As well, there have been various PR activities to pillory the trolls such as Mary Beard’s activity after being victimised by schoolyard-grade online behaviour. She wasn’t afraid to speak her mind on British TV and had her friends and supporters work together to “fight back” against the troublemakers. Businesses and organisations who have been “got at” by trolls can use their loyal support base who have an active online presence such as their regular customers to work together for this same goal. 

Let’s not forget that the channels that exist to report trouble on a social network, bulletin board, chat forum or the like do exist for you to report this kind of trouble.

Personally, I would encourage any campaign to crack down on Internet trolling to be done as a group of many people. They can pool resources and use their contacts to work together to defend the people who are being affected or make life hard for the troublemakers. This can manifest in using technological tools to limit their effect on the affected forums, using civil and criminal legal action against the troublemakers or use online and offline public-relations efforts with a view to pillory them.

Sometimes some disturbing situations that happen with social networking, Internet forums, instant messaging and the like may require you to simply ignore or block trouble on the Internet but others may require you to work actively against it.

Thinking of “resting” that Facebook account? What can you do to make sure it’s there?


Some of you may have dabbled in Facebook or other social networks but then find that you are “sick and tired” of operating them. Then what you end up doing is ceasing to log in to your account. Your friends or followers hear nothing from you and you don’t follow up on activity from the people who are or could be in the social network.

You may even tie your account to an email account that you subsequently cease to use like one associated with your previous ISP or employer; or a Webmail account that you have forgotten about.

These accounts end up with a “pile-up” of friend requests and other people using the social network end up thinking you’re not there. The potential friends may even be considered “spammy” by the social network as they end up with many pending friend requests.

But some of you may want to keep the account alive for such efforts as “keeping in the loop” while travelling or keeping in contact with distant family and friends.

There are some people who may think that it is an act of sacrilege to engage with Facebook, MySpace or Twitter when they have broken off from the network as a statement of their beliefs or actions. The people who I am targeting this post at are the ones who simply abandon these accounts after a fair bit of seasonal activity.

Leave an off-the-air post

When you think that you will be going “off the air” with the social network, write up a public post that says that you will be scaling back your presence on the social network. This lets everyone know that you are OK but won’t be appearing as regularly as you would have done.

Set up notifications

A good practice is to make use of the notification function that the social network has. Here, you could set up your social network’s notification function to send you a summary email post of notifications concerning your account;s activity.

In this arrangement, you should know if someone sends you a direct message, adds you as a friend or follower or confirms a friend request that you instigated. If the social network supports a suggestion framework, you could be notified if someone suggests a member or page for you to link up with on the platform.

Similarly, you can set the email notification to notify you of friends’ birthdays and if your posts or photos have been tagged or someone has tagged you in a post or photo.

When you set the email address, set it to the current email inbox that you are using on a regular basis and keep these email addresses registered with the social network up to date.

Regular “drop in” to your social network

Once a month to once every two / three months, log in and post something or leave a comment on a post or photo so people know you’re “there”.

If you have something for sale, login to Facebook or your other social networks and post a public post with a picture of the item for sale and / or a link to the eBay or “online mart” page you are using to advertising it so your Facebook Friends and others on the network can know it’s for sale.

Here, you don’t forget the login parameters for your account and know that it still exists. This can come in handy if you do want to operate you account frequently like as part of a special trip or event.

It is also worth knowing that some social networks like Facebook, Twitter and Google+ can work as an anchor to a “single-sign-on” mechanism. Here, people can use the credentials associated with these social networks to enrol with and log in to forums, blogs and similar services. If you do have an opportunity to do so, use one of these social-networks that you are enrolled in as credentials for a forum that you are joining in.


Keeping regular tabs on a social network that you had participated in frequently before is a way of knowing that you still exist on it and that people don’t think you have fallen off the earth if you have deserted it.