[j10t]

"On iOS, use the device token and implement truly anonymous login"

* What about the web?

* What about cross-platform?

* What about when the device token changes? (for example, after restoring the phone from a backup image)

My take: Facebook Login solves a real problem well and this 'Anonymous' option is a good improvement. The name is no worse than other industry uses of terms "Incognito", "Private", and "Cloaked".

[SonicSoul]

I've been wondering about this..

on the web, anonymous login would be just a code snippet. What would prevent anyone from showing regular FB login posing as anonymous? Only thing I can think of regular login should have a follow up dialog with confirmation of what's requested, but maybe that can be auto confirmed too? some users may still agree to follow up screen if they trust the anonymous icon.

[lnanek2]

From the site, it looks like the FB login page you get after clicking the button is all black, and then you get sent back to the app. The regular one would be in the normal colors. Although I suppose they could popup a fake anon one on their own site, but they wouldn't have the right URL. On Android the app allows login without entering a password as well, so I'd immediately know because login through FB doesn't require my password but the app's fake version would.

[SonicSoul]

the question was about posing non anonymous FB login as anonymous to trick users into giving more info about themselves. neither should require a password if yo're already logged into FB.

[numair]

On the web? There's this great new innovation called cookies that allow for site-based identity!

As for cross-platform and token changes -- well, you can't deal with those situations when you're implementing something that's actually anonymous. You're going to have to implement some sort of persistent identity. At that point, you might as well offer a multitude of options, of which Facebook would be one.

This login creates an unnecessary point of friction for all anonymous applications. Just use an existing token (cookie, device token, etc), allow your user to immediately begin using your app (that's what they expect anyhow), and "ease your user in" to a point of giving you identifying information if you need it.

[Reedx]

How would cookies solve it considering that they are temporary?

Even if the cookie expiration was set for 100 years, it's going to disappear the moment someone switches their browser, gets a new computer, clears their cookies, etc.

[placeybordeaux]

Not to mention that this does nothing for having the same login for phone and browser.

[untog]

you can't deal with those situations when you're implementing something that's actually anonymous

True, but this login isn't "actually anonymous" - but I can't think of a better term so I don't blame Facebook for using the one they did. It's effectively a global ID with no data attached to it.

[thinkling]

Pseudonymous is the term you're looking for, I think. An identity that's not tied to your real-world identity.

[jcampbell1]

Let's say I want to create a service like Instapaper. I don't care about the person's facebook info, but I'd like to optionally give them a way to login with a simple button press without having to create another username and password.

This seems like a reasonable solution.

> Just use an existing token (cookie, device token)

That won't work because the mobile and web account have to be connected.