Niket Biswas posted an entry in the Facebook Developers blog yesterday entitled “Confirming Developer Accounts“. It seems that they are asking application developers to attach either a mobile telephone phone number or a credit card to their Facebook account. The telephone number is verified by way of a validation code sent by SMS, the credit card number is not verified in any two way fashion, in fact Facebook explicitly state that they do not even make a token charge to the card. In their own words;
“We’re taking this step to preserve the integrity of Facebook Platform, ensuring that every application is associated with a valid and real Facebook account.”
There are a couple of glaring problems with this… Firstly, what guarantees are there that any Facebook account is “valid and real” in the first place? Secondly, proving access to a credit card or mobile phone is a whole different thing to proving ownership. So if criminals or scammers, who we must assume have ready access to disposable mobile numbers and/or stolen credit cards, attach some of these bogus credentials to an already bogus account where does that leave us?
Well, with the proposed “Confirmed Developer Accounts”; it leaves us with a fake “confirmed” profile which is once again free to post any application content they choose, and it leaves Facebook incident handlers continuning to play Whac-a-Mole with the scammers.
If Facebook really want to turn around the security situation when it comes to malicious or (being charitable) rogue content, then the only effective option open to them is an application approval process such as the ones already in place over on MySpace or on the Apple App Store.
The effort that Facebook incident handlers currently put in to tracking down and suspending the ever increasing volume of rogue apps would surely be better channeled into stopping them from appearing in the first place. This is something I first suggested back in February 2009 when two rogue apps in a week was considered shocking (how times change). At the time Mr Zuckerberg was very quick to dismiss my proposal, but with these first steps perhaps we can live in hope.