JFBC - Open Auth?

Ricardo,
We greatly apologize for being inaccurate above. It was not intentional, and we know you re-subscribed based on some of the information we provided. If you wish to obtain a refund, no problem, just let us know. For upgrading instructions (which don't reset any of your saved configuration information), see: www.sourcecoast.com/jfbconnect/docs/upgrade-guide

Everyone,
JFBConnect 3.x is not leaking data. We're unsure why these emails are going out to a very small subset of our users, and will continue to investigate. However, the reasons behind the emails, and the possible data-leak, which is what Facebook is trying to prevent, is not an issue with JFBConnect 3.x and above. We have made a short (4 minute) video which describes the issue, and shows how JFBConnect is not affected by the data leak in any way, and will post it here shortly. If you are so inclined, the demonstration should also give you some information on how you can test your site to ensure that there are no issues.

For more information on the exact issue, should you be curious, please see the Symantec advisory:
www.symantec.com/connect/blogs/facebook-...access-third-parties

Once the video is ready on YouTube, we will post a link here (and blog about it tomorrow). If Facebook ever contacts you that your application is, or has been disabled (which we have not heard of this happening), please contact us. There is no reason for this to happen, and we feel their automated tools are inadvertently catching a few of our users.. this has been brought up in the Facebook developer forums by many users who do not think they are affected, JFBConnect users included. We, still, have not received the email even though we operate many JFBConnect powered sites.

Thank you, and please keep us posted with any new information you may have!
Alex

Another note (the YouTube video is still uploading), OAuth2 is going to be a requirement for Facebook Connect as of September 1st. Facebook will be releasing an updated Facebook Connect PHP library, which we use, on July 1st. We will have a new version of JFBConnect which uses the OAuth2 flow in the mid/late July timeframe to be very prepared for the September 1st deadline.

Should you have any questions about the transition, feel free to let us know. We'd love to include any comments, worries, or other information in the blog post that we'll be creating tomorrow.

Thanks again for your patience in this matter!

The video is uploaded and can bee seen at the following link:


Please let us know if you have any questions, comments, or concerns!

There is no reason that they should disable your Facebook Connect application. JFBConnect prevents the data leakage which is their concern. However, at the bottom of that email, it does recommend contacting them if you feel you received the email in error.

Please, feel free to tell them you are using JFBConnect, link to this post, and our website. We will gladly work with Facebook in any way possible to clear this issue so that other users of JFBConnect are not stressed about this.

We have not heard of -any- (not just JFBConnect) sites having their Facebook Connect applications disabled, but we are not Facebook and cannot predict what they may do in the future. It seems as though there are many sites that have been notified of this possible violation who feel they are not in error, as is demonstrate by the post below in the developer forums. There are other similar posts like this, but this is the biggest thread so far:
forum.developers.facebook.net/viewtopic.php?id=99289&p=1

We actually posted our video above in that thread in an effort to help some of the many users (non-Joomla included) to determine if their site was in violation of the terms.

Again, please keep us posted if you hear anything different from Facebook. We think, so far, they've thrown out a very large net that has caught a lot of innocent fish.

All,
We've created a blog post with the information we have. This is still, from the reports in the forums and emails we've received, affected a very small amount of our users, but we understand your frustration.

The blog post can be found below:
www.sourcecoast.com/blog/item/109-facebo...g-upgrading-to-oauth

Most importantly, we've created a quick, confidential survey that we'd please ask you to take the time to fill out. It's mainly for us to get a feel for if there is a certain set of configuration options that may be common to user's who have received the email. The questionnaire can be found:
spreadsheets.google.com/viewform?formkey...ZxTHg5T2xIcjVtRXc6MQ

Thank you, and we'll keep you posted on the matter.

Thanks for the tips. We fixed the directions in a few questions.

As for the Analytics/misc stuff, we considered asking that question, but wasn't sure if it would tell us much without confusing the survey too much. In all honesty, it really shouldn't matter what 3rd party might get at the data, just that they can.

Thanks for taking the survey, and we'll obviously keep you posted as we learn anything.