Fflick’s Identity Misstep a Lesson for the Integrated Web
Newly-launched Fflick taps into Twitter to get opinions on movies, most notably from your friends. It’s a neat idea and a good-looking build that advances the idea of Twitter as a platform. It also makes one big mistake by co-opting people’s identities and using them as shills to grow the perceived community size.
Here’s how it works: go to Fflick.com and do a search for someone’s Twitter account name. If that account isn’t private, Fflick generates a stand-in profile page like the one below.
Say, that’s me! Funny thing is I don’t remember signing into Fflick. I just looked for my own Twitter name. Apparently I’ve been up to something, because right here is a custom page for me with my picture and a testimonial:
What Just Happened?
The essentials are that when anyone searches for a Twitter name that Fflick hasn’t seen before, it dashes off to Twitter and asks for the public information about that account. Image, name and profile are public, unless your Twitter account is locked, and Fflick is using that information to create your profile page.
It’s a bit creepy to make fake profile pages on one’s behalf, because I can type in anyone’s Twitter account name, but where things go very wrong is the statement that I’m using Fflick. At this point, my identity has been co-opted into a marketing message for Fflick, and this is flat out wrong.
When I poked about on Twitter I found a few complaints, and many of them about the auto-tweeting that Fflick does when you do give it permission to work with your Twitter account. Sadly, this is the part where Fflick does things right – kinda.
The first time you visit Fflick, you get this nice little welcome that not only asks you to sign in, it gives you an option to say you’re just visiting and options for doing the auto-tweet and auto-follow. The options are clearly worded and up front. A+!
But, and here is where I think people are getting upset, if you don’t authorize access to your Twitter account just then, you can sign in with a button near the top of the page. This method does not give you the chance to change those default auto-tweet and -follow options. People authorize, the options are used on default settings, and boom, you’ve got complaints.
Recovering and Going Forward
Fflick needs to delete all of these placeholder pages immediately and apologize. It’s that easy. If someone hasn’t authorized Twitter access, don’t pretend they’re a member. It’s an easy fix, but it will only work if it happens fast.
And it is: even before I finished writing this I saw that Fflick responded to just these concerns:
Fflick’s misstep has solid lessons for building on web services.
1. Never assume that public information is necessarily open to reuse as you like, especially when that information is used to identify a real person.
2. Ensure that default options associated with giving permission to access an account are clearly stated *everywhere* that access can be granted. Fflick can be forgiven for missing that part, because they clearly tried to do the right thing on that greeting page.
3. Respond quickly with humility and a willingness to change, and you’ll win friends and fans.
On the bright side, Fflick did let me know something I hadn’t before: there’s a Predator sequel called Predators. Watch out, Carl Weathers!!