When my Facebook account was hacked in March, I didn’t panic. I changed my passwords, and I enabled two-step authentication on Facebook, Twitter, and Google. I knew that once a single account was compromised, it could lead to a domino effect of unauthorized access far beyond a single social network. I was proud of my calm, surgical demeanor.
Then I remembered that I use my Facebook, Twitter, and Google accounts to access other websites, apps, and services. I looked at which apps had access to my Twitter account: There are more than 200 (a printout is 24 pages long). Calm surgeon? More like a naive epidemiologist dealing with a potential viral outbreak.
How did these social media juggernauts persuade me (and you) to outsource our trust to such a large degree? One answer is sign-up and login fatigue. New service equals new account equals new password to remember. I have definitely caught myself muttering, “Exactly why do you need to know my email address and have me upload a profile photo, random app I don’t really care about? Facebook’s robots already have that information. You’re a robot. I’m a feeble and exhausted human being. Have your robot talk to their robot and leave me out of it.” Thank you, Big Three. You’re reducing instances of humans yelling at robots, which can only help delay, if not prevent, the Terminator prophecy from coming true.
If only this convenience were done out of altruism. By playing the role of trusted authenticator, they increase our dependence on them. I don’t just need Twitter when I get angry about the latest plot twist on Fox’s Empire. Now I need Twitter to log in to the Washington Post’s comments section, where I express my anger about the latest plot twist on Fox’s Empire. If I never used Twitter again, I’d still be a Twitter user, because the company is like the school janitor with a fat ring of jangling keys to various doors in my online life.
The real driving force behind such functionality is to get all up in our data. Twitter knows that in February 2011, I signed up for My Pet Monster, and one month later joined UberCab, and one year later gave Instagram access to my Twitter feed. They put a tracker inside me and are learning far more about my habits than what I do on Twitter. The NSA should have thought of this. Instead of secretly capturing metadata, it could have openly collected it by making the process of logging in to online services less annoying. If I had one Super NSA ID that I could use to pay for purchases and get on the subway, I’d save a lot of time, and the government—ooooh, now I see why people are freaked out.
The Big Three gatekeepers have an enormous amount of data about us. They’re like Santa Claus: They know when we’ve been sleeping; they know when we’re awake; and they know when a new dating app gets hot because every new entrant is built on Facebook login and access to the friend list. You shouldn’t need to get hacked to realize the scale of authority being outsourced. I don’t want to return to a world where I need a separate key for every digital service. But given the information at stake, the Big Three need to help us manage it better. They could let us choose to revoke access for any app that we haven’t used in a while. They could be more transparent about what they learn from the permissions we grant. We’re putting a lot of trust in Facebook, Google, and Twitter. They should have to re-earn it continually.