[BUG-100875] Destination pages use Facebook identities instead of SL identities. This is not immediately clear and may lead to disclosure of real identities.

[sl-service-account]

Changed summary. Was "The new destination pages are mixing authentication in a way that may cause users to reveal RL details" – Soft

I followed a link to an event posted on secondlife. http://secondlife.com/destination/come-as-you-were-party

The portal clearly shows that I am logged in as Beq Janus

yet the comments section shows your currently logged in facebook profile. (example here shows my SL as I am not posting an RL link even on a SEC)

This could easily cause people a lot of problems and embarrassment and is particularly deceptive because it is not aligned to the behaviour elsewhere and at no point has authority to post as FB user been granted.

Repro. Login to facebook, using your real life personal account follow the link above and see your RL FB profile picture peeping out at you. if applicable switch instead to your SL FB account and simply click refresh on the SL portal page. The face shown will now be your avatar omage from the SL FB account.

Links

Related

• [ ] https://github.com/secondlife/jira-archive/issues/4659

Original Jira Fields

| Field | Value | | ------------- | ------------- | | Issue | BUG-100875 | | Summary | Destination pages use Facebook identities instead of SL identities. This is not immediately clear and may lead to disclosure of real identities. | | Type | Bug | | Priority | Unset | | Status | Accepted | | Resolution | Unresolved | | Reporter | Beq Janus (beq.janus) | | Created at | 2017-06-22T00:46:50Z | | Updated at | 2018-12-26T19:42:43Z | ``` { 'Business Unit': ['Platform'], 'Date of First Response': '2017-06-21T19:51:51.465-0500', 'ReOpened Count': 0.0, 'Severity': 'Unset', 'Target Viewer Version': 'viewer-development', 'What just happened?': '.', 'What were you doing when it happened?': '.', 'What were you expecting to happen instead?': '.', } ```

[sl-service-account]

Soft Linden commented at 2017-06-22T00:51:51Z

Agreed that using Facebook identities in the middle of a site that otherwise uses pseudonyms can be confusing or cause unintentional disclosure. I'm kicking this back to the devs for discussion.

[sl-service-account]

Whirly Fizzle commented at 2018-12-26T16:54:18Z

This behaviour is still being complained about. Please see forum thread: https://community.secondlife.com/forums/topic/431251-forcing-facebook-on-second-life-members/

[sl-service-account]

Beq Janus commented at 2018-12-26T19:42:44Z

updating to public in light of recent forum posts