Author Archive

What information about Facebook friends is shared during social login, and does it spam them?

August 20th, 2014

Will my friends get spam if I use Facebook social login? What information about my friends will be shared?   These questions come to many when faced with the Facebook login option on websites and captive portals. This post seeks to answer these questions from the technical standpoint.

Graph API is the Facebook’s API that enables apps to read and write to the Facebook social graph. The discussion here is with respect to the API version 2.0 (released in April 2014) and later versions. To leverage the Graph API, there first needs to be a Facebook app. The app can be easily created in any Facebook account from the menu options. By default, apps can access the social login user’s public profile, email and friends list in the Facebook social graph. For access to additional information, the app needs to go through review and vetting process with Facebook. For illustrative purposes, let’s take the example of a consumer facing business that creates an app called “Da Brand” with default access rights.


Da Brand

Facebook apps are accessed using the OAuth method from webpages and mobile apps that provide the Facebook login option. In our example, the website or the captive portal will have the Facebook login button that is linked at the back end to the “Da Brand” Facebook app created above. Visitors using the Facebook login option will be interacting with the Facebook social graph via the “Da Brand” app.

With this setup in place, let’s now look at the login workflow to understand what information about friends can actually be shared during the social login. In fact, there are multiple barriers during the actual login workflow that block access to the login user’s friends list.


Login User Side Control


When the user clicks on the Facebook login button on the webpage, he has the option to deselect the permission to share friends list. Deselecting this option prevents Facebook from sharing the login user’s friends list with the app. Here, the user also has the option to deselect permission to share his own email address – in which case even the login user will not be able to hear back from the brand.


Facebook permission picture


Network Side Control


In the OAuth method, the Facebook login widget on the webpage (“Client” in OAuth terminology) fetches information about the login user (“Resource Owner” in OAuth terminology) from the Facebook social graph (“Resource & Authorization Server” in OAuth terminology) and presents that information for analytics. Accordingly, the OAuth Client (Facebook login widget on the webpage) ultimately controls what kind of information is fetched and presented for analytics, within the confines of  what the app is configured to ask for and what the login user permits at login time.

For example, the social Wi-Fi login widget on AirTight’s cloud hosted captive portal does not present the friends list of the login user for analytics. This is because, the preferred way of using social Wi-Fi in the field is for one-on-one engagement with customers of the brand rather than to look into their friends list. This network side control is very effective in controlling the information sharing, as it transcends the app configuration and the end user actions.

Facebook Social login _ OAuth Client and Server


Social Graph Side Control


The Graph API version 2.0 has implemented another interesting behavior with respect to sharing friends list with apps, see Facebook Graph API version 2.1:

“This will only return any friends who have used (via Facebook Login) the app making the request”.


Take the example of login user (John) who has Bob and Alice as Facebook friends. Bob has previously used Facebook to log into the “Da Brand”, but Alice has never logged into the “Da Brand” before. In this case, if John permitted at login time and if the network side control allowed fetching the friends list, Facebook will provide Bob’s reference to the OAuth Client as John’s friend, since Bob has already opted into the same app. However, it will not provide Alice’s reference to the OAuth Client as she never logged into the “Da Brand” app.

This behavior provides assurance to Alice that her social handle will not be shared with the brand that she herself is not registered with, even if her friend John granted permission to share friends list at login time and even if the network side control supported fetching the friends list. Outside of the Wi-Fi use case, this new control in the Graph API has actually disappointed app developers, since many social apps on the web are designed to tap into the friends list to share with them or invite them to the user’s activity. For example, by prompting the user to share the game score by showing the user the entire friends list inline within the gaming app.

By virtue of the various technical controls described above, the social login user does not have to give away the friends list and thus friends’ information is insulated from the user’s social login activity. This also precludes the possibility of spamming the friends.

Hopefully this blog shed some light on the mechanics of friends list sharing during the social login process. Thanks to those who highlighted this issue about friends list sharing on social media, which provided inspiration for this blog.


Dale Rapp and Omar Vasquez  tweets on social-login


Social Wi-Fi Roundtable on Vimeo - vimeo


Related Information:


Related Videos:

Noodles Case Study WFD7

Drew Lentz WFD7 YouTube



Privacy, WiFi Access, Wireless Field Day , , , , , , , , , , , , ,

Channel Bonding Caveats – Over and Above Spectrum Hogging

July 14th, 2014

Popular literature on 802.11ac describes 40 MHz and 80 MHz operation (channel bonding) as doubling and quadrupling of the data rate, respectively. Every time I saw that mentioned, the following question came to my mind.

When radio transmits over 40 MHz (or 80 MHz) channel, is the total transmit power proportionally increased over 20 MHz to maintain the SNR (signal to noise ratio)? And, how is the data rate multiple with channel boding distributed over the cell?

This question nagged me like a little stone in the shoe that is impossible to ignore. My subsequent findings from the lab tests show that the popular literature is only partially true. Read on to find out why. Read more…

802.11ac, WLAN planning , ,

Packet Capture with AP Radios – What’s Under the Hood?

May 19th, 2014

Wireless packet capture has always been important to Wi-Fi professionals and support engineers for resolving network problems. With the diversity of wireless clients that is already around and which is only expected to grow with the Internet of Things (IoT), packet capture capabilities will continue to be critical. Wireless packet capture can be facilitated in the AP radios using the hardware and the driver level hooks. Read on to find out what’s under the hood.

There are two main plumbing points to get frames from wireless up to the application: one in the hardware and the other in the driver software. At the hardware level, the radio supports “Promiscuous Mode” option. When this option is activated, the hardware passes all wireless frames received on the channel where the radio is operating up towards the driver software. When this option is deactivated, the hardware passes only the wireless frames for the MAC of the radio (and the frames like probe requests & beacons based on the additional sub-settings under non-Promiscuous mode) up towards the driver software.

The driver software can operate in AP, STA, or Monitor Mode. 

Read more…

WLAN Troubleshooting

Peek Inside 802.11ac Access Point Hardware Designs

March 25th, 2014

There is large and ever increasing assortment of enterprise access points offered by wireless vendors today.  APs have different number of radios, number of streams, 11n/11ac, POE compatibility, peripherals, price, etc. While this diversity is overwhelming, have you wondered what lies in the hardware guts of these APs? What are the hardware design concepts that are responsible for rendering feature personality to the AP? How does the hardware ecosystem work among chip vendors, ODMs and AP vendors? What are state of the art hardware architectures for the 802.11ac APs? This blog post discusses key hardware concepts, such as SoC, dedicated CPU and offload architectures that are commonly found inside the APs, along with the ODM sourcing model for the Wi-Fi APs and its implications for product offerings.

Read more…

802.11ac , , ,

Healthcare, Wi-Fi and HIPAA – A Tricky Combination

February 12th, 2014

What a great start to year on the industry events front – we started with NRF in January, looking forward to HIMSS and our ACTS event in February, and MURTEC in March. In NRF, high points of discussion were around Social Wi-Fi and analytics. That said, topics of security and PCI compliance were also high on the agenda prompted by the Target credit card breach that occurred just before NRF. I expect to there will be a lot of security discussions at HIMSS too.

Healthcare, Wi-Fi and HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996. It is enforced by the Department of Health and Human Services (HHS), and implemented by regulations of 45 CFR. Among other provisions it has rules mandating that healthcare organizations safeguard the privacy and security of patient health information.

Read more…

Healthcare, WiFi Access

5 Reasons Why Facebook Wi-Fi is for Local Biz, but Not for Retail Enterprises

January 23rd, 2014

Netgear recently announced integration with Facebook on their APs using Facebook Wi-Fi API. Meraki and Cisco have also announced the same capability on their APs. Facebook Wi-Fi franchise is growing. It is easy to configure and get working (except when used on Cisco APs, which requires running separate CMX VM and per-AP license). That is good news for local businesses. However, does this architecture meet the requirements of mid-size to big retail enterprises? Not so fast! Let me explain.

Retail enterprises operate multiple stores across regions, states or countries. They run targeted marketing campaigns for customer engagement. This puts certain requirements on Social/Wi-Fi integration for retail enterprises, which are currently unmet with Facebook Wi-Fi integration.

1) Omni-channel marketing is essential for maximum reach

Facebook Wi-Fi allows only Facebook logins, obviously. So merchants miss out on other social channels like Twitter, Google+, Linkedin, Foursquare, etc. In addition to social logins, enterprises also want to promote brand loyalty programs when users access guest Wi-Fi. Facebook Wi-Fi does not allow this as well.

Read more…


Will Target Breach Prompt Retailers to Raise the Security Bar?

January 8th, 2014

Did 2013 have to end with the somber news of a big credit card security breach? But it did! It is reported that 40 million credit cards were compromised in the security breach in stores of a major U.S. retailer Target. This is only a shade second to the earlier TJX breach in which 45 million credit cards were compromised. (After this blog was published, it was reported that the number of affected accounts in the Target breach is as high as 110 million, which would make it more that double the TJX breach!)

After any breach, and surely after the breach of such dimension, discussion on the data security issues at the retailers escalates. Earlier, the TJX breach resulted in stricter wireless PCI (Payment Card Industry) compliance requirements. The current Target breach can also trigger tightening of the compliance requirements. This breach may also prompt IT, security and compliance managers at major retailers to take a hard look at the information security aspects of the various technologies that they have deployed. Add to it the fact that retailers are aggressively deploying mobile and wireless technologies like POS, kiosks and tablets in stores. What are some of the core issues they should be looking at?

Read more…

Compliance, PCI, Retail , , , , , , , ,

Network troubleshooting in distributed Wi-Fi environments

November 20th, 2013

Wi-Fi is installed after everything else in the network is already set up – switches, routers, servers, firewalls, VPNs etc. Naturally, customers rely on their Wi-Fi solution provider to alleviate any network problems that arise during the Wi-Fi deployments, even though the problems are not necessarily Wi-Fi specific.

Need Wi-Fi troubleshooting? Call up a networking Jedi!

Need Wi-Fi troubleshooting? Call up a networking Jedi!

Network issues aren’t something new in any project. However, the troubleshooting task becomes challenging when it needs to be done remotely and when there isn’t much onsite IT help. This is often the case with the distributed Wi-Fi deployments. Also, due to the heterogeneity of the network infrastructure in many environments in the distributed vertical, sometimes very stealthy network problems are encountered. Take these recent troubleshooting examples which underscore these points.

Read more…

WLAN Troubleshooting

Bang for the buck with explicit beam forming in 802.11ac

October 16th, 2013


Bang for the buck with explicit beam forming in 802.11ac

802.11ac has brought with it MIMO alphabet soup … spatial streams, space-time streams, explicit beam forming, CSD, MU-MIMO. Alphabet soup triggers questions to which curious mind seeks answers. This post is an attempt to explore some questions surrounding explicit beam forming (E-BF) that is available in Wave-1 of 802.11ac. E-BF is a mechanism to manipulate transmissions on multiple antennas to facilitate SNR boosting at the target client.

How is E-BF related to spatial streams?

E-BF is a technique different from spatial streams. E-BF can be used whenever there are multiple antennas on the transmitter, irrespective of the number of spatial streams used for transmission.

Read more…

802.11ac , , ,

Hunting down the cost factors in the cloud Wi-Fi management plane

October 3rd, 2013


Mature cloud Wi-Fi offerings have gone through few phases already. They started with bare-bones device configuration from the cloud console and over the years matured into meaty management plane for complete Wi-Fi access, security and complementary services in the cloud.

CostAlongside these phases of evolution, optimizing the cost of operation of the cloud backend has always been important consideration. It is critical for cloud operators and Managed Service Providers (MSPs). This cost dictates what end users pay for cloud Wi-Fi services and whether attractive pricing models (like AirTight’s Opex-only model) can be viable in the long run. It is also important to the bottom line of the cloud operator/MSP.

Posed with the cost question, one would impulsively say that cost is driven by the capacity in terms of number of APs that can be managed from a staple of compute resource in the cloud. That is an important cost contributor, but not the only one!

Read more…

Cloud computing , , , , , ,