Open standards always cause security problems and Google's OpenSocial (http://www.theregister.co.uk/2007/10/31/google_open_social/) API introduced last week is no exception. Not only was an early application based on the standard hacked (http://www.techcrunch.com/2007/11/02/first-opensocial-application-hacked-within-45-minutes/) within minutes, it quickly became evident that OpenSocial is vulnerable (http://hyper.to/blog/link/opensocial-insecurity-no-user-to-app-authentication/) and offers an open door (http://www.haroldtherebel.com/2007/11/03/peer-prescience/) to anyone who wants to put a little effort into pushing it open.

But it is not only OpenSocial's lack of security protection that makes it vulnerable. First, OpenSocial is not an "open" standard at all. It is a proprietary API defined by Google's commercial priorities - including a transparent knee-jerk response to Microsoft taking a stake (http://www.theregister.co.uk/2007/10/25/microsoft_facebook_comment/) in the acknowledged market leader Facebook. The history of IT is littered with unsuccessful attempts to promote proprietary standards as "open" (just look at IBM with SNA and SAA).

Second, there is already a genuine open standard (Openquabal) (http://www.jroller.com/openqabal/) - supposedly designed to do the same things as the OpenSocial API. Unfortunately Openquabal does not have the backing of a predatory multinational corporation so it will probably fall by the wayside.

Then again, large corporations spent most of the 1980s and 1990s bickering about common networking standards only to be outflanked by a 30-year old academic standard devised by the US Department of Defence. It was called ARPANET.®

Related stories

Google brews mashier OpenSocial language (30 May 2008)
http://www.theregister.co.uk/2008/05/30/opensocial_templates/
Google and Facebook socialize world+dog (13 May 2008)
http://www.channelregister.co.uk/2008/05/13/google_and_facebook_follow_myspace/
Google ships database porn tool (19 March 2008)
http://www.theregister.co.uk/2008/03/19/google_visualization_api/
Google warns third parties on GData mashups (18 March 2008)
http://www.channelregister.co.uk/2008/03/18/google_gdata_third_party_warning/
Google beats bugs from Android (14 February 2008)
http://www.theregister.co.uk/2008/02/14/updated_android_sdk/
Next year's next big thing (28 November 2007)
http://www.channelregister.co.uk/2007/11/28/2007_reader_feedback/
MoveOn tells Facebook to stop shining Beacon (21 November 2007)
http://www.channelregister.co.uk/2007/11/21/facebook_moveon_privacy_beacon/
Facebook faces UK data probe (20 November 2007)
http://www.channelregister.co.uk/2007/11/20/facebook_uk_data_protection/
Reg Dev wants your Big Three for 07 and 08 (20 November 2007)
http://www.channelregister.co.uk/2007/11/20/old_new_year_picks/
Oracle bets business data on OpenSocial (14 November 2007)
http://www.theregister.co.uk/2007/11/14/oracle_crm_open_social/
I'm a walking billboard .... bitch (9 November 2007)
http://www.theregister.co.uk/2007/11/09/facebook_analysis/
Google petrol pumps debut next month (7 November 2007)
http://www.channelregister.co.uk/2007/11/07/google_on_the_petrol_pump/
Yahoo! Unveils! Another! Social! Networking! Also-Ran! (5 November 2007)
http://www.theregister.co.uk/2007/11/05/yahoo_unveils_kickstart_social_networking_service/
MySpace backs Google's anti-Facebook play (2 November 2007)
http://www.theregister.co.uk/2007/11/02/myspace_and_bebo_join_google_open_social_initiative/
Microsoft-Facebook: Welcome to the Hotel California (25 October 2007)
http://www.theregister.co.uk/2007/10/25/microsoft_facebook_comment/
MySpace opens up to developers (18 October 2007)
http://www.channelregister.co.uk/2007/10/18/myspace_opens_developers/
Facebook flotation 'years out', says Zuckerberg (18 October 2007)
http://www.theregister.co.uk/2007/10/18/zuckerberg_facebook_ipo_distant/