¿ªÔÆÌåÓý

  1. GroupManagersForum
  2. Messages
Single Messages Topics Expanded Polls

Re: Signing in with Google or Facebook - data security and group promotion

 

I've spent some time on the OpenID standard, which governs the borrowing of authentication from third party providers like Google or Facebook. When you use a third party to authenticate using OpenID to Groups.io, the third party becomes aware that you have authenticated with Groups.io, but under the standard, the third party does not have access to the information you have exchanged with Groups.io. Using third-party authentication does have vulnerabilities. If, for example, you use Google for authentication and your Google account is hacked, the hacker gets access to your Groups.io account also. The hacker can log into your Groups.io account using your stolen Google password.

On the privacy side, the third party may not have access to your group's posts to Groups.io, but they know when you logged in and therefore they have clues for spreading their net to nab more information about you. For example, if you use Google's gmail, Google scans your email for information that interests them. (See your Gmail Terms of Service.) Knowing that you have logged in to Groups.io may trigger something in Google's information collection system to scan your email in a certain way, or simply knowing that you log into a certain Groups.io might trigger certain Google ads. For example, I understand that being able to target persons with certain chronic diseases (like diabetes) is quite valuable in on-line advertising. Being a member of a chronic disease group on Groups.io might trigger a spate of targeted drug ads. I don't know that Google does this, but it is possible.

Like Duane, I avoid alternate third-party authentication services. I don't worry much about privacy anymore. Basically, I've given up on it. Instead I use ad-blockers and realize that I have the same level of privacy in the world as I once had when I lived in a rural neighborhood where everyone knew everyone's secrets. But I do worry about trusting third-parties and I use multi-factor authentication whenever I can.

is a bit dated now, but I provide some detail on OpenID and other similar standards.
Best, Marv
Join [email protected] to automatically receive all group messages.