Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Single Sign-On Adds More Friction as Private Data Spills Out

DZone's Guide to

Single Sign-On Adds More Friction as Private Data Spills Out

· DevOps Zone
Free Resource

The Nexus Suite is uniquely architected for a DevOps native world and creates value early in the development pipeline, provides precise contextual controls at every phase, and accelerates DevOps innovation with automation you can trust. Read how in this ebook.

What was once a beautiful idea that promised a future without (too many) passwords has now become completely useless feature. I wanted to try two promising services that popped out on Hacker News – but they wanted me to create an account. Damn, I need to create yet another throwaway account with a mail address and a password. But you can see on the image below that first of those two services Explee allows me to sign up with my Facebook or with my Google account. It would be great if I could skip the step with email activation and jump straight through to the actual site, I might use either of those social networks as a sort of personal identity.

But that would prove unwise. Let’s consider the first possibility – signing up with Facebook. If I click on that button, I am greeted with the all too familiar prompt and I need to approve the link between the website and Facebook. In my opinion, Explee asks too much data:

Explee would like to access your public profile, friend list, email address, birthday, current city and likes.

Really? Is all that really necessary? Thanks, but no thanks, I will try using Google instead. Or will I? Signing up with Google prompts me to give the following info:

Explee is requesting permission to:
View basic information about your account
View your name, public profile URL, and photo
View your gender and birthdate
View your country, language, and timezone
View your email address
View the email address associated with your account

And all this just because I am too lazy to create another mail/password combination? It doesn’t seem that irksome compared to giving all that info to some website. But since I am lazy, I will skip this site entirely.

Moving on to the next one – Subtask. I am greeted by a nice button displaying “Try It For Free”. Well, don’t mind if I do :) And again I am confronted with the signup form requiring me to create a new mail/password combination. And again I have the option of connecting with either Facebook or Google. This is yet another service that I will (unfortunately) skip, but hey, at least let’s see which permissions and data they are asking of me now.

Connecting with Facebook this time requires less info:

Subtask would like to access your public profile, friend list and email address.

Since my friends list is generally hidden from public, this presents a slight problem as I do not want to share such information publicly. You can use any of my publicly available information of which a mail address is not a part of. What about connecting with Google, any luck there? Sadly, it gets worse. This times I have to give even more information:

Subtask is requesting permission to:
View basic information about your account
View your name, public profile URL, and photo
View your gender and birthdate
View your country, language, and timezone
View your email address
View the email address associated with your account
Manage your contacts
View and manage your Google Contacts

We have just met and you want to manage my contacts already? We are not at that level of relationship just yet.

The web is full of such websites that require me to divulge too much of myself in order to use them. But what happened with simple sign in using nothing but a token that identifies me uniquely? The last thing I need now is for websites that require signing in with some social service and asking too much of my private data. Sorry, but you a can only use that information which is publicly available…and nothing more.

Guess it isn’t free after all.

P.S. Never enable logging in just with Facebook.

The DevOps Zone is brought to you in partnership with Sonatype Nexus.  See how the Nexus platform infuses precise open source component intelligence into the DevOps pipeline early, everywhere, and at scale. Read how in this ebook

Topics:

Published at DZone with permission of Toni Petrina, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}