Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Single Sign-On Adds More Friction as Private Data Spills Out

DZone's Guide to

Single Sign-On Adds More Friction as Private Data Spills Out

· DevOps Zone
Free Resource

Download the blueprint that can take a company of any maturity level all the way up to enterprise-scale continuous delivery using a combination of Automic Release Automation, Automic’s 20+ years of business automation experience, and the proven tools and practices the company is already leveraging.

What was once a beautiful idea that promised a future without (too many) passwords has now become completely useless feature. I wanted to try two promising services that popped out on Hacker News – but they wanted me to create an account. Damn, I need to create yet another throwaway account with a mail address and a password. But you can see on the image below that first of those two services Explee allows me to sign up with my Facebook or with my Google account. It would be great if I could skip the step with email activation and jump straight through to the actual site, I might use either of those social networks as a sort of personal identity.

But that would prove unwise. Let’s consider the first possibility – signing up with Facebook. If I click on that button, I am greeted with the all too familiar prompt and I need to approve the link between the website and Facebook. In my opinion, Explee asks too much data:

Explee would like to access your public profile, friend list, email address, birthday, current city and likes.

Really? Is all that really necessary? Thanks, but no thanks, I will try using Google instead. Or will I? Signing up with Google prompts me to give the following info:

Explee is requesting permission to:
View basic information about your account
View your name, public profile URL, and photo
View your gender and birthdate
View your country, language, and timezone
View your email address
View the email address associated with your account

And all this just because I am too lazy to create another mail/password combination? It doesn’t seem that irksome compared to giving all that info to some website. But since I am lazy, I will skip this site entirely.

Moving on to the next one – Subtask. I am greeted by a nice button displaying “Try It For Free”. Well, don’t mind if I do :) And again I am confronted with the signup form requiring me to create a new mail/password combination. And again I have the option of connecting with either Facebook or Google. This is yet another service that I will (unfortunately) skip, but hey, at least let’s see which permissions and data they are asking of me now.

Connecting with Facebook this time requires less info:

Subtask would like to access your public profile, friend list and email address.

Since my friends list is generally hidden from public, this presents a slight problem as I do not want to share such information publicly. You can use any of my publicly available information of which a mail address is not a part of. What about connecting with Google, any luck there? Sadly, it gets worse. This times I have to give even more information:

Subtask is requesting permission to:
View basic information about your account
View your name, public profile URL, and photo
View your gender and birthdate
View your country, language, and timezone
View your email address
View the email address associated with your account
Manage your contacts
View and manage your Google Contacts

We have just met and you want to manage my contacts already? We are not at that level of relationship just yet.

The web is full of such websites that require me to divulge too much of myself in order to use them. But what happened with simple sign in using nothing but a token that identifies me uniquely? The last thing I need now is for websites that require signing in with some social service and asking too much of my private data. Sorry, but you a can only use that information which is publicly available…and nothing more.

Guess it isn’t free after all.

P.S. Never enable logging in just with Facebook.

Download the ‘Practical Blueprint to Continuous Delivery’ to learn how Automic Release Automation can help you begin or continue your company’s digital transformation.

Topics:

Published at DZone with permission of Toni Petrina, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}