Honestly i like these buttons from a user/security POV as oauth only passes back a “login successful” reply and an identifier to associate an account with. Less PII to spread around the internet.
Are you sure about that? I had my Google account since before they acquired YouTube. During their acquisition and merger, so as to not corrupt or pollute their merging databases I presume, I was forced to pick a different username for YouTube than my Google account, and that still stands to this day, even though both are indeed effectively the same account… 🤦♂️☹️
Google’s official MFA app is YouTube, so I assume so. (Every time I login to gmail or google docs, the MFA ping opens YouTube on my phone to approve the login.)
Uh, okay. My account isn’t even registered to a phone number, never has been, and my mobile devices aren’t registered with Google.
I’m currently only signed into Google on my laptop, and if I do happen to sign into another device (which has happened before), Google just drops me an email something along these lines…
‘A new device has logged into your account. If this wasn’t you, click here, but if it was you, there’s nothing you need to do’
check your permissions, & then check, on google, what those perms allow…
IF you’re in Android, not iPhone, THEN there is nothing you can do to block google from knowing your phone-number.
Whether iPhone users truly have privacy from google…
i wouldn’t bet much on that…
As former mafia man ( Firenzese, or something ) said:
once they’ve got enough all-pervading leverage on you, then you cannot win: the leverage locks.
I’m misphrasing it, and he was speaking about the mob, but the principle is true, globally not only in the context he was speaking.
All of surveillance-capitalism is rooted in putting the subjects/serfs in a panopticon, & never letting them out, squeezing them all until the individuals die, being replaced by new inmates, but the population-as-a-whole never would be tolerated to escape…
Perfect industrialized parasitism.
sorry about the bitterness: i’m an old geek & had some idea of what good could be done, world-wide, with tech…
DarkTriad’s incorporated-feudalism proved it won, totally, easily.
I hate it when it afterwards still prompts me to create a full account, on some badly made sites. Why even allow oauth login if I still have to give you all my personal data…
This is fine for stuff I don’t care that much about, like an account with your hairdresser or a pizza place, but if you tie all your actually important stuff to the same account and you get locked out for whatever reason, now you’re locked out of your whole life.
I prefer unique passwords and a password manager. But you do have to back up the password manager data as well as any data you have with cloud providers.
For me the bigger issue is privacy. If you’re using Google to log into everything, Google gets to add all of that activity to their profile on you, and track you as you use every website you go to. No thanks. Google doesn’t need to know I’m buying a pizza tonight.
That is also a concern and why I always default to a separate account even for those things, but I wouldn’t assume that data doesn’t get sold to Google regardless.
Google knows when you use their services to sign in, and for what third party they’re authorizing the requests. The data doesn’t need to be sold back to Google.
The important part is whether they can associate two identities together. If you use a shared Google login for everything you’re doing their work for them.
Google and youtube are the same login though…
Honestly i like these buttons from a user/security POV as oauth only passes back a “login successful” reply and an identifier to associate an account with. Less PII to spread around the internet.
Are you sure about that? I had my Google account since before they acquired YouTube. During their acquisition and merger, so as to not corrupt or pollute their merging databases I presume, I was forced to pick a different username for YouTube than my Google account, and that still stands to this day, even though both are indeed effectively the same account… 🤦♂️☹️
Google’s official MFA app is YouTube, so I assume so. (Every time I login to gmail or google docs, the MFA ping opens YouTube on my phone to approve the login.)
Uh, okay. My account isn’t even registered to a phone number, never has been, and my mobile devices aren’t registered with Google.
I’m currently only signed into Google on my laptop, and if I do happen to sign into another device (which has happened before), Google just drops me an email something along these lines…
‘A new device has logged into your account. If this wasn’t you, click here, but if it was you, there’s nothing you need to do’
check your permissions, & then check, on google, what those perms allow…
IF you’re in Android, not iPhone, THEN there is nothing you can do to block google from knowing your phone-number.
Whether iPhone users truly have privacy from google…
i wouldn’t bet much on that…
As former mafia man ( Firenzese, or something ) said:
once they’ve got enough all-pervading leverage on you, then you cannot win: the leverage locks.
I’m misphrasing it, and he was speaking about the mob, but the principle is true, globally not only in the context he was speaking.
All of surveillance-capitalism is rooted in putting the subjects/serfs in a panopticon, & never letting them out, squeezing them all until the individuals die, being replaced by new inmates, but the population-as-a-whole never would be tolerated to escape…
Perfect industrialized parasitism.
sorry about the bitterness: i’m an old geek & had some idea of what good could be done, world-wide, with tech…
DarkTriad’s incorporated-feudalism proved it won, totally, easily.
🙏
My Android devices have never been logged into Google, and the tablet I’m posting from has no SIM card, so it has no phone number.
They have no record of a phone number for me, because I’ve never signed into Google on any active Android device.
Edit: I also have Google Play and Services, and most other Google apps disabled. FOSS for the win! They really don’t have any phone number for me.
I hate it when it afterwards still prompts me to create a full account, on some badly made sites. Why even allow oauth login if I still have to give you all my personal data…
This is fine for stuff I don’t care that much about, like an account with your hairdresser or a pizza place, but if you tie all your actually important stuff to the same account and you get locked out for whatever reason, now you’re locked out of your whole life.
I prefer unique passwords and a password manager. But you do have to back up the password manager data as well as any data you have with cloud providers.
For me the bigger issue is privacy. If you’re using Google to log into everything, Google gets to add all of that activity to their profile on you, and track you as you use every website you go to. No thanks. Google doesn’t need to know I’m buying a pizza tonight.
That is also a concern and why I always default to a separate account even for those things, but I wouldn’t assume that data doesn’t get sold to Google regardless.
Google knows when you use their services to sign in, and for what third party they’re authorizing the requests. The data doesn’t need to be sold back to Google.
I prefer to use different email aliases for everything to mitigate that
from what i’ve read, ALL email ( possible 0.000something tolerance/error ) goes through google’s mail-transfer-agents.
If they want a copy of every email that goes across the internet, they’ve got the saturation-of-core-servers to have that.
There simply isn’t any way to bypass that.
on an irrelated note, i wish public key encryption had been normalized, & worked right…
( Snowden got stung by a misconfiguration, 1 time, & if geeks get stung, then it isn’t ready for normals )
🙏
The important part is whether they can associate two identities together. If you use a shared Google login for everything you’re doing their work for them.
Yeah, I don’t use this for banks and such.