
See who has OAuth Tokens to Access Your Google Account - pchristensen
http://www.google.com/accounts/IssuedAuthSubTokens
======
nhebb
This is a list of sites I sign into using Google as my OpenId provider. That's
not the same as having "Access [to] Your Google Account".

~~~
rmoriz
not only this. also all other privileges (contacts, gmail, analytics) you've
shared with apps (maybe you don't).

~~~
nhebb
I'm not naive enough to think that Google is looking out for the little guy in
the privacy arena, but I assume this isn't the default (opt-out) behavior.
Anyone have an authoritative link on this topic?

~~~
Sephr
No, they don't give any permissions with OpenID. This page lists both OpenID
and OAuth-using services. For an example of a service that uses OAuth, try
LaTeX Lab (<http://docs.latexlab.org/>), which uses OAuth to get access to
your Google Docs.

------
adityakothadiya
Thank you! I just revoked the authorization for most of the services that I
wasn't using frequently but had signed-up one fine day.

------
aviel
Unless I'm mistaken, some of those I only granted single use tokens to, so
they don't _actually_ still have access.

------
smackfu
google.com — Google Calendar [ Revoke Access ]

Oh?

~~~
9ec4c12949a4f3
That's kind of weird, I don't think I have this in my access list, but I use
calendar all the time.

edit:Wow, guess not

~~~
smackfu
Looks like it automatically comes back if I revoke it.

~~~
jeromeflipo
I'm trying to get some attention from Google about this (potential) privacy
issue. How can I be sure that "google.com" is my own Google account? Why does
the authorization get automatically renewed after I revoke it, and without my
consent? Why does a Google service require an additional authorization to
access my account, and why doesn't Google provide any information about it?
Worse, I have no way to confirm that it isn't someone else's account that have
full access to my data. If it's the case, someone may have read my private
calendars for months, and the only way to stop this would be to delete my
whole Google accounts and the 80+ services associated with it.

This issue has reported 4 months ago here
[http://www.google.com/support/forum/p/gmail/thread?tid=44a4a...](http://www.google.com/support/forum/p/gmail/thread?tid=44a4a8e6fbcf1656)
and here <http://blogoscoped.com/forum/173175.html> (and I submitted a report
at
[http://www.google.com/support/accounts/bin/request.py?contac...](http://www.google.com/support/accounts/bin/request.py?contact_type=feedback)),
but I haven't heard of any Google employee about it.

I'm 99.9% sure there's no privacy breach but I find troubling that they
haven't reacted yet...

------
pibefision
Thanks for this. It was very relevant to enter and just review my
subscriptions. Tks

------
9ec4c12949a4f3
What we need to identify are consequences of OAuthing to someone we don't want
to. Anyone have a source on that?

