
Quora now transparently logs you in if your Google account is connected - amjd
https://www.quora.com/search?q=hacker%20news&share=1
======
tenbino
How is that even allowed/possible?

Quora is the one site I actively choose never to log in to.

------
sschueller
Quora is full of old and some dangerous answers.

For example if you search for dying contacts the top answer states that is is
safe to do with food coloring which it is absolutely not. Do not ever die
contacts yourself!

The place reminds of me expert exchange just without any of the windows server
questions...

At least on stack exchange old or bad answers get pushed down by high up votes
of other answers even if they are not marked as the correct answer.

------
goldenManatee
Calling that transparency is selfish to the business wants; the only context
in which that word could be used without qualifying and asterisks. User
transparency is choice - even the choice to do something that’s a little less
than optimal from the business perspective. Don’t abuse language more than it
already is, everywhere else. “Everybody does it” to redefine words doesn’t
make it right.

~~~
amjd
Just to be clear, it's not a term Quora or Google are using to give it a
positive spin. I added it to convey the idea of "without the user being
aware". English isn't my first language, so maybe it wasn't the best word
choice.

------
m-p-3
Looks like I'll put Quora in its own Firefox container then.

[https://addons.mozilla.org/firefox/addon/multi-account-
conta...](https://addons.mozilla.org/firefox/addon/multi-account-containers/)

------
oshanz
On signup through gamil, quora doesn't ask for a confirmation while
stackoverflow do.

------
londons_explore
Seems like a good idea... The whole idea of having to log into a computer,
then into _every single website_ just seems stupid.

SSO for the whole internet would be _sweet_. I don't care at this point if
it's run by one company - federated login systems have failed to work for two
decades, it's time to give up.

~~~
as_
Good idea to automatically give your email, name, photo and other details to
_every_ site your visit, really? Of course the login should be a voluntary
action by the user.

Btw luckily what reported doesn't work for me, the site ask to login. It
should not be even possibile, at least without exploting a bug/vulnerability.

~~~
amjd
Hmm, maybe it's an A/B test.

> It should not be even possibile, at least without exploting a
> bug/vulnerability.

This is actually very much possible. I just learned that it's implemented
using Google One Tap for Web. [1] That's the web version of One Tap, which
lets Android app developers add single-click login using a Google account.

Apparently one of the features of the SDK is automatic sign-in [2], without
any user interaction, which Quora seems to be using. In contrast, LinkedIn and
Medium also use the same SDK but only suggest logging in with Google in a pop-
up. [3]

Edit:

There's a way to turn it off. Disable "Google Account sign-in prompts" setting
in Google account permissions [4].

[1]: [https://developers.google.com/identity/one-
tap/web](https://developers.google.com/identity/one-tap/web)

[2]: [https://developers.google.com/identity/one-
tap/web/guides/au...](https://developers.google.com/identity/one-
tap/web/guides/automatic-sign-in-sign-out#sign-in-users-automatically)

[3]: [https://i.imgur.com/ntmxSe2.png](https://i.imgur.com/ntmxSe2.png)

[4]:
[https://myaccount.google.com/permissions?pli=1](https://myaccount.google.com/permissions?pli=1)

