

Ask HN: How safe is it to login with Facebook or Google? - jman1

Lots of sites offer to avoid creating accounts with them and instead allow you to sign in with yor google or Facebook account. For eg Flickr.  If I were to sign up for flickr using my google id what am I giving up in return for the convinence of not having to create a separate Flickr account. How much privacy am I giving up ? Given a sign up choice website specific account vs google/Facebook acct based sigh up, what is the better option ?
======
Ryoku
Well, your privacy is simply limited to whatever permissions you give to the
web app you're logging in to (And all your public information as well), on one
side. And on the other side, facebook records all the websites you visit who
have a connection with them, when you do and for how long, etc. If you're
comfortable with that, then... Well, you've got half the problem down.

I think what would really be worrying is the amount of power you are giving to
a single authentication method. You are putting "All your eggs in one basket"
As soon as someone is able to compromise your facebook account, either by
facebook's or your own fault, all your other facebook connected accounts will
be compromised; and the attacker can simply check your security app settings
to know who have you logged in to.

And then again... What will happen when Facebook is not around anymore? Will
all the websites you logged in to have a nice easy fallback option? Or will
some/all of your related accounts be lost?

------
hayksaakian
It depends on what permissions they ask of you. If they don't ask for any,
then they might not even get your email address. Typically signing up for a
service manually requires you to provide more personal info than they may
otherwise get via FB or Google. With FB there are many permissions that you
can 'skip' albeit this isn't intuitive.

~~~
jman1
What happens to my data on the website when I revoke my permissions from
google/Facebook ?

~~~
hayksaakian
Iirc they're supposed to delete it, but whether they do depends on them.

~~~
andrewhillman
FB doesn't delete any info - period. They seem to archive everything. For
example, if you post a photo, then delete it, they still archive it. Delete to
you is Archive to them. I have been doing small tests and this is what I have
found.

~~~
icebraining
Parent(s) are talking about the websites that get data _from_ Facebook, not
Facebook itself.

------
nwh
Would you give them your full name normally? At the very least that's what
you're giving them.

------
001sky
Is the issue what you give up to (a) facebook; or (b) the third party?
systemic use of FB login vs single use? Do you consider your online history
something of value? That's part of the dynamic for some people concerned about
FB logins.

