Hacker News new | comments | show | ask | jobs | submit login
Introducing Google+ Sign-In: simple and secure, minus the social spam (googleplusplatform.blogspot.com)
314 points by iProject 1606 days ago | hide | past | web | 172 comments | favorite

If google wants me to use and depend on their services they need to take google apps for domains seriously. I have three google apps for domains accounts, and a regular gmail account.

One apps for domain account is tied to my job, another my personal domain, a third to a former job/personal domain that I registered services with. I used my gmail account to access services that google doesn't make available on google apps for domains.

It seems that no matter which google service I'm using, I'm logged into the wrong account. I frequently can't log out from the other account properly on the login page so I have to go back to a mail interface. It is an utter mess. I don't care about google connecting the dots and realizing that I'm the same person in all the places. They make it so frustratingly hard to use and depend on their services that I'm actively looking for alternatives.

Linkedin handles it fine, when someone tries to friend me on my professional email address with linkedin, they know that I'm the same person. Google+ doesn't. I don't have a Google+ account on my preferred email account because I can't figure out how to enable it for that domain. I get Google+ friend requests regularly on every email address I have.


I found this back in 2009, maybe 2010, when I was still "on the inside" and shared it around internally. Some people got a real kick out of it.

Now consider this: every single employee has a corp account, and I would think nearly every employee has a personal account, too. That means problems stemming from being in the right account have probably popped up in every single person's face for years now.

It didn't help when they changed from having the u@h up to just a name. Great. I know my name. I need to know which account I'm in.


That site is a little outdated because Chrome now natively supports multiple user profiles. Each profile gets its own icon and there's a user profile switcher next to your tabs. It's by far the best solution to the multiple accounts issue.

Thanks. I will look at this. Firefox is my preferred browser.

The google voice integration is by far the worst. I have to log into google voice, which then calls my gmail, which then calls whoever I want to.

You can have multiple Firefox profiles, but it's not very well integrated in the UI. I wish we could have one tab, or one window per profile, integrated.

Can you not simply make calls from the chat client in gmail?

How and where? Do you have to setup Chrome sync for this?

You don't need to set up sync.

Go to the Chrome settings page, and under the "Users" heading, choose "Add New User." Then you can pick an icon, that appears up in the browser's title bar. That icon helps you remember what user you're browsing under.

It might ask you if you want to setup sync after creating a user, but you can just close that window and it won't ask you again.

Click the icon in the top right corner of the title bar, and you can change what user you're browsing as at the moment.

Thanks, configured this but I was hoping something else. Turns out this is akin to creating a new FF profile user, which doesn't really resolve the Google Chrome auth issue directly, but nonetheless another dirty workaround for Google's horrible multiple account management.

Too bad not every Google Apps for Business setup works with Chrome Sync (or most Google software).

My company uses Google Apps for Business, but that basically means web services, because no actual software works. GChat, Chrome, etc all fail to recognize the account.

Yep just tried again: Invalid user name and password. Exact same entry as when logging into email except Chrome fails where gmail.com works. It simply will not accept the name/password of my Google Apps account on any Google software.

What a bummer, was hoping this was a fix for having multiple accounts.

You don't need to log into Chrome Sync to use the multiple profiles feature. You can even enable Sync on one profile (for your personal account) and leave it disabled on another (for your business account).

You might want to reach out to the person who admins your Google Apps domain, and see if they've explicitly disabled Chrome signin across all organizational accounts. And if so, whether it was on purpose.

To do so, have them visit:

www.google.com/a/cpanel/<your domain>/CPanelHome?pli=1#Organization/subtab=services

...and Ctrl-F "Google Chrome Sync"

Ugh if that's the case, then egg on Google's face for showing the user "Invalid user name and password" rather than saying (before even attempting to log in) "your domain administrator has disabled this feature".

It's also worth noting that "Google Talk" is a dependency for Chrome Sync; If they disabled talk years back, then Chrome Sync will also have been disabled.

If things like GChat and Chrome Sync aren't recognizing your Apps account, your administrator hasn't enabled those applications for your domain (you can turn on/off pretty much every Google service individually on a per-domain basis). I use both on my personal Apps account all the time, so it DOES work if enabled.

are you using your full user@domain.com username to login?

I use it some of the time, other times google balks at that type of login.

That's the only username I have for the Google Apps account: username@companyname.com

Didn't realize there was anything more than possible.

Is it possible that the admin has disabled the service for that domain?

This is pretty much what I do to circumvent the utter mess Google makes of it's logins.

It's also a matter of privacy. It has happened to me more than once that I did something like watching YouTube videos in the privacy of my own home, only to find out I was still logged into my company Google Apps account, which of course records my history.

Chrome makes it quite a bit easier with multiple user accounts - go to settings, scroll down, and add a user. You can run multiple at the same time (each gets its own window, can spawn new ones, etc), and they all have separate settings, extensions, etc. Very highly recommended if you're a Chrome user.

If you're on Firefox... seems like they only really care if you use their Profile Manager, which is a horrible alternative, but it does work reliably across all versions as long as you never ever ever launch the browser directly.

Or if you don't mind rewinding time a bit, and using OSX, http://www.stainlessapp.com/ (assuming it still works) has a brilliant idea: bookmarks can be associated with sessions. Have one for each account, run them all side-by-side in tabs, and it works great. I wish every browser would do this.

What a sad state of affairs that this is the most reliable solution to something as ubiquitous as logins.

How many other sites let you be logged into multiple accounts concurrently in the same browser session? Does Facebook? Microsoft? Amazon? (I genuinely haven't tried it).

That said, there's a lot that could be done to make multiple accounts easier to use. Personally, I use multiple Chrome profiles with one account per, just to minimize the "surprise" (and to keep, e.g., my corp account separate from my personal ones).

I do just that... But I'm on Linux so I can use two (or three) instances of the same browser, from different user accounts.

Linux makes it very easy to display apps from another user (which you authorize) on your graphical session. AFAICT this is just plain hell to do on OS X and on Windows (but blablabla X Window System is outdated, OS X rendering rocks, gnagnagna etc. Meanwhile I'm trivially surfing using different user accounts and this provides both conveniency and added security [any browser exploit now need also a local root exploit to be able to access sensitive data in the "real" user accounts]).

My professional email is using a SSH tunnel / transparent Squid proxy : anyone doing a reverse shall find my company through the IP (on purpose). I'm launching Chrome from my "professional" user account using the proxy setting (from the command line).

Then I've got another Chrome for my personal stuff.

And a throwaway VM with yet another Chrome.

I do the same on my Linux desktops. Not just chrome, but work and non-work data in general. I kind of assume Mac and Windows users have some reasonably easy way of doing the same thing. As a Linux user, it's trivial, but it's easy to lose sight of what's "trivial" for people who don't program or work in IT for a living.

> It seems that no matter which google service I'm using, I'm logged into the wrong account.

Can you give an example of a series of actions that leads to this? I'm logged into two separate Google accounts at pretty much all times, and I never run into trouble. I'm curious as to what the difference is between our two usage patterns.

It seems to happen when a session expires for one of the accounts. I keep my browser open for long periods and almost never reboot, and also have two accounts open, a gmail account and a school account. Generally there is no problem, but...

Scenario 1) I have both open, and log out of my gmail account. It redirects to my school's "goodbye" page. I just reproduced this. Not a huge problem, but indicative of a bigger issue.

Scenario 2) Now log out of the school account. I am greeted with a login for my gmail account. This is pretty close to the problem in Scenario 3, below.

Scenario 3) The real issue. The problem is not so much that it has happened, it's that there is no way to recover if you don't have the password. The other week I logged into my wife's laptop to grab a document from gmail to print, since it was hooked up to the printer. She didn't use it for the next few days. When she went to her work email's address (a .gov domain), it prompted her for my gmail password. There was no way to 'change account' at that point. No way to log out. Go to the .gov domain, get a prompt to login as <me>@gmail.com. No way to authenticate. I couldn't figure it out, and finally just logged in as myself then logged out, after which I was redirected to the .gov boodbye page, but it allowed her to log in after that.

Edit: Scenario 4) Go to www.gmail.com/a/umbc.edu, which the google help pages say is the correct way to go to the school's site. I just tried this, and it sent me to my gmail.com inbox. It is pretty much a crap shoot which mailbox I get when I first load the page. Sometimes it's aware I'm signed in under different IDs, sometimes not, so I can't always change accounts, and must go through login/logout hell to get them clear. Perhaps I could just clear my cookies but I don't like doing this en masse.

Yeah, there's something weird about the URLs to do with users. I've found myself regularly removing the /u/1/ part of G+ permalinks, for instance, which indicates that the user is being tracked oddly.

This happens to me all the time, my company hasn't allowed youtube (plus a swathe of other stuff). But youtube gets me annoyed the most. I usually get a hyped 'check this out' friend a friend on IM, then I have to spend what feels like an absurd amount of time swapping accounts and fighting against chrome modals which is always prompting the wrong account details for login. When I'm finished I have to log out and back into my work account. Total pain.

When you're logged into your work account (say, in GMail), does the URL contain /u/0 or /u/1? And how about your personal account?

Whichever one says /u/0 is the first one you logged in as, and that will be the default if you, say, open a new tab and paste in a bare link (without /u/ in it).

If you want that to be your personal account, you can make that your /u/0 account by doing this:

1. Log out of all your Google accounts

2. Log into your personal account

3. Click the picture in the upper-right

4. Click "add account"

5. Log into your work account

No way am I merging my work accounts, my personal business accounts, and my junk email together. Especially with a company already proven to slap happy deleting accounts they don't like.

Regarding your first sentence: Those instructions don't merge anything. All they do is swap the order of two accounts that someone is using multilogin with.

Regarding your second: Citation needed. There's this persistent rumor that if you make a G+ account with a fake-sounding name, Google will lock you out of your GMail and erase all your Google Docs, but as far as I've seen, those rumors have never checked out.

A quicker workaround might be an incognito tab.

For what it's worth, I do the same thing and have never run into trouble in years...

...until two or three days ago.

GMail flat-out refused to let me log into two accounts (it would end up in endless redirect when I tried the second one - I quit Chrome, fully cleared cookies, history, everything... it just would not work)

It seemed to have cleared up by the following day.

That's very similar to a bug YouTube has had for a while. It may be corrected - was still an issue within the past two months - but you would get into a loop where you could not log in to YouTube.

These types of things are what I think about when people tell me how great the Google programmers are, but that's another topic.

I would have agreed with you several years ago - but Google has vastly improved this across their services over the last two years. There are still holes, but I now can switch accounts in a single drop-down on most Google sites I use.

I still have problems with Google Wallet (aka Checkout) and Analytics seems to have it's own multi-account sign-in system.

One important thing to note about Wallet is that it will ask you to reauthenticate every 20 minutes. If that's not the problem, feel free to send me an email about it, and I'll do what I can to get it fixed (jrockway AT google.com).

At least you have the Gmail address you want. My desired username is in a "reserved" state, or something, in that it's linked to my account under "other usernames", and I can log in with it, but I can't create a Gmail account for it.

This all started when I decided to try Lively, of all things. It prompted me for a username, but I never would have entered what I did if I knew that that username would become the permanent name of my Google account.

I don't have the desired gmail that I want. my desired email is paddy@paddymullen.com. my gmail account has a ".gm" appended to the end to get a unique name.

I don't think there's many Google services any more where you can't use your apps for domains account. I stopped using my @gmail account years ago - in fact, I gave it to my father - and I can't remember having a problem using my Apps account. (Maybe with Google+ when it first came out?)

The split between a personal Google Apps account and a plain old GMail account was the worst for me. Anyone who lived through the era where Google Apps accounts weren't full-fledged Google accounts is in the same boat. The way I solved the problem is by not using my personal Google Apps account anymore. I forward the email to a GMail account and use that for all Google services. Google Now was the main reason I made the switch. It only supports one account, and it was easier to move my email and calendar that it would've been to move Voice and everything else.

There is a tool for moving Google Voice accounts between Google accounts: http://support.google.com/voice/bin/static.py?hl=en&ts=1...

I did this when I first started using Apps and the process went very smoothly.

It's kind of a major design flaw.. I'm getting pretty sick of having to educate everyone on which email address is associated with my... "main" Google+ account.

It'll only partly solve your problem, but you can have one profile current in incognito and another current in your normal window. This is what I do when someone wants to quickly check their fb/gmail while I'm logged in.

Chrome profiles solves this problem for me.

As I see Google expand it's service offerings I find myself excited with the potential yet refraining from using any of these services for a very good reason:

As an entrepreneur you are always up against the very real probability of Google shutting down your account due to unknown violations. This topic has been discussed on HN before. I have seen it and experienced it first hand with clients. You account is auto-magically tagged and permanently suspended and you are screwed. Say goodbye to your docs, email, storage, adwords, adsense, plus and now logins.

I would really like to hear from someone at Google on the reasons why your company will not come out and offer:

(a) A solid guarantee of non-termination of services

(b) Real customer service

(c) A sensible mechanism through which honest users of your services can deal with TOS violations (and learn how to fix problems) without risking loosing it all.

There's more, but I'm busy. The point is that Google offers a lot of neat stuff but the risk is too great. It's like jumping off a plane with a parachute while someone retains control of a "deploy disable" mechanism. You don't know if you are going to crater yourself on the fifth, the hundredth or the nth jump. You just know that it could happen and you will never know why.

> A solid guarantee of non-termination of services

If they terminate your account, it's because they had a reasonable suspicion that the account violated their TOS. So I guess this one is actually related to not knowing what the violation was, and accordingly assuming it was for no good reason. I didn't work on the Policy team - I was a dev - but I seriously doubt anyone there could terminate peoples' accounts without reasonable suspicion of a violation and get away with it. The checks and balances are too tight.

> Real customer service

Google does have "real customer service". However, as far as I know, it's reserved for the people who are paying Google money for whatever reason. In general, any of Google's free services have so many tens of millions of users that it would be ludicrous to guarantee any level of service for every single one of them.

As to the general complaint about the very real possibility of being cut off from your data, that's a risk wherever you go. Drives fail, servers get hacked, someone accidentally hits "delete everything" instead of "refresh monitoring dashboard"... etc. At least with Google Take-Out, they make it incredibly easy to download whatever data you have on there periodically for the purpose of doing backups.

I don't think you are exposed to the reality of the problem. I'll describe one incident I witnessed for you to get an idea.

We were working on a client's medical information site. A reputable MD. He happened to own about 250 domains parked at GoDaddy. We were going to use AdSense on his one site once it was up. He went ahead and setup an account with Google to use both AdSense and AdWords. During this process he saw that Google offered a product called "AdSense for Domains". The premise being that you park your Domains with Google and they auto-magically place ads on them.

The domains were already parked with GoDaddy's "Cash Parking" service for over a year. It didn't take long for him to realize that this was an intermediates version of Google's AdSense for Domains. He decided to cut out the middle man and park the domains directly with Google.

He transferred all the domains. They had to be approved by Google. That happened overnight. All was well. Two days later he gets the dreaded notice and his entire account is permanently suspended without recourse, without a way to learn what the problem may have been and without a way to speak to a real person. Horrible. Particularly when you realize that he had already been using this service through GoDaddy as a middle-man.

That is the kind of thing a shit company who cares not for their customers would do, not a company who clims to live by this "Do no evil" ethos.

Based on that experience I can't see ever trusting them with anything at all. Great search. Absolute lack of respect and consideration for their customers, which is an absolutely shitty way to behave in my book.

My standing recommendation is to not use Google for anything other than search.

If the person was buying Adwords ads and then using them to direct customers to parked domains, then I think I have an inkling as to why their account was terminated, considering I am the person who implemented that policy.

No such thing. The events were exactly as I described them. No ad clicking. No vectoring through AdWords. Nothing other than a transfer of the domains from GoDaddy intermediated parking to Google's "AdSense for Domains" and in three days the account was closed.

Because there's zero feedback all we could figure out is that some of the domain names (he had a couple that were politically charged) may have hit a filter. What's weird is that they went through their approval process, started showing ads for a day and then the account was closed.

This is one account. Search for "Google closed my account" to read more horror stories, all with different threads. Their process and approach is absolute crap. Not to be trusted with anything.

If they weren't buying Adwords ads, then they weren't paying Google anything, and thus, it's absurd of you to demand that someone providing you with a free service would also guarantee customer service.

I'm sorry, are you trying to be funny?

Of course these people were using AdWords for their business. They were NOT using it to vector people to the parked domains.

Only a moron would do that. Spend dollars to make sub-pennies?

Good to know that the MFA problem I spent 2 years of my life fighting is now seen as trivial.

I don't understand what you are saying. Not a clue.

> I didn't work on the Policy team - I was a dev - but I seriously doubt anyone there could terminate peoples' accounts without reasonable suspicion of a violation and get away with it. The checks and balances are too tight.

As a consultant I had two clients who had their accounts disabled for no reason, and who I am absolutely positive were not breaking and rules. I've seen google steal the balance from adsense customers, without offering any recourse or even a human to talk to. Whatever those checks and balances are, they are no where near enough.

How exactly can you be "absolutely positive" they weren't breaking any rules?

Who is right here?

The customers who have received no feedback as to what they apparently did wrong, and were abruptly cut-off? They are "absolutely positive" they are in the right, as they have no idea which rules, if any, they broke, and have no chance to fix the issues.

Or Google, who provided a business service and then took it away with no explanation or ability to rectify? They may believe the customer broke some rules, but have not provided any meaningful customer interaction mechanism to allow for errors. There will always be errors with populations this large.

Three ideas: 1: Charge people/businesses for making a complaint about termination. If the termination was done in error, then refund them the fee (at least). Use the fees to pay for customer service staff.

2: Charge people for account reactivation, regardless of (almost all) causes. Steadily (exponentially) increase the fee, but allow for 1: as well.

3: Be extraordinarily explicit when telling customers why their account was terminated/suspended. Stop the guessing game and show the evidence you have. That will both for Google to make sure the evidence is sufficient to be public, and make the customer aware of just what went wrong. Allow them to fix the issue and reapply.

Above all the current aproach is placing the customer's concerns last, not first. That needs to change before we will trust Google with our important business or personal data.

As an enterprise level (20k accounts) Apps customer, I'm thrilled with their customer service and only disappointed with the lack of engineering responsiveness. Moreover, at a certain scale, it's certainly possible to redline the boilerplate agreement and negotiate the contract i.

Your experience is one of privilege. You have not been exposed to the issues I am talking about. Search for "Google closed my account" and read a few thousand posts to learn more.

If you get burned like a witch there is a reasonable suspicion that you actually are a witch. That's pretty circular.

More like "if you get burned like a witch, there's a reasonable suspicion the people doing the burning thought you were a witch".

Yes this is a serious problem. I do have a lot of my data tied up in google accounts but I still fear the sudden, unexplained ban-hammer coming down on me with no way to contact an actual human to ask questions off of (see this as a hilarious example of google's support for paying customers: https://plus.google.com/114419328456762929144/posts/NAJbzrZw... )

Smart: with people starting to become aware of just how much access Facebook apps get to your social network, and already well aware of how much apps spam that network, offer apps that put the user in control of that: https://lh3.ggpht.com/-6MCVkHL9Rbs/USvqcyXRUCI/AAAAAAAABGI/o...

s/put the user in control of that/give it to google instead/

Inherent in any hosted service, which includes most social networks. In a 1:1 comparison to Facebook, that doesn't seem like a relevant issue, though to the extent it matters I think Google has a better reputation than Facebook there. Many people already see Facebook as the company that makes privacy difficult.

I know this is silly but my view is: Fool me twice, shame on me. Facebook was first and I was fooled. I will not be taken in by Google+ or any other similar service.

There is simply no comparison in the manner Google treats your personal data with Facebook's attitude toward it.

At Google, as a dev, gaining access to personally identifiable information (that was hashed, anonymized like crazy, and scrubbed in every possible way to make damn sure there's no way the dev using the data could possibly track down any of the users) required jumping through so many hoops and getting so many different approvals and reviews it felt almost paranoid.

At Facebook, for years, they had a master password that could access all information on anyone's profile. They would just flat-out give this password to every single new hire, even people who weren't working with the data directly.

> There is simply no comparison in the manner Google treats your personal data with Facebook's attitude toward it.

1. As a user, not an employee of the respective corporations, I have no idea about that. Nor do I care, really.

2. Furthermore, that's only the current state of affair, I have neither idea nor control over how it will change over time.

This is something that has always bothered me about how much Facebook talks about their privacy and how much they value your privacy.

A lot of users don't realize that Facebook can 'see' their messages, never mind the rest of the data that they have "privately" shared on the site.

A lot of people don't realize that their mail server provider can read all their email, either; they just think about the things visible in the UI (other people and companies) and not the invisible things (servers).

ie. privacy doesn't mean the same thing to users as the tech crowd describes it

Permission looks interesting. I wonder what the "change who this app can see" button does. will it let you supply fake info to the app?

I doubt it, but I suspect it'll let you say "only let this app see my friends in this circle", or hopefully "don't let this app see any of my friends".

If all you want is a simple, privacy friendly login then check out Mozillas persona: https://login.persona.org/

Chances are your users won't have it already, but it's the only single sign-on solution I would use without calculating how much privacy I'm willing to "sell" for not having to register yet another time and remember yet another password.

Thanks! The Persona team is working hard to get past the "your users won't have it already" bit.

1. By the end of March, we'll turn on a Persona <-> Yahoo (OpenID) bridge, followed by one for Google (OpenID) and Hotmail (OAuth). Net win: A billion+ users can fully complete a first-time login with Persona using just three clicks. (Try it today! Use a Yahoo address at http://beta.123done.org/)

2. A subset of the team is working on a Persona-backed replacement for Firefox Sync. Net win: tens or hundreds of millions of additional users added to the "Persona-ready" camp.

3. The upcoming FirefoxOS phones all have Persona baked into the default Marketplace. Net win: time will only tell.

The above projects just streamline the initial onboarding experience: anyone can use Persona right now with any email address. FWIW, last time I checked, Persona's is averaging > 13,000 daily login transactions over a rolling 7-day window.

I don't want to derail, but if you have questions or need help getting Persona set up on your site, please free to email me.

Second that. Mozilla persona is fully distributed and not owned by a single entity. Moreover, it sounds like great engineering: do just one thing and do it well.

I hope it becomes the universal single sign on of the Web.

As a developer, how is that different from logging in via Google OAuth?

Skip 50 seconds into the video and you'll see the killer feature here: a seamless handoff to your companion mobile app.

It seems they're even offering analytics with it: https://developers.google.com/+/features/play-installs

Very interesting feature. App associated with web page must be free and "meet a quality threshold" determined by Google.

[0] https://developers.google.com/+/web/signin/android-app-insta...

No difference IMHO, here is the link to google+ platform API doc: https://developers.google.com/+/api/oauth

Seems like it enables sharing within your app.

Not on topic not off topic.

But until g+ allows linking of multiple gmail accounts to one g+ account i will never be using it.

Ever tried switching email address on g+, nightmare...

I've never used my GMail account, because bsimpson is a common name and I get all kinds of spam/wrong addresses there. I have Google Apps set up on domains I control for business and personal projects. G+, like GMusic, Wave, and all the other cool Google goodies, launched for GMail only. So, I made a G+ for my GMail address.

Then, I heard about Data Portability and the ability to migrate G+ accounts. "Finally, someone at Google understands that people have multiple accounts!" I ran their app, had my account frozen for a week for the 'migration', and created a new G+ for my personal domain. Bizarrely, they didn't delete my old G+ account.

I used to have a G+ account tied to the wrong e-mail address. Then, I tried Google's roundabout solution. Now, I have two G+ accounts. =\

The support for that isn't in G+, it's in Gmail. Gmail supports sending and receiving mail from multiple addresses. The other addresses don't even necessarily have to be Gmail accounts. It's easy to link all your email accounts together into one Gmail inbox.

Yes I am aware of this feature in Gmail, but this is not what I am referring to.

What im referring to is when contacting other people through g+ it uses w/e email address is associated with g+. This is not always idea, I don't want everyone to know about my email address. Even if u have another email address it is impossible to contact other users using anything but the one email address associated with the account.

Also afaik you can link other NON google email addres, just not other google accounts...

You can link non-Google email addresses to Gmail. Even if they don't support mail forwarding natively Gmail can retrieve the mail from them using POP3.

Most interesting point: http://www.thefancy.com/ (the promo site in the video) ISN'T EVEN USING THE SERVICE!!!

Hey there - this is Seth from Google+. The launch partners will be rolling out Google+ Sign-In over the course of the day.

Hi Seth, since you're here, can you help explain how the Google+ OAuth relates to the GMail OAuth?

Are they just using different scopes and can you authenticate with both in one go or are they really separate APIs?

Fyi, the /apps link also doesn't work on my account.

It should shortly - the roll-out takes a few hours to get to 100%.

On an unrelated note, thanks for joining HN to participate in this discussion. It is really refreshing to know that Googlers like yourself and Matt Cutts are engaged in their community - it makes it much easier to have faith in the technology collaboration vs. when the movers/shakers sit behind a walled garden.

Hmm, looks like the blog post went up before the partners rolled out to their public-facing sites. None of the partners I spot checked have G+ login yet.

minus the social spam... for now while we try to gain users.

If they were serious about it, they'd put it in a non-changeable clause in their TOS. Otherwise it's just marketing fluff.

minus the social spam

Somehow I find that hilarious.

Yeah ... speaking of "social spam" does anyone else get a "make new friends on Google+" page about 10% of the times you try to go to plus.google.com ? The persistent annoyance of that page was a major reason I went back to Facebook from G+, and now just use it as a Skype replacement.

They ask me to upload a photo of myself 100% of the time I visit the front page of google+. I actively avoid it now.

I honestly thought from the title that the post would be a mea culpa for just that.

More than 10% of the time on facebook, I get a "try out these new games your friends are playing" (even though I've rarely played games on facebook), which takes up roughly the same amount of space as the google+ one does.

What are you talking about?

You've clearly never seen the google ones.

It's a GIGANTIC POPUP full of Click here! Join now! Follow ME! (Or like today, a new full page of Do Not Want: "Never miss another post Get notifications whenever important people in your life share something new on Google+" <-- how about you just let me into the site ok? Come on...)

Facebook is spammy, but G+ is just beyond a joke.

This G+ one fills the entire screen, and you have to find and click the "no thank you get out of my face please" button to get to the social feed; if you want to check that multiple times a day (like is typical Facebook usage), it gets to be a major source of friction, which Google usually hacks out with an axe anywhere they possibly can ...

I find it annoying that I can't even browse someone else's G+ page when logged in; I have to log out first.

I got that so often I wrote a Greasemonkey script to retry the URL if I got that page.

Everything they do lately seems designed to trick you into doing something, signing for a Google service, joining G+, clicking an ad by mistake, downloading Chrome ...

What the hell happened to the Google we knew?

Quarterly earnings reports

>What the hell happened to the Google we knew?

It never existed, and people were pointing that out this whole time.

YouTube has asked me over and over for the past year to use my real name on YouTube.


I got this gem after refusing again today:


What the hell. "Are you sure?" Well, yes I am. None of buttons answer that question.

I just wanted to watch the damn video link someone sent me. Jesus. I'll be sure to logout next time.

That's not actually a bad thing, YouTube comments are very bad and anything they can do to improve that is OK, including requiring a real name.

That's fine except I wasn't trying to comment. I was just trying to view some trivial video shared by a family member.

Instead I was assaulted with this UI atrocity forcing me to evaluate some complicated modal dialog before I could even view the damn video. I mean, look at it: it's a pretty clear yes/no question with three confusing answer buttons and none of the labels answer the question posed at the top.

I could tolerate it if it happened when I tried to upload, comment, like, report or favorite something, but just to watch? If I had been logged out I wouldn't have been hassled by this. Apparently my sin is having bothered to create an account at some point in the past when I just wanted to click the like button as feedback to some poster. Why is it so unreasonable to like things without endorsing them? I guess the answer it to delete my youtube account and lurk moar. Fine. This is exactly what wil warned about.

Sadly youtube is now entrenched. Everybody else is a fringe player.

Whatever happened to freedom of speech. This is exactly what autocrats everywhere want and even we now believe it to be good - just because of youtube comments. Comments which reflect the real us. With a real name policy it will be replaced by a few polite lines with emoticons.

Freedom of speech seems to be very important to you but you do not seem to understand it well. YouTube is not a product of the government.

Then require a real name rather than these passive aggressive, evermore-obscure by turns, login modals.

Welcome to the new google, just like th.... no wait. Completeley different from the old[1] google.

[1] "Since the beginning, we’ve focused on providing the best user experience possible. Whether we’re designing a new Internet browser or a new tweak to the look of the homepage, we take great care to ensure that they will ultimately serve you, rather than our own internal goal or bottom line."


(they really should change the language in that page now)

If you've ever visited YouTube with Google cookies present in your browser, they're linked together. Youtube already knows your real name (or whatever name is in your Google account, anyway).

Wasn't that the pitch for Google+? :P

What's hilarious about it? Getting random invites to games and other events because of broken or non-obvious filters is a huge problem on other social networking sites. And Facebook groups have always been a second seat to just sharing with everyone. It actually gets me in trouble a lot since I like to post about tech stuff but have many friends who aren't familiar and don't care about that stuff.

Doesn't the combination of Google+ Sign-In and Google Wallet remind you of Microsoft Passport[1]? I wonder if people who had concerns over a decade ago, will have the same concerns now.

[1] https://en.wikipedia.org/wiki/Microsoft_account#History

Except that Passport was embedded in the OS. And if I remember correctly, a royal PITA to set up with multiple accounts, or manage your existing data. I infinitely prefer this to be part of the internet instead of the OS, where it's easier to support multiple simultaneous logins.

This wil be embedded in their OS too...

But not in Windows, OSX, or Linux, where Chrome runs as an application. And it's likely to be embedded (like the normal Google account embedding) in stock Android devices, but not some forks or some carrier modifications (since Google accounts aren't required for any of the features any more).

The same cannot be said for Windows. Especially when Windows held an overwhelming monopoly on desktops, unlike Android.

android is going to get an overwhelming majority too. Pretty soon even the basic $30 phone is going to be a smartphone likely running android. iPhones are going to keep on growing at a healthy rate but their numbers will dwarf against android.

How does this compare with Mozilla Persona?

Persona uses cryptographic tokens so that identity providers can't spy on what sites you're using, and can't selectively deny service to various sites.

I think that people should resolutely refuse to use any identity service that doesn't have at least those properties.

persona is an actual trustworthy idp, google ... you are the product.

To ecaron and others asking -- we're doing a gradual rollout over the course of the day, as are our launch partners. You'll see the feature in their apps soon.

Terrible idea. I hate the (mis) connected nature of google services. E.g. I don't want to see Google+ contact's recommendations on my youtube page. Now I can't imagine the same happening with even other apps.

Isn't this a recurring complaint of HN users? They go to a website in a browser and it tells them to download their app.

The complaint usually goes if I wanted to use your #@#%@# app I would be using it, I'm using your web site.

Seems spammy to me and also android only. Really getting skeptical of the "gadgetification fanboism" of the web.

This is subtly different -- it sends the app to your phone when you're logged in on the desktop.

But isn't that worse? You are browsing an app that you logged into with Google+ and now all of a sudden it's installed on your phone?

It's not all of a sudden. You have to click "Install" for it to be downloaded on your phone. It's not automatic.

Ahh...ok. Now that makes sense. I was under the impression that it detects that you have an Android phone - based on your Google profile - and it automatically does that. Well that's cool.

You have to reach some Google-controlled threshold of app quality before you can use it, according to this: https://developers.google.com/+/features/play-installs

I dunno, Simple locks you out until you download and install the app so you can use the app once to create a signature for their agreements.

In such a flow, I'd rather that the intent be spawned from a click on my computer than from me having to go to Google Play online/on the phone and search for it, etc.

(Google can install anything on your phone at any time, in theory, because of the way Play works. So if you're worried about "all of a sudden it's installed on your phone" you probably don't want an Android device.)

Google+ is social spam, and one of the few varieties that is extremely hard to get rid of. Most of the other ones you can simply blackhole.

I don't want to use Google+ because everyone I care about uses Facebook, and even that I'm growing tired of and use less than I did for a few years.

I'll continue to use my Google (Gmail) account for authentication to StackExchange and a few other sites, because it doesn't make me use anything but Gmail. But, if Google starts forcing me to use Google+ actively, I'm going to stop using it for authentication.

I've already taken the time to implement a server-side login using OAuth2, as documented by Google here:


According to these new docs, I need to use the Google+ JS to do client-side authentication, then pass the token to my server:


I have no interest in building a new code path to support Google login, when I can use the OAuth setup I'm already using for 3 providers (inc. Google). It would be nice if you'd just post the CSS or PNGs you're branding as Google Login and let me use the backend I've already plumbed.

I found the actual button design guidelines, and noticed that their launch partners (FitBit and The Fancy) have designed their own buttons in the same style as Google's JS buttons.

Here are the design guidelines, PSDs, and PNGs:


Can anyone find a working example outside of Google of the 2 Step authentication working with the Google+ Sign-In?

2 Step doesn't work on USA Today. You get:

Unauthorized request.

Error 400

Nice dig at Facebook here:

In addition: Google+ doesn’t let apps spray “frictionless” updates all over the stream, so app activity will only appear when it’s relevant (like when you’re actually looking for it).

edit: referring specifically to how Facebook markets it's sharing options as "frictionless": http://en.wikipedia.org/wiki/Frictionless_sharing

I don't know much about the specifics of facebook apps, but could anyone outline the differences between facebook's approach to apps and google+'s?

Apple should have long released an equivalent for iCloud accounts.

They are still working hard on something after the Mat Honan hacking < https://encrypted.google.com/search?hl=en&q=mat%20hack#h... >.

Please correct me if I'm wrong, but it seems there's still no offline permission to share on a user's behalf. It seems to be a deliberate design decision, but it makes life tricky for somebody wanting to make a social media management platform (ahem) since there's no mechanism for scheduling future posts, etc.

OK, I'm going to go off-topic and sound like a crank...but is the font-size for Google's blogs kept at 13px because:

1) To keep consistency across every service (search, analytics, maps, etc)

2) Because it's what users like, according to in-house studies

3) Because...why change it?

Not all the Google blogs use Arial (http://chrome.blogspot.com/ uses Open Sans). I'm not trying to be completely snarky here...If it is indeed a best practice, then that's good to know. The width of the Google blogs do conform to showing 80-or-so characters a line, though at 16px, the characters-per-line is about 70, which isn't bad either.

(yes, I know HN is at 13px too...but a discussion board with variable length of text and a higher value in being able to see more entries at once is different than the narrative paragraph form)

So that I'm still able to read it on my 640x480 CRT screen. Backwards compatibility is serious business at Google.

Joking aside, it's a 62.5% x 1.2em font size which is rendered as 12px (at least with my chromium/ff defaults). Probably too small for most readers nowadays (some would certainly agree cf. http://informationarchitects.net/blog/the-web-is-all-about-t...).

Great, add to this 'minus centralized' and I'm all in. Or wait, Mozilla Persona already does this.

Dpesn't Mozilla hold the map of emails->passwords for Mozilla Persona? That's pretty centralized to me.

Any domain can authenticate its users, Mozilla acts as a fallback if a domain does not do this. At this moment most domains do not directly support Persona authentication, so almost always the fallback is used, but the system is decentralized by design.

Reminds me of the huge threads of people upset about needing Google+ accounts to post reviews on apps on Google Play now, lol. Guess Google tried eating their own dogfood on this one and it didn't go over well.

Great to see an alternative to Facebook log-in. It's usually either Facebook log-in or e-mail based log-in, which works really poorly on mobile, when you don't have something like LastPass to autofill.

What is so new? It's OAuth 2.0 (see google+ docs: https://developers.google.com/+/api/oauth). OAuth 2.0 is supported for a relatively long time by Google (the old docs: https://developers.google.com/accounts/docs/OAuth2)

Apparently, this worked out so well for thefancy.com that they took it down. I can only see the usual suspect: Facebook and Twitter sign-ins.

In fact, I've checked all the sites listed in the article - none of them have Google+ sign-in.

Also, they say you sign-in via Google account, but I suspect it also requires a Google+ profile in order to use this feature.

It's fairly obvious you have to have the announcement first, then the rollout on major sites (that aren't run by Google.) If the reverse happened, it would be seen as a foul-up. Facebook did the same when they announced "Likes" on external web sites.

At the end of the article it says that they are rolling it out gradually.

After I lost the Youtube account that I used for 4 years, thanks to their fucking robust login service: Go fuck yourself, Google

If you guys wanna see the future of this project, just try to create an account and upload a video in Youtube. Youtube is a Google company, and they fuck Youtube's membership system up.

I wonder if Apple's rejection of apps that track their users* will result in this API being blocked on iOS?

* http://www.tuaw.com/2013/02/26/apple-rejecting-ios-apps-for-...

Apple's not rejecting apps that track their users, it's rejecting apps that don't use Apple's user-tracking system.

Also, what Apple was trying to combat was persistent tracking without user knowledge (done originally using iOS's exposure of device ID, which was deprecated, and now with these "cookie" tracking implementations). Allowing a user to initiate sign in to an app is a far, far cry from that (and it would be preposterous for iOS to disable the ability to log in to apps).

I'd guess it will work the same as with facebook login. If you have a good reason to get your users private data, you may do so (using facebook, twitter, google+, etc). If you only need a login mechanism, you need to provide an alternative that does not collect user data beyond what's strictly needed for your app.

At least that's what apple's reviewers told me when my app was rejected.

What really surprises me is the blatant permissions required by most applications specially on Chrome OS. Many of the applications/extensions I have had opportunity to observe in past few days outright require "all data on all websites."

Anyone else having trouble working through their examples? It seems like they haven't made their example repositories public yet. https://github.com/googleplus

That's the right GitHub org, the samples should be showing up there soon.

The first set of samples are available now.

Wait, does this mean apps can finally post to G+? It looks like I can finally write a simple app that can cross-post my Twitter stream to my public G+ circles.

> Wait, does this mean apps can finally post to G+?

Apparently; the "Moments" API which supports this (which has, I think, been in limited, trusted-tester use for something like 6 months) appears to now be general availability as of the API documentation update today.

From the article it seems that app updates are boxed in their own page.

With this new signin, will it be possible for someone to develop an application that automatically publishs my site RSS feed in Google+?

I'm confused, didn't Google+ Sign In already exist? I know I'm using it already...


It's almost as thought Google designed the service for the benefit of users (who will then vote for developers with their feet) than for the benefit of spammers....

If the repos were meant to be for custom partners, so would the docs mentioning them.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact