Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website Log-in's through Google Accounts


  • Please log in to reply
4 replies to this topic

#1 JamesLast

JamesLast

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 07 October 2011 - 10:46 AM

Sorry, if the topic title didn't make much sense.

When I register on any website for the first time, especially a site I'm unfamiliar with, I use a "throw-away" email account so that if my address is sold on and I subsequently get spammed ...well, it won't be my main email account they'll be trashing. This gets a laborious however as I have to create and remember a new username/password for every website I register with.

I have noticed though that more and more websites now give you the option of Signing in through Google Accounts (or similar). This is convenient because I can skip the registration process and all that rigarmarole and I don't have remember a unique username/password for every single website I register with.

My question is, if i were to sign-in to a new website using my Google ID (which is linked to my main email account, the one I don't want spammed) does the website SEE my email address? I ask because your google ID is the same as your email address. And if I'm giving away my email address by using google log in then it kind of beats the object of the excercise. I take extreme care with my main email account because it's the one all my personal contacts use and I don't want to have to filter tons of unsolicited garbage everytime I want to read my messages.

Hope that made sense.

TIA

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:56 AM

Posted 07 October 2011 - 10:58 AM

I'm not a lawyer nor should my reply be construed as legal advice. I found this: Authentication and Authorization for Google APIs

This is the only thing I was able to see with a very quick review. "OpenID also allows you to get access to certain user account information, with user approval." But what that 'user approval' is does not seem to be clearly defined. The best I can come up with is for a site to be able to use a google API they meet some criteria and follow google rules. What that means for you is as clear as mud IMHO.

Hopefully someone else can contribute more information, as I think this is a good question with online privacy issues being so prominent.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 JamesLast

JamesLast
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 07 October 2011 - 11:17 AM

The link you kindly supplied sadly 404'd on me. Having said that, you've reaffirmed what I already suspected...the situation is "as clear mud". I think for the time being I'll restrict my google ID (or OpenID or whatever it's called) to manage my own website and not to sign in to someone else's. Unless, of course, someone can come up with a definitive answer to dilemma. Even then I'll probably air on the side of caution. I mean who really knows what goes on with your personal info these days. You might laugh, I reset my router IP and wipe my cache up to 5 times a day switching between websites. It's not that i'm doing anything dodgy, I just like to make it as difficult as possible for the proverbial big brother to compile a profile on me.

I got spammed 3 times a day from the same spammer straight after I registered on this very website. And they used my bleeping computer username in the Subject heading! It went on for weeks until I spamcop'ed them and then it stopped. It's been discussed before and i never really got a convincing response as to why this should have happened.

I dunno, brave new world and all that.

I'm not a lawyer nor should my reply be construed as legal advice. I found this: Authentication and Authorization for Google APIs

This is the only thing I was able to see with a very quick review. "OpenID also allows you to get access to certain user account information, with user approval." But what that 'user approval' is does not seem to be clearly defined. The best I can come up with is for a site to be able to use a google API they meet some criteria and follow google rules. What that means for you is as clear as mud IMHO.

Hopefully someone else can contribute more information, as I think this is a good question with online privacy issues being so prominent.



#4 Sirena

Sirena

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:56 AM

Posted 08 October 2011 - 04:43 AM

This is a very interesting question, not only from a personal perspective, but from a legal one as well. There are a lot of gray areas regarding privacy on the internet.

I haven't looked too thoroughly through any of the reference links provided by Google on this matter, but I did stumble upon a link explaining how the OpenID authentication process works. You can have a look at it here: Authentication and Authorization for Google APIs. From what it says it doesn't really look like your email is being given away to anyone:

8. If the user approves the authentication, Google returns the user to the URL specified in the openid.return_to parameter of the original request. A Google-supplied identifier, which has no relationship to the user's actual Google account name or password, is appended as the query parameter openid.claimed_id. If the request also included attribute exchange, additional user information may be appended. For OpenID+OAuth, an authorized OAuth request token is also returned.

Please keep in mind that I did not read this very thoroughly, I might have missed a few important parts of the explanation.

It is at least good to hear that someone else besides me is paranoid on the internet. I never give out my real email to someone I do not know, and I have at least three "fake" emails I use when registering on different sites. Spammers can spam those as much as they like, I delete pretty much everything as I know I do not use them for anything important. I have a "fake" Google Account which I use for this purpose as well.

Edited by Sirena, 08 October 2011 - 04:43 AM.


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:56 AM

Posted 10 October 2011 - 03:07 AM

Hi,

open.ID doesn't need to use your email address for logins (and wasn't invented by google or facebook :wink:) and you can actually create a seperate one that isn't linked to your email account (unless you want it linked that is)
This should work according to google:

If you use a Gmail-Account, you're able to login by providing your Gmail-Address (username@gmail.com) or type https://www.google.com/accounts/o8/id into the login box.

The first time you login, you'll be redirected to a google-page, where you have to enter your Google credentials. Afterwards you get redirected to this wiki and you will be able to configure your account. For future logins your Gmail-Address will be sufficient.

You would then never have to enter the gmail email into their website at all.

regards myrti

Edited by myrti, 10 October 2011 - 03:10 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users