Comment on Why?
artwork@lemmy.world 1 day ago
Because it’s significantly harder legally and financially to process Email (even via outsourced services as MailChimp) and store someone’s personal information as Email if compared to a social account ID, in long term.
Not only that, but OAuth providers have APIs to get sufficient User information as Name, Email (yet, by requested/allowed scope only), activity on that social network as posts/channels/followers count etc.
emb@lemmy.world 1 day ago
This right here. I’d rather my email stay the source of truth for auth, but totally sympathize with website owners that don’t want to store and protect any sensitive user data (like an email address and password).
On some level I know the OAuth flow should be pretty safe. The idea that I have one identity that gets me into multiple sites makes a lot of sense. And I’m already using the same email in most places, so it’s not like I’m anonymous anyway.
And yet… I can’t convince my paranoia that ‘sign in with Google’ isn’t oversharing. I always worry that authorizing with other sites will give too many permissions yo see/alter Google/whatever data, or that clicking it will take me to a fake Google/whatever page where I give away my creds.