Do the sites that ask you to sign up using your Gmail (let's say) have access to your email?
Asked by
flo (
13313)
May 26th, 2014
Let’s say ’here
If you want to sign up you have to do so using your for example your Gmail account. You have to click on that icon for Gmail on their site instead of getting into your Gmail account directly on your own. So, they have access to your email? Newspapers do that often.
Observing members:
0
Composing members:
0
27 Answers
With NSA nothing is private, so who cares? If you don’t believe it’s all tracked and linked you are mistaken. Just give up thinking you have electronic privacy and roll with it.
Legitimate sites will tell you what level of access they get.
Your example, Stack Overflow, is not intrusive, it can only see “your email address”. I would accept that.
Usually sites want to see your contacts (oh hell no!) but not your email.
You mentioned, newspapers – I had a months-long email exchange with my local paper to get access without allowing them to see my Google contacts.
The customer service people were clueless. Nobody had resisted before.
By luck I got the cell number of the VP in charge of online accounts. He said, “I understand, email me and I’ll set you up”. He created an old-style login for me with user name and password.
@jaytkay Can’t that list thing be circumvented if you have a fluff account for the sole purpose of signing up for things?
@GloPro You mean create a Google account with no contacts?
That works. I should probably do that.
But I got tired of maintaining multiple email addresses.
@jaytkay Use Mailinator. No sign up or password needed. Just make up any name and add @mailinator.com to it. Just be sure that you don’t care if anyone else sees it, because everyone has access.
Technically, yes. Because if they have your Gmail login, they have access to all of your Google services, including your email (and your Voice account, and so on and so forth).
But it’s not just Google logins – if you log in somewhere else with your Facebook or Pinterest or LinkedIn login, you’re opening the door for that service to be entered using your credentials.
I would NEVER EVER EVER EVER EVER EVER use any social media or email login as a credential for some place else.
I don’t trust the providers on either side.
EVER.
If they just ask for your email to sign you up for something (like even Fluther does), then no – they do not have access to your email. The only way anyone (other than the NSA) can access your email is if you give out not only your email address, but your email password.
@elbanditoroso Technically, yes. Because if they have your Gmail login
They don’t have your password. The software asks Google, “Is this person logged into a Google account?” gets a yes or no answer.
If yes, it asks, “What Google info has the user agreed to share?”
The minimum is simply “Yes, this person is logged into the Google account”.
@dappled_leaves The situation in question is different from Fluther. As I described above, a site can use Google to confirm your login instead of having its own login mechanism.
@jaytkay So they ask for people’s email passwords? That’s insane. Who would agree to that?
Thaank you all. I thought everyone was going to say I’m too paranoid.
@dappled_leaves “So they ask for people’s email passwords”? The thing is they don’t ask you for your password.
I just read the part of @jaytkay‘s post that was directed at @elbanditoroso. So, not really a reason to be paranoid as long as one is paying attention to what Google profile information is public.
The new thing on Facebook, it turns on your microphone and listen in to your private life unless you are computer saavy and heard about it and you opted out?
….private life I didn’t mean private conversation.
Next to sign up using… why not have something like “we are going to have access to some of the info in there, just so you know.” (whether it is indirect or not)?
I can’t speak to the inner workings of any individual provider, but I do know how Kerberos works. If it’s set up correctly then clients don’t get access to things that they shouldn’t have. It’s unlikely that a provider would accidentally misconfigure a Kerberos-based SSO in such a way that the emails would be available as you suggest. If you trust the provider and you trust the protocol, then you can be fairly confident that only the information they say will be shared will be. Otherwise you can’t.
@jaytkay , it can only see “your email address”. I don’t know how you get that conclusion. Where is the indication that that is the case?
@flo
On Stack Overflow, when you choose “Log in Using Google” your are presented with a screen that says:
“Stack Exchange would like to
View your email address
View your basic profile info”
They must have updated it. They now get two permissions, not one.
@jaytkay yes they did update it, i.e they added “sign up using Stack Overflaw” better than before, but I don’t see what you are quoting there. I just see the Gmail log-in page, when I click Google.
I just see the Gmail log-in page, when I click Google.
Ahh, I see. I am signed into Google all the time, I am constantly looking at Gmail.
So it doesn’t ask me to log in.
That is what I described earlier in the thread.
Stack Overflow site asks Google, “Is this person logged into a Google account?”.
If yes, it asks Google, “Will the Google user share its email address and basic profile info?”
You can test this by going to Google.com or Gmail and logging in. Then go to Stack Overflow and it will not ask you for the Google password.
@jaytkaySign but what do you see happening if you have your Gmail signed out?
Let me take back my last post. The update is not an update at Stackoverflow sign up. If you click on Sign-up using _Stack Exchage (not Stackoverflow) you get 4 boxes with no words around.
@flo This is the sign up page for Stack Exchange. It doesn’t even offer the option of signing up through a gmail, Facebook, or other social network account. You simply create a new account with Stack Exchange.
Isn’t that what you prefer, based on your comments about sites “forcing people” (which they don’t) to use social network sites to sign up?
@jaytkay I used the word “require” You are quoting me as “forcing”.
Now, there is a yet another entity in the mix. What does Stack Exchange have to do with StackOverflow?
Also, if they want they could say If you let us to view your profile in your email or Facebook, etc. you would benefit from a,b,c. ”
@flo you were quoting Dappled leaves, not me. Probably you already noticed that but the editing window had elapsed.
Anyway, I heartily endorse your idea – “If you let us to view your profile in your email or Facebook, etc. you would benefit from a,b,c.”
Excellent suggestion!
@jaytkay sorry, sorry sorry, it is not you. Thank you for the endorsement.
There is a clickable icon Under “Sign up using Stack Exchange” what are the 4 boxes for?
@dappled_leaves??
@flo You brought up Stack Exchange here. I didn’t bring it up.
But they are not really separate entities, which is probably how you ended up on their login page. Per Wikipedia, “Stack Overflow is a privately held website, the flagship site of the Stack Exchange Network.”
But I am still trying to figure out: have you accepted that no one is requiring that you use a social network to log in to use their services? Or are you still concerned about that?
@dappled_leaves the question marks were for the misquote. You are not addressing the fact that you misquoted me: “force”.
@flo I did not intend to quote you directly as having said “forcing people”. Generally, if I am directly quoting someone, I will use italics. This was more in the spirit of “air quotes”. I was trying to give the sense of what you were saying (required, forced, demanded, expected… these are all equivalent for the purpose).
But I guess I was being a bit “presumptuous” by doing that (example of how I used the quotation marks – I am not quoting anyone here).
I’m genuinely sorry if that caused any confusion for you.
Do you have an answer to my question?
Answer this question
This question is in the General Section. Responses must be helpful and on-topic.