I recently had a spirited discussion with someone about authenticating to various websites. I personally take the approach of making an explicit new identity for every service I sign up for — local logins only. I never user a "Social" login like twitter/facebook/google, etc to access a site.
My reasoning is:
For some background, I'm a ten year professional in Web Infrastructure, with Identity and Access Management making up a decent part of what I do. After pretty much being called an irresponsible professional and told that no identity information will leak due to the way OAUTH works, I thought I'd throw the question out to the community to get a feel for how you handle accounts to different websites, as well as the inherent tracking and security concerns thereof.
Bytram noted that we had a discussion on a similar topic a while back: Personal Privacy in a Surveillance World -- How Important is it? - SoylentNews
(Score: 2) by Justin Case on Saturday August 08 2015, @01:22PM
Anytime someone tells you "but all those old concerns -- you can stop worrying -- they have been solved in this new zingy" you can assume you've found a liar, or a salesperson, but I repeat myself.
"The protocol itself has been described as inherently insecure by security experts and a primary contributor to the specification stated that implementation mistakes are almost inevitable."
https://en.wikipedia.org/wiki/OAuth [wikipedia.org]
I'm not an OAUTH expert myself but I'd suggest at a minimum you want to subject it to as much scrutiny as any other "secure"* solution.
* Protip: another flag that pretty much guarantees you're talking to a liar.
(Score: 0) by Anonymous Coward on Saturday August 08 2015, @03:17PM
Nothing can or will ever leak from any secure service or protocol ... until it does.