SoylentNews is people
SoylentNews
I recently had a spirited discussion with someone about authenticating to various websites. I personally take the approach of making an explicit new identity for every service I sign up for — local logins only. I never user a "Social" login like twitter/facebook/google, etc to access a site.
My reasoning is:
- It's a little harder to track my movements across the web; less data for the big players to crunch has to be beneficial in some way.
- When a data breach occurs, it limits my exposure to the breached entity. With the thought that, if the place you use as your only Authenticator for all websites get's compromised, what kind of exposure does that entail?
For some background, I'm a ten year professional in Web Infrastructure, with Identity and Access Management making up a decent part of what I do. After pretty much being called an irresponsible professional and told that no identity information will leak due to the way OAUTH works, I thought I'd throw the question out to the community to get a feel for how you handle accounts to different websites, as well as the inherent tracking and security concerns thereof.
Bytram noted that we had a discussion on a similar topic a while back: Personal Privacy in a Surveillance World -- How Important is it? - SoylentNews
(Score: 2) by wantkitteh on Saturday August 08 2015, @02:05PM
1 - If you don't pay for it, you're the product
2 - The central authority has to be able to identify both the account being authenticated and the site they are authenticating to. (See point 1)
(Score: 1, Touché) by Anonymous Coward on Saturday August 08 2015, @04:15PM
1 - If you don't pay for it, you're the product
But you see, buying the product does not guarantee that you will not be tracked.
(Score: 1, Insightful) by Anonymous Coward on Saturday August 08 2015, @05:32PM
> 1 - If you don't pay for it, you're the product
That is no longer true.
Nowadays even if you do pay for it, you are still a product, just no the only product.
Diversification, bitches!