I recently had a spirited discussion with someone about authenticating to various websites. I personally take the approach of making an explicit new identity for every service I sign up for — local logins only. I never user a "Social" login like twitter/facebook/google, etc to access a site.
My reasoning is:
For some background, I'm a ten year professional in Web Infrastructure, with Identity and Access Management making up a decent part of what I do. After pretty much being called an irresponsible professional and told that no identity information will leak due to the way OAUTH works, I thought I'd throw the question out to the community to get a feel for how you handle accounts to different websites, as well as the inherent tracking and security concerns thereof.
Bytram noted that we had a discussion on a similar topic a while back: Personal Privacy in a Surveillance World -- How Important is it? - SoylentNews
(Score: 2) by wantkitteh on Saturday August 08 2015, @02:05PM
1 - If you don't pay for it, you're the product
2 - The central authority has to be able to identify both the account being authenticated and the site they are authenticating to. (See point 1)
(Score: 1, Touché) by Anonymous Coward on Saturday August 08 2015, @04:15PM
1 - If you don't pay for it, you're the product
But you see, buying the product does not guarantee that you will not be tracked.
(Score: 1, Insightful) by Anonymous Coward on Saturday August 08 2015, @05:32PM
> 1 - If you don't pay for it, you're the product
That is no longer true.
Nowadays even if you do pay for it, you are still a product, just no the only product.
Diversification, bitches!