Hello,
On 7/18/22 17:47, Ingo Klöcker wrote:
One idea is to allow signing in with different commonly used identity providers
(like Google, etc.) for our more user-centric websites where we cannot expect
most people to have an account at invent.kde.org already.
Is there not a potential tracking issue with allowing Google or other
data-mining companies to be KDE's identity provider? [1]
This seems to me to be at odds with KDE's vision: "A world in which
everyone has control over their digital life and enjoys freedom and
privacy."
Of course one could argue it is the user's choice to use the service,
but embedding such services in KDE's infrastructure suggests our
community condones this kind of (potential) tracking.
Regards,
Ingo
Cheers,
Joseph
[1] "Behind the One-Way Mirror: A Deep Dive Into the Technology of
Corporate Surveillance"
https://www.eff.org/wp/behind-the-one-way-mirror
> "Finally, the biggest companies (Facebook and Google in particular)
offer account management services to smaller companies, like “Log in
with Google.” These services, known as “single sign-on,” are attractive
to publishers for several reasons. Independent websites and apps can
offload the work of managing user accounts to the big companies. Users
have fewer username/password pairs to remember, and less frequently go
through annoying sign up/log-in flows. But for users, there is a price:
account management services allow log-in providers to act as a third
party and track their users’ activity on all of the services they log
into. Log-in services are more reliable trackers than pixels or other
simple widgets because they force users to confirm their identity."
--
Joseph P. De Veaugh-Geiss
BE4FOSS Project and Community Manager (KDE Eco)
OpenPGP: 8FC5 4178 DC44 AD55 08E7 DF57 453E 5746 59A6 C06F
