On 19 July 2022 13:46:36 CEST, "Joseph P. De Veaugh-Geiss" <jos...@kde.org>
wrote:
>Hello,
>
>On 7/18/22 17:47, Ingo Klöcker wrote:
>> One idea is to allow signing in with different commonly used identity
>> providers
>> (like Google, etc.) for our more user-centric websites where we cannot expect
>> most people to have an account at invent.kde.org already.
>>
>
>Is there not a potential tracking issue with allowing Google or other
>data-mining companies to be KDE's identity provider? [1]
>
this is only suggested for the user facing sites. those with a gitlab/identity
account would login with that account to them as well as our non user services
however this doesn't seem to offer any good privacy respecting option for our
users to use
>This seems to me to be at odds with KDE's vision: "A world in which everyone
>has control over their digital life and enjoys freedom and privacy."
>
>Of course one could argue it is the user's choice to use the service, but
>embedding such services in KDE's infrastructure suggests our community
>condones this kind of (potential) tracking.
>
I agree
education of privacy is something we also aim for and sending a message that
this is "normal" seems off
Is there any other OIDC option that isn't good enough to replace identity but
could function ok for basic accounts for users? I know running more stuff isn't
great?
--
Kenny (Pronouns: he/him)
