lembas, There are some issues which the legal notice does not address;
1. It does not explicitly say whether the authentications cookies are encrypted or not. Often crackers can access an unencrypted cookie and can steal the user credential.
2. Authentication cookie is a functional data. Unless a user knows what goes into it, we cannot explicitly understand what it does. The source code/cookie format needs to be published in that case.(Just like Libre-Javascript.)
3. It does not explicitly mentions who all can acces the cookies, only the concerned service provider or someone else. It also does not tells what information the cookie conveys to the authentication service.
4. It does not mentions whether these authentication cookies are accessible to the user.
5. One more addition:- Canonical can change the legal notice at any time; This makes clear they can change their policy regarding how they use the user credentials, or what data the authentication cookies can deliver to the authentication site (eg. Facebook).
These are enogh defense to consider 'Online Accounts' with suspicion.
