| ▲ | michaelt 5 days ago | |||||||
I'm curious - how does the standard make "to continue, google.com will share your name, e-mail address and profile picture" compatible with "a modern, privacy-preserving standard for federated identity on the web" ?? I mean, that doesn't sound privacy-preserving at all? | ||||||||
| ▲ | aaronpk 2 days ago | parent | next [-] | |||||||
It refers to the property of FedCM that means nothing about your account is revealed to the website until you click the "Continue As" button. In other words, alternatives to this that use third-party cookies enable tracking you between websites without any user interaction. | ||||||||
| ▲ | mooreds 4 days ago | parent | prev | next [-] | |||||||
I don't think they are trying to preserve privacy between you and the identity provider you are logging in with and the website you are logging into. (At least not now. There's talk about some of this with IDP delegation, I think. Here's more on that: https://github.com/w3c-fedid/delegation ) The first goal is to prevent data brokers from correlating data about users across the Internet using cookies and redirects. You can read more about the privacy focus here: | ||||||||
| ▲ | benlivengood 5 days ago | parent | prev [-] | |||||||
Why would you share your real name with Google when making a gmail account, or use your real picture? It's fine to be pseudonymous on the Internet if you are in control of your pseudonyms, which Google accounts actually does allow with some extra work (don't mix your chrome profiles and Google accounts, etc.) Or, like me, you can roll the dice on real names on the Internet (for professional things mostly) | ||||||||
| ||||||||