Future of Web Single Sign On in KDE

[Joseph P. De Veaugh-Geiss]

Hello,

On 7/18/22 17:47, Ingo Klöcker wrote:
> One idea is to allow signing in with different commonly used identity providers
> (like Google, etc.) for our more user-centric websites where we cannot expect
> most people to have an account at invent.kde.org already.
> 

Is there not a potential tracking issue with allowing Google or other 
data-mining companies to be KDE's identity provider? [1]

This seems to me to be at odds with KDE's vision: "A world in which 
everyone has control over their digital life and enjoys freedom and 
privacy."

Of course one could argue it is the user's choice to use the service, 
but embedding such services in KDE's infrastructure suggests our 
community condones this kind of (potential) tracking.

> Regards,
> Ingo

Cheers,
Joseph

[1] "Behind the One-Way Mirror: A Deep Dive Into the Technology of 
Corporate Surveillance"

   https://www.eff.org/wp/behind-the-one-way-mirror

 > "Finally, the biggest companies (Facebook and Google in particular) 
offer account management services to smaller companies, like “Log in 
with Google.” These services, known as “single sign-on,” are attractive 
to publishers for several reasons. Independent websites and apps can 
offload the work of managing user accounts to the big companies. Users 
have fewer username/password pairs to remember, and less frequently go 
through annoying sign up/log-in flows. But for users, there is a price: 
account management services allow log-in providers to act as a third 
party and track their users’ activity on all of the services they log 
into. Log-in services are more reliable trackers than pixels or other 
simple widgets because they force users to confirm their identity."

-- 
Joseph P. De Veaugh-Geiss
BE4FOSS Project and Community Manager (KDE Eco)
OpenPGP: 8FC5 4178 DC44 AD55 08E7 DF57 453E 5746 59A6 C06F