I'm the opposite.
I NEVER use a third party login, my it be Apple, Google, Facebook or whatnot.
If your website/app doesn't offer their own independent login, I don't even think once whether I really need it.
Agreed. I find the mere sight of the Facebook or Google logo off-putting and resent the implication that it is a higher-priority login mechanism than email, a sort of act of fealty of the app/web developer to the big platform middlemen.
I run my own mail server so it's easy for me to implement vendor-specific email addresses that cannot be correlated with other vendors', but more and more companies are offering that as a service nowadays, DuckDuckGo most recently:
I use them as a developer to offer it to users, not Apple though and not for apps.
But I wouldn't want any of those companies know which services I use. I am fine with using Auth0 or other third party providers, but only if I have to.
You don't even need to verify the mail in my cases, you could even use a completely fictious one. Clean, easy, anonymous.
Not really sure about smartphone hell, but most identity providers offer up the mail of the user anyway. Maybe that is different in phoneland though.
I think preferring to use the website/app's own login makes initial sense, but distributing your personal information around opens you up to more opportunities to get tracked/pwned/leaked/whatever.
I used to prioritize the domain's own login, but now I'm starting to mix in some logins with Apple... I just prefer to have _less_ people have my personally identifiable information.
Agreed, it screams two things to me. First that the company is supremely interested in collecting my personal information beyond what I would normally expect to provide. Second that they’re just too lazy to implement their own user system.
To the average user, social login is about convenience. I see a large number of responses in this thread that seem to have forgotten about the most important person in this whole conversation: the end-user.
Users want
- Easy access
- A familiar experience
- A consistent experience
- To avoid more passwords
They generally are not aware of the privacy tradeoffs they're making by using social login.
I'd argue that if the developer truly wants to fight the good fight, they should remove social login altogether.
I find it odd that the options they support willingly are the options that are most user-hostile from a privacy perspective while the option they begrudgingly support (while making a big fuss about it) is the one option that actually tries to protect the user.
You clearly don't understand how social logins work, nor their benefits for users and site owners. Both of your assertions are wrong, and both "bad" things are exactly the opposite.
You don't get anything beyond what you ask for AND are granted access to by the user.
FB login gives email and name AFAIK, but you can ask for lots of other stuff and be denied. Google defaults to email, not sure about name, and has separate requests and grants for any additional information. They don't have nearly as much of a profile as FB does, but can give address and some other details. Apparently Apple doesn't even provide a real email, so that seems even better for "collecting [your] personal information" than using... your personal email address!
Social login is much better than storing passwords in any form (plaintext, encrypted, hashed), and gives both the user and site owner the benefit of FAANG security.
