|
|
|
|
|
|
by as_
2107 days ago
|
|
|
Good idea to automatically give your email, name, photo and other details to _every_ site your visit, really?
Of course the login should be a voluntary action by the user. Btw luckily what reported doesn't work for me, the site ask to login. It should not be even possibile, at least without exploting a bug/vulnerability. |
|
|
> It should not be even possibile, at least without exploting a bug/vulnerability.
This is actually very much possible. I just learned that it's implemented using Google One Tap for Web. [1] That's the web version of One Tap, which lets Android app developers add single-click login using a Google account.
Apparently one of the features of the SDK is automatic sign-in [2], without any user interaction, which Quora seems to be using. In contrast, LinkedIn and Medium also use the same SDK but only suggest logging in with Google in a pop-up. [3]
Edit:
There's a way to turn it off. Disable "Google Account sign-in prompts" setting in Google account permissions [4].
[1]: https://developers.google.com/identity/one-tap/web
[2]: https://developers.google.com/identity/one-tap/web/guides/au...
[3]: https://i.imgur.com/ntmxSe2.png
[4]: https://myaccount.google.com/permissions?pli=1