[boesboes]

I wonder how anyone can think 'you know what, my website, that you don't even need to sign in to for 99% of the use cases, needs a big popup from google!'

Aside from the security/privacy considerations, why the fuck would you do that to a website? SSO from a login page? sure, whatever. a f'ing popup on every page for a SINGLE provider? That is just brain-rot. Do they pay you to do this?

[Sayrus]

Usually it's because users will login or miss click on it. This will give their email address and personal information so that they can be sold or spammed. On another note, it boosts new accounts/sign-in metrics.

It does suck for the user.

[zwog]

> Do they pay you to do this?

I don't sites get payed (with money) but it probably improves the ranking in the search results (or at least some SEO guide claims that, so everybody does it)

[whstl]

I worked in some companies that had this popup, and the most common goal was to harvest email addresses for newsletters.

Setting this up has become an automatic request from marketing people, almost as common as asking us to setup Google Analytics and such.

This is almost the equivalent to them to "have a CI/CD" for us devs: not having such things for them is strange, almost wrong. Of course the end goal is totally different.

[zwog]

> I worked in some companies that had this popup, and the most common goal was to harvest email addresses for newsletters.

Ooh, I've never looked into it, but I would have thought that with this feature the website explicitly does NOT get my email address. Silly me, still believing some features are meant for the user.

[whstl]

For fairness, I just disabled my Ad Blocker to check, and the popup seems to have changed, but the previous popups were quite explicit about sharing your email with the website:

https://superuser.com/questions/1414410/how-to-disable-googl...

I can't confirm whether the email is still shared. It used to be the case from late 2010s up to a few years ago.

[bilekas]

While I don't consider myself an apple fanboy by any means they really did do a good job with their apple sign in, I don't know the full process but they seem to use an email from a pool of apple IDs for emails that prevent the app/service ever getting your real email.

It would be easy to assume that other oath providers are doing the same but absolutely not.

[whstl]

Yep, it uses an auto-generated @icloud.com for "Hide my Email" (useable in any website, or even if you want to give to someone in person) and @privaterelay.appleid.com when you use "Sign In With Apple".

This is quite visible in User Accounts where I work... while they do cause some issues from time to time (when the user disables the relay address for an active account), it guarantees privacy.

But I don't know if other popular single-sign-on provider do this.

[cjpearson]

It's an easy way to increase the user count and claim growth. Since the link is to StackExchange, it may be relevant that they are now dealing with a huge spike in users who do not actively participate and probably unintentionally created an account.

https://meta.stackexchange.com/questions/402813/user-activat...

[fmajid]

It’s a useful canary for “watch out, this site does not care one whit about your privacy”

[CalRobert]

I think we’ll see more of this to stop bots and llm scraping. It will likely not show up for chrome users eventually, further cementing Google’s dominance

[pantulis]

> Do they pay you to do this?

Apart from Google sponsoring this in some way or the other (by boosting up SEO ranking in sites that display this) I believe that this is a consequence of the third party cookiegeddon and I guess that once your users allow this login their activity is tracked as first party in your website, which would simplify things a lot for, well, tracking user behaviour. Of course Google benefits more.

[michaelt]

I'm pretty sure 95% of business types and developers visit their own websites with a load of cookies already set, so they never actually see the first-time-customer experience.

If someone has searched for gloves on Google, and clicked through to my glove selling website, they're clearly ready to buy some gloves. Why the hell would I put a full screen cookie consent popover in their way? Or a join-our-mailing-list popover? Or require them to complete a captcha to create an account before they can check out? This person wants to give me money, why would I put barriers up in their way?

And yet quite a few sites do precisely those sort of things.

But if everyone dogfooding the site arrives with cookies that hide the popovers, and an account already created - I could believe they just don't realise how bad their website is.

[photonthug]

More likely that many (most?) employees don’t care about directly harming the company they work for if they can score points for themselves or their departments in the corporate version of game of thrones.

Similar to how in a two party system, politicians will often prefer to lose elections to the other party, rather than lose control inside their own party.

It only looks self-destructive from the outside.. inside a sufficiently large bureaucracy me/us/them all get muddled