[Schiendelman]

1. Not in the case of Apple, since you get a unique key that's only usable for your service.

2. Did anyone say something about "only" here that I missed? I just want it added.

Everything else you wrote seems based on a significant misinterpretation of what I suggested. Maybe... ask a question next time?

[dredmorbius]

So, question: is AppleID based on OAuth? And yeah, I'm underinformed on these, though I'll stand by at least some of my concerns applying.

Amongst the problems of adding a megacorp's identification protocols is that those have a strong tendency to embrace, extend, and extinguish (<https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...>). See what's happened to email, RCS messaging, and for that matter, online and social services themselves.

Again, the federated Mastodon poses a far lesser risk of this, though if that project were to be compromised it could go pear-shaped.

[Schiendelman]

But Mastodon doesn't solve the stated goal by the service of why they want you to have a login. ;)

[dredmorbius]

I asked a specific question, per your request.

You've ignored it.

As for the stated reasons for utilising Mastodon as a sign-on service, Bubbles seems to share my views:

Why Fediverse and not email/password login?

We don't want to manage accounts. No passwords to store, no emails to verify, no spam accounts to moderate. The Fediverse handles identity for us, and no single company controls it.

It's difficult to tell what you're hinting at so long as you're not being explicit, but if your concern is that Mastodon accounts permit multiple votes per individual, yes, that would be an issue. However there are few systems which afford a hard guarantee against that (though many might increase costs), and there are other ways of identifying coordinated or fraudulent voting patterns (talk with the HN mods about that some time, or any collaborative-filtering / collective-voting based discussion platform).

[dredmorbius]

Late add: above quote from <https://bubbles.town/faq>.