Ask HN: How safe is it to login with Facebook or Google?

[jman1]

Lots of sites offer to avoid creating accounts with them and instead allow you to sign in with yor google or Facebook account. For eg Flickr. If I were to sign up for flickr using my google id what am I giving up in return for the convinence of not having to create a separate Flickr account. How much privacy am I giving up ? Given a sign up choice website specific account vs google/Facebook acct based sigh up, what is the better option ?

[Ryoku]

Well, your privacy is simply limited to whatever permissions you give to the web app you're logging in to (And all your public information as well), on one side. And on the other side, facebook records all the websites you visit who have a connection with them, when you do and for how long, etc. If you're comfortable with that, then... Well, you've got half the problem down.

I think what would really be worrying is the amount of power you are giving to a single authentication method. You are putting "All your eggs in one basket" As soon as someone is able to compromise your facebook account, either by facebook's or your own fault, all your other facebook connected accounts will be compromised; and the attacker can simply check your security app settings to know who have you logged in to.

And then again... What will happen when Facebook is not around anymore? Will all the websites you logged in to have a nice easy fallback option? Or will some/all of your related accounts be lost?

[hayksaakian]

It depends on what permissions they ask of you. If they don't ask for any, then they might not even get your email address. Typically signing up for a service manually requires you to provide more personal info than they may otherwise get via FB or Google. With FB there are many permissions that you can 'skip' albeit this isn't intuitive.

[jman1]

What happens to my data on the website when I revoke my permissions from google/Facebook ?

[hayksaakian]

Iirc they're supposed to delete it, but whether they do depends on them.

[andrewhillman]

FB doesn't delete any info - period. They seem to archive everything. For example, if you post a photo, then delete it, they still archive it. Delete to you is Archive to them. I have been doing small tests and this is what I have found.

[icebraining]

Parent(s) are talking about the websites that get data from Facebook, not Facebook itself.

[nwh]

Would you give them your full name normally? At the very least that's what you're giving them.

[001sky]

Is the issue what you give up to (a) facebook; or (b) the third party? systemic use of FB login vs single use? Do you consider your online history something of value? That's part of the dynamic for some people concerned about FB logins.