Comment by lmm
4 years ago
> I am still struggling to understand what immediate and painful need users have with trusting Apple, Facebook, Google etc with their identity.
It's not so immediate until you get banned, but they've all been gradually stepping up their politicised banwaves. And there's always the concern about what happens when one of them goes the way of Yahoo.
> If people had some issue with this then users would simply not use OAuth and default to creating an account for each service they use.
Which has huge practical headaches, to the point that OAuth being the least-bad option doesn't say a lot.
What's to stop e.g. Google from creating a blacklist of these public identities again?
Defaults and ease for site operators matter. Google could publish a blacklist but it would be opt-in, and if one blacklist starts being unreasonable then site operators can easily switch to another.
What's to stop Google from creating and using an internal blacklist - not for publishing.
1 reply →