Feeds

back to article Google+ goes single sign-in, exec roasts Zuck's 'frictionless sharing'

Google+, which is the ad giant's "network thingy", can now be used to sign into third-party apps, the company confirmed today. It works a lot like Facebook Connect. Google said that developers building apps for Android, iOS or the web can now allow users to sign in via Google+. "It’s simple, it’s secure, and it prohibits social …

COMMENTS

This topic is closed for new posts.
JDX
Gold badge

Woah they didn't already have this? Like it or loath it, this is one of FB's biggest strengths.

0
2
Pirate

Fixed it for you

Woah they didn't already have this? Like it or loath it, this is one of FB's biggest security nightmares waiting to happen.

14
1

Re: Fixed it for you

More of a privacy nightmare. It will allow both services to do a deeper level of tracking than they already do, because you are explicitly allowing it. Thank goodness for Firefox's cookie controls, along with No Script and Adblock+. My paranoia probably really isn't needed though, as the purpose is to sell crap to me and I block all ads anyway. Targeted or not.

2
1
JDX
Gold badge

Re: Fixed it for you

You stick to 400 accounts and passwords then. I'll get on with using my PC to make my life more rather than less easy.

Trust me, your life (data) is far less interesting than you imagine it to be.

6
5
Anonymous Coward

Re: Fixed it for you

> Trust me,

Famous last words

7
0
Bronze badge

Re: Fixed it for you

I'd rather go with LastPass than Facebook/Google to store my 400x24 digit passwords. Heck, I'd rather write them down next to my PC than go with those two!

2
0
Gold badge
WTF?

As I didn't know it existed, nor did I miss having it, if that's one of their biggest strengths the reason for FB's popularity continues to elude me.

3
0
Silver badge

Re: Fixed it for you

One rule of thumb for life - never trust anyone that says "trust me".

0
0
Bronze badge

They had (and still have) Google OpenID and OAuth 2.0 endpoints (https://developers.google.com/accounts/docs/OpenID), which are something I've made heavy use of for a number of projects.

The news is about making available additional abilities and access of information to the user's G+ and other services.

If this allows reading private posts and filtering by circle, I can retire my homegrown G+ RSS feed at last!

0
0
Meh

Still enforcing "real names"?

Meh, if they still have that stupid policy of insisting you use something like a "real name", I'm still not going to venture in there.

3
0
JDX
Gold badge

Re: Still enforcing "real names"?

Pretty atrocious to suggest we should have some sort of accountability for our actions. I think it's an assault on our freedom I can't use my handle on my passport.

3
10
Thumb Down

Re: Still enforcing "real names"?

What's the point in asking for a real name, as Google does, if you don't make any effort to check the real name, as Google doesn't? Where's the accountability there?

2
0
Anonymous Coward

Re: Still enforcing "real names"?

Google does run checks and has been known to close off more than a few accounts and demand ID.

0
0
Silver badge

Also for Google Play reviews now

My thoughts too, especially how atrocious their enforcement of it is (claiming it's okay to use a name you're commonly known by, but then banning people for unusual names even if it is their common or legal name) - but I'm also worried that Google have now restricted Google Play reviews to Google+ accounts.

All the usual arguments about real names apply here: yes, there's some argument about having accountability for reviews, but there are plenty of reasons for wanting privacy (suppose it's an app for a gay dating website, and someone doesn't want to be outed, or have their pseudonym on that site linked to their real name) (also if you use a pseudonym on a website, and there's an app for it, it's actually less anonymous to leave a review with that same pseuodnym). As a developer, I also don't like this change, as it means people are less likely to leave reviews (I like getting good reviews!) Also, the dumb 1 star "it didn't download" reviews tend to be sincere, even if misguided - so requiring a real name won't stop this, these reviews aren't the result of trolling.

But there's also a far bigger additional problem - it means to leave a review, your Google+ Real Name account is now linked to your Google account/phone. So the idea of using a Google account specific to your phone (as I and many others do) goes out the window, as it'll be linked with your real name and that other account anyway.

1
0
Silver badge

Re: Still enforcing "real names"?

Says "JDX" - is that your real name? Your Register account will be banned until you provide legal documentation showing this.

(Your passport analogy is meaningless - I don't need a passport to leave a Google Play rating, or comment on a website, nor would I want such a requirement. Are you seriously suggesting those things should have the same level of security as entering another country?)

1
0
Silver badge

Re: Still enforcing "real names"?

There was a time before you needed a passport to enter a different country. You can't escape the passport system if you want to enjoy the whole planet but you don't have to login to Google in order to enjoy the whole web.

And a G+ public profile is STILL not a requirement for using gmail or YouTube but the register STILL says it is. El Reg will never understand G+.

0
0
Devil

Re: Still enforcing "real names"?

I use Gmail, but I was deeply bothered by the lastest set of nags on YouTube to provide a profile (in the last couple of months). I had to go through a number of steps to INSIST I wanted to keep my current handle with relatively anonymous information. Since I signed up with YouTube years before they got bought by Google, it's even more irksome.

Definitely seems like a slippery slope at present. Look at Google Play - I enjoy my Android, and I used to leave reviews of apps regularly. Not any more since their latest change enforcing a G+ profile.

1
1
Silver badge

Learning from other people's mistakes

I turned off updates from that Mafia-Wars crap at least 6 times, and it's one of the major things that made me leave FB and go to G+. When something as simple as "no, I don't want to see these" is broken....

5
1
Anonymous Coward

Re: Learning from other people's mistakes

One has to be really stupid to not know how to turn it off.

0
5
Silver badge

Re: Learning from other people's mistakes -@AC

Which bit of " I turned off updates from that Mafia-Wars crap at least 6 times" didn't you understand. Maybe the stupid lies elsewhere ...

4
0
Anonymous Coward

If I'm going to spray a good update...

...there needs to be at least a little bit of friction.

Regarding the whatchamacallit issue, have they considered referring to it as a "portal"?

I just came up with that, seriously.

0
0

It's all about trust

Funny thing is, I'd actually trust Google enough to use that login for other things. Well, SOME things.

Facebook? Not on your life, both for the obvious privacy reasons, and because I assume that connecting anything to Facebook means a barrage of FB timeline spam* that I don't need or want.

No, Facebook is maintained as a tiny little island cut of from anything else in my life.

* Actually, the spam on Facebook is a great source of entertainment. Or more specifically, the comments that follow. Last week WalMart spammed us with news of their Green Student Challenge thingy, and the negative comments ran into the THOUSANDS. Broken up periodically by some poor social media moderator trying to convince people to behave nicely. McDonalds spam yesterday suffered the same fate.

4
0
g e
Silver badge
Big Brother

Facebook. Frictionless sharing.

Slippery sharing, more like. It's a question of semantics.

0
0
Gold badge
Facepalm

"...forcing Google account holders to have a presence on the site....."

Grr. I accidently became part of Google+ the other day, by hitting the wrong button in another part of their Edifice 'o Shite while signed in.

There doesn't seem to be a way to undo that and revert to being nonplussed.

Hmm, it says here that "nonplussed" as a word dates from around 1600. I wonder how Google managed to make something so unloved that the h4te started over 400 years before the product was introduced.......?

0
1

Re: "...forcing Google account holders to have a presence on the site....."

You can close your Google plus account it's in the account settings somewhere

2
0
Silver badge

Re: "...forcing Google account holders to have a presence on the site....."

You're not forced to have a presence on the site. Google is a better source of information on Google than the register is... https://plus.google.com/u/0/downgrade/

0
0
Silver badge
Coat

Bad enough

That they want you to use one Google Log in for gmail, Docs and YouTube (As far as I concerned unrelated services).

I'd rather have my own notebook of accounts (never kept near laptop) and my own local password manager (only used for accounts that don't involve money).

Someone needs to beat Twitter, Facebook, Google etc over the head with a stick with nails in it and make them eat copies of data protection acts and security best practice till they change their ways.

Also would places like BBC stop promoting Google, Twitter etc ...

... wanders off muttering darkly ...

Mine's the long brown one with a bag of 4" nails and hammer.

0
0
Bronze badge
Megaphone

Re: Bad enough

Not sure what you're getting at... Federated logins (SSO) shouldn't reduce security in real world terms.

Most people (anecdotal, but I'm sure you'll agree) use the same or similar passwords on everything, because they get bored of coming up with new ones (or just don't care, until something gets hijacked).

The question is, do you trust Jim's DIY Forums (yes, yes, "Fora" is the plural) to hold your password securely and deal with any external attack, or Google? Using an open standard (OAuth 2.0) means that they shouldn't be in a position to abuse the trust and access the accounts you link in, and they provide an easy 2FA from the bat.

I'd say that it improves most users' personal security by a large amount.

1
0
Anonymous Coward

I'm not comfortable logging into some random site by giving them my login details from another site. How do I know for certain that your site is not going to take my details to harvest my account of information and spam everyone I know with penis pills.

You may as well put in a couple of text boxes for me to enter my credit card details under the header of 'Check if you credit card has been cloned.'

I'm not going to fill it in, but some sucker will.

1
1
Silver badge

You'll be OK using the likes of Google and Facebook for logins then, because you enter your details on their sites instead. Conversely, the credit card companies came up with something which involved inputting your details on an iframe within a retailer's website. The domain of the iframe was something like "securesuite.com" instead of your own bank's site, but you wouldn't know that unless you hack the html. It's like they're training people to get robbed!

1
0
This topic is closed for new posts.