101
login with Facebook buttons. this needs updating. But nobody read the descriptions anyway. I can write anything here... I believe in aleins. Little green men live on my street. Why are you still reading this? It's rubbish. You silly billy. Subscribe - http://www.youtube.com/channel/UC0HAW8tgFA_xEmeUupuRwiA?sub_confirmation=1 Chapters - 📺 0:00 - Intro - What is the Login with Facebook Button / OAuth 2.0 / 📺 0:29 - Part 1 - Your Data // What data do these "Click to Log in" buttons take from you 📺 1:16 - Part 2 - How do these buttons work? 📺 3:21 - Part 3 - Advantages for Facebook 📺 5:10 - Part 4 - The Negative Impact // What can we do about it? OTHER VIDEOS - Facebook - 👉 The Evil Business Model of WhatsApp - https://youtu.be/YumfmeBYPhQ 👉 How Facebook uses your period data to sell you stuff - https://youtu.be/WazCiuVKlbY 👉 Facebook Shadow Profiles explained - https://youtu.be/sR8M8hZxuPo 👉 Every toxic thing Facebook did in 2021 - https://youtu.be/aRWB81qrzts 👉 Can Facebook be forced to delete the algorithm? Yes, here's why. https://youtu.be/fHZftxVdeGM 👉 https://youtu.be/y0cdD6cCBwI Amazon - 👉 Amazon Go's toxic longterm plan - https://youtu.be/YQCpHVWxUrE 👉 Every toxic thing Facebook did in 2021 - https://youtu.be/ha4_2GS2_HA Twitter - 👉 Why is Twitter so toxic - https://youtu.be/lT7e_P8rfuk Everything else - 👉 Why Tinder ruined your dating life - https://youtu.be/pNR2We-Srro 👉 The Rise of Dark Patterns - https://youtu.be/cjMbtDcHL7k 👉 All the privacy issues in Clubhouse app - https://youtu.be/HfZJZl22mg0 👉 8 counter-arguments to common privacy misconceptions - https://youtu.be/7RcjYdn3I5U 👉 You're wrong about the value of NFTs - https://youtu.be/zfPYMRbSne4 👉 How social media has changed how we talk - https://youtu.be/gZ-nW2kRkuY 👉 Here's why you don't read the terms of service - https://youtu.be/zni2DiCQ7rU ———————————— 💬 let's chat about data / privacy / the internet on Reddit - https://www.reddit.com/r/TheInternetExplorers 💬 I've also got a Discord - https://discord.gg/rGcht3SJyV ✍️ Follow on Twitter http://Twitter.com/Thismademecool 📧 Join the mailing list - https://bit.ly/30eHZ7I ✨ Join the internet explorers on Patreon - https://www.patreon.com/SimonCaine 🎧 My podcast - https://podcasts.apple.com/gb/podcast/ask-the-industry-podcast/id946220937 ———————————— All elements were created by me, comedian Simon Caine. ———————————— #facebooklogin #META #oauth ———————————— My gear (affiliate links) Camera - https://amzn.to/2YezaZl Lens - https://amzn.to/2Y1yjuQ Ring light/stand - https://amzn.to/3gTKhiI Software - https://amzn.to/2Y449Hr Graphic Tablet - https://amzn.to/3gOXGbX Green screen - https://amzn.to/3ePYD1H Phone - https://amzn.to/323MtPF ———————————— This is the best for the algorithm... no need to read it (I've been told it's important / helpful) Simon Caine is an English award-winning comedian, writer, author, podcaster and human based in Edinburgh Scotland. He makes a video a week, released every Sunday. Over the last decade, he's performed all over the world, from London to NYC to Australia. His most recent show "every room becomes a panic room when you overthink enough" got 5* reviews at the Edinburgh Fringe where he sold out the run. Previously he opened for Trevor Lock, Ben Miller and Henry Ginsberg as well as gigged on the same bill as people like Terry Alderton, Mark Dolan, Matthew Crosby and Bec Hill. He's been featured in the Huffington Post “Tweets of the Week” feature several times and had jokes/writing appeared in The Poke and other publications. He hates writing in the third person.
This is bad advice. Federated identity and oauth are great tools. You need to use the right identity provider.
When some random website gets hacked and has its authentication database dumped your credentials won’t be in there.
You can see what a website has access too from your identity provider.
It’s federation. It’s a trust model. Like the fediverse.
The biggest reason not to use a single account like this is that you lose everything if you lose the owning account. It’s bad advice to say you should absolutely do one or the other. It’s good advice to consider the risks.
So you create a new email for every account you make?
Do I use an aliasing service that allows me to change the account emails point to? Yes. Can I access those accounts with access to my email? Yes.
The issue here is that if you lose access to social network that logs you into those things, you lose the account. If you have an actual account, not delegated access, you can still access the account with the social account.
I’m struggling to find some good article examples because Google is rolling out inactive account deletion and that’s polluting my search results. So go test this out yourself: go try to change the account name/email, password, or MFA for any of those accounts you use social auth for. Try figure out how you would log into without that social account. Next do the same thing with an account you don’t use social auth for.
Same but this basically puts all the trust in your mail provider which also sucks.
We should have logins with security keys and/or local biometric unlocking. I think that would already increase security and ease of use a lot. But these things are so expensive and not well supported yet
In theory, my email only serves as a way to verify me and spam me. A good account may require an email for communication and should allow that email to be changed without losing the account, in the same way the good account will let me change the password, the MFA, and ideally even the username (looking at you Steam). Same as a phone number. We’re beginning to see a move toward that flexibility. Most accounts with MFA allow it.
First - mail server might literally be on a box in your home under your full control. Second - if it’s not the case, you don’t need to stick to a single provider. I have mailboxes tied to different platforms on different providers, so I cannot lose all at once.
If you’re worried about losing access to your email, consider switching to one with custom domain and a provider that supports it.
Not exactly sure if the Fediverse is a great example of user privacy.
What happens when the federated identity provider gets breached, and a bunch of identities are associated with a single account?
How much information can actually be kept out of a database if you use a federated identity provider… A password? Even assuming they are stored in plain text, you should be using a different password per website.
They handle it better and your options to respond are better.
You can immediately invalidate all associations for instance. You can revalidate them too once your identity provider is back up and running. Okta is going through this right now I believe, but I haven’t been paying a whole lot of attention to it.
There’s no password with federated sites. It’s certificates to prove the connection is valid, and tokens.
The federated website could chose to save nothing about you. It would make it a lot easier for them to do so, as it means less resources to manage, and less PII to be concerned about storing.
What’s considered a good id provider?
One you have a business relationship with. You can sign up for a paid account with google or Microsoft. Use your own domain. Disable what ever adware options you’d like, and use that as your identity provider.
While you can roll your own, many services if they even support custom saml federation only do so for enterprise customers. You’re much more likely to find useful federated services with google or MS.
I would never recommend Facebook.
Advocating for using some of the biggest privacy violators to log in to all your accounts! Business relationship or not this is not good advice for your privacy.
Yeah, after all that bloviating about privacy and securing our data, turns out we should just trust… Microsoft!?
Aka a different company that was part of PRISM alongside Facebook?
deleted by creator