For example, when using Stack Overflow with Google openID provider is my Google address exposed to Stack Overflow?
(It seems like it is because it displays my email.)
Is there a way to prevent that?
I thought OpenID was supposed to be private?
Gmail – Does OpenID expose your email address to websites that use the service
gmailopenidprivacy
Related Topic
- What to do when your OpenID provider shuts down
- OpenID Plug-ins
- Google-account – Don’t Google profile links work as OpenIDs any more
- Can Google host the OpenID delegating page as MyOpenID does
- Gmail – How to Find an Email Address Within the Body of an Email
- Gmail – Delete the email that was used to create the account and login using an alias in Gmail
Best Answer
When you log in via OpenID, some information is given by the OpenID provider to the consumer website. The actual login part, where you type in your password, is done on the providers web page, so the consumer website doesn't know your login details. However, the OpenID provider will send to the consumer site, some of your profile details. Just what details are disclosed depends on the provider.
For example, if you sign in using your google ID, then the consumer site will be given your full name and email for a basic request. Google may also disclose your real world address and language preference. With a get_contacts call, Google would disclose your full contacts list and their email addresses (similar to when you do "Find Friends" in Facebook or similar social site.)
Some other Open ID providers will give more or less info to the consumer website. There's a nice list of what is given out by whome on this website. Facebook, MySpace and LinkedIn seem to give out the most about of info. Other providers like Twitter and paypal give out relatively less info.