Nowadays a lot of websites (for instance CNET.COM and some forums) offer to login using your Google (Facebook, Yahoo etc) account instead of creating account on the website.
Can anyone explain what the implications of this are (let's talk about Google for the sake of clarity)?
The questions would be:
- What information does Google share with the website?
- If I use the same Google account to login to different websites – does website A know I use the same Google account to login to sites B, C, D?
- If I no longer want to use Google account to login to particular website – can I change my email to something else (other Google or non-google email) and still be associated with all the postings I made on particular forum?
It just seems to me that even though using Google account to sign in to third-party sites seems convenient initially it can cause a lot of headache in the future.
Best Answer
To answer your points using the same numbering scheme:
All Google should share is that fact that you are you. The 3rd party site is asking Google "is this person who he claims to be?". Google should answer "yes" or "no". No further identity information is needed nor should it be provided without an explicit request.
No site should know (or indeed need to know) what other sites you are logged into with your Google Id. Sites should be asking you if they can find out this sort of information - even if sites "B", "C" and "D" publish this sort of information anyway.
This will depend on the site. Your account should be independent of the authorisation method.
Notice that there are a lot of "should"s in this answer. You may find that some unscrupulous sites try to get this information and others are loose in what they publish for others.
If you have any particular concerns it would be better to contact either Google (the identity provider) and/or the site (the identity consumer) directly.