canmove, Confirmed users
1,537
edits
Privacy/Reviews/F1: Difference between revisions
Jump to navigation
Jump to search
→Credentials
| Line 315: | Line 315: | ||
''The Risk'' is that we have unrestricted access to the user's third party accounts; compromise of the server or compelled wiretapping could be disastrous for not only our relationship with the user, but also for the privacy and integrity of their identities on the various third party sites. A compromise of this system could result in not only user-level access to their F1 capabilities, but potentially also identity theft by complete access to their capabilities on all third party sites including (but not limited to) password management, identity fraud, financial transactions, private information disclosure, etc. | ''The Risk'' is that we have unrestricted access to the user's third party accounts; compromise of the server or compelled wiretapping could be disastrous for not only our relationship with the user, but also for the privacy and integrity of their identities on the various third party sites. A compromise of this system could result in not only user-level access to their F1 capabilities, but potentially also identity theft by complete access to their capabilities on all third party sites including (but not limited to) password management, identity fraud, financial transactions, private information disclosure, etc. | ||
'' | ''Requirement'': Alternatives to an OAuth proxy should be considered in the design of this service. The major source of risk in this case is having access to and control over use of the users' credentials for various third party sites. If the chrome component or webapp component's content could completely manage sharing and act on behalf of the user from the client side, this privacy risk would not exist. | ||
==== Discussion ==== | ==== Discussion ==== | ||
| Line 338: | Line 338: | ||
- shanec|mixedpuppy | - shanec|mixedpuppy | ||
Just because OAuth is the only immediately available technology for deployment, doesn't | |||
mean we should use it. We should not trade user privacy for a few more months of | |||
deployment, and I think in this case there are alternatives we can and should explore. | |||
We lead by example: we make things better. It's not sufficient in this case to settle | |||
for a privacy-invasive implementation because it's how other services do it. We should | |||
innovate and show others how to do it right. | |||
- Sid | |||
==== Resolution ==== | ==== Resolution ==== | ||
Not Resolved. | |||
=== Browsing History === | === Browsing History === | ||