Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What personal information does an OpenID provider make available to the consumer?

Tags:

openid

The issue of a foremost interest is whether my email address gets transmitted to the consuming service.

For example, if I use Google to login here to SO, does SO know my gmail address?

Does he know my name I entered in gmail settingы to be used for outgoing mails?

Does an OpenID provider transmit anything else?

Now, the hammer question: I understand that a consumer gets some kind of encrypted/hashed value to uniquely identify the provider-managed account. What if I wanted to reset this value to gets desassociated with my Google OpenID from all sites and re-register there again from scratch?

I find it quite stupid and user-unfriendly that SO (and probably other sites) do not inform their users of these privacy issues. You sign in and you don't know at all how private you are going to be. Nonsense. This is probably written in some OpenID specs, but would an ordinary user read them let alone understand them?

like image 568
User Avatar asked Aug 03 '09 20:08

User


1 Answers

Try reading this article about OpenID privacy.

like image 92
Amber Avatar answered Jan 03 '23 00:01

Amber