As privacy-oriented forum I think we shouldn’t encourage using Apple’s walled garden. Sign-in through github is more or less okay.
1 Like
Reason to use Apple SSO
- All the benifits of using SSO +
- Allows you to use MFA for services which doesn’t offer MFA (since apple force you to use MFA with Apple ID)
- Only thing shared are name and email.
- You have the option to hide email (generates unique, random email addresses that automatically forward to your personal inbox) or share the email.
- You can also change the name during the process or remove the name.
- Apple also claims to delete messages from the relay server after they are delivered ( if you choose the hide my email option)
IDK why PG use it. Maybe Discourse force forums to use it?
Feel free to use Github SSO instead of Apple SSO
1 Like
Yeah no reason not to use it if you already have an Apple ID.
IDK why PG use it. Maybe Discourse force forums to use it?
It’s a feature of Discourse yes. We could add more, depending on what people want. I think it also has Google.
2 Likes
If you create account with Apple then every time you sign in you send request to Apple servers. So efficiently they know every time you log in. I’m not sure if they can tell every time you visit the site if you stay logged in. Maybe you know.
And Apple knows that you registered on this site. Do you want Apple to know?
Apple is totally under control of US government. Doesn’t it bother you at all?
The other option is to create account with pure email. It seems like a better choice privacy-wise. This way you can transfer your privacy to Proton or something.
I’m no privacy extremist and can totally understand the convenience side. But privacyguides is a community which tries to guide people to privacy. And in my opinion offering Apple sign-in goes against this goal.
1 Like
This is directly quoted from the Apples’ whitepaper on sign-in with Apple. Didn’t feel like summarising as apple explanation is good.
Perhaps the most significant privacy benefit of using Sign in with Apple is
that Apple does not participate in tracking or profiling users and does not seek
to profit from users’ personal data. Apple will not track users as they engage
with their favorite apps and websites, or gather insights about developer’s
businesses in the process. In fact, Sign in with Apple has been built from the
ground up to limit the amount of information Apple can access or store about
the user’s sign-in behavior.
When a user engages with a new app using Sign in with Apple, Apple generates
a unique token for the user/developer pair and stores the email address that
the user shares with the developer. This allows Apple to manage secure
authentication anytime the user needs to sign in, and allows the user to view
and manage their relevant account details. Any subsequent visits to an app can
be handled on device without sharing any additional information with Apple.
Developers can call a local refresh API (getCredentialsState) to confirm that
the user is still securely signed in to iCloud on the device and allow the user to
continue using the app seamlessly without ever reaching out to Apple’s servers
or sharing any additional information.
If an explicit sign-in is required to continue using an app—for example, to sign
in to a financial services app with a limited session length—the developer will
call an authentication request API (ASAuthorizationAppleIDRequest) that
returns a token from Apple’s servers to allow the user to quickly sign in again.
In this case, Apple receives basic information about the sign-in event, including
the IP address and the Apple ID being used, but deletes this information after
a maximum of 30 days.
When signing in using a non-Apple web browser or an app running on another
platform, Apple is not able to provide an equivalent to the local refresh API.
Therefore, developers will need to make a fresh authentication request each
time the user needs to sign in. The same token will be returned from Apple’s
servers and the same 30-day data deletion policy applies.
This is the extent of information that Apple collects regarding users’ activity
as they use Sign in with Apple. Apple does not provide any tracking tools to
developers or receive data from any analytics or advertising tools that might
be employed by any particular app. As a result, users can take advantage of
the convenience of Sign in with Apple with the peace of mind that Apple is
not tracking or profiling them.
tldr: “Sign in with Apple has been built from the
ground up to limit the amount of information Apple can access or store about
the user’s sign-in behavior”
1 Like
Hm.
Okay, thanks for answer, I ought to do some more research. Might come back to this issue later.
As 404 points out, this does not seem to be the case. However, even assuming this is true, many services will send a confirmation email when you first sign up for an account and then every time you sign in after that (you might be familiar with the “Your account was logged into from a new device” emails), so effectively your email provider also gets alerted whenever you login.
There is no evidence for this, we discourage making large claims like this without evidence.
1 Like