General Question

flo's avatar

Do the sites that ask you to sign up using your Gmail (let's say) have access to your email?

Asked by flo (7507 points ) May 26th, 2014

Let’s say ’here
If you want to sign up you have to do so using your for example your Gmail account. You have to click on that icon for Gmail on their site instead of getting into your Gmail account directly on your own. So, they have access to your email? Newspapers do that often.

Observing members: 0 Composing members: 0

15 Answers

GloPro's avatar

With NSA nothing is private, so who cares? If you don’t believe it’s all tracked and linked you are mistaken. Just give up thinking you have electronic privacy and roll with it.

jaytkay's avatar

Legitimate sites will tell you what level of access they get.

Your example, Stack Overflow, is not intrusive, it can only see “your email address”. I would accept that.

Usually sites want to see your contacts (oh hell no!) but not your email.

You mentioned, newspapers – I had a months-long email exchange with my local paper to get access without allowing them to see my Google contacts.

The customer service people were clueless. Nobody had resisted before.

By luck I got the cell number of the VP in charge of online accounts. He said, “I understand, email me and I’ll set you up”. He created an old-style login for me with user name and password.

GloPro's avatar

@jaytkay Can’t that list thing be circumvented if you have a fluff account for the sole purpose of signing up for things?

jaytkay's avatar

@GloPro You mean create a Google account with no contacts?

That works. I should probably do that.

But I got tired of maintaining multiple email addresses.

flip86's avatar

@jaytkay Use Mailinator. No sign up or password needed. Just make up any name and add to it. Just be sure that you don’t care if anyone else sees it, because everyone has access.

elbanditoroso's avatar

Technically, yes. Because if they have your Gmail login, they have access to all of your Google services, including your email (and your Voice account, and so on and so forth).

But it’s not just Google logins – if you log in somewhere else with your Facebook or Pinterest or LinkedIn login, you’re opening the door for that service to be entered using your credentials.

I would NEVER EVER EVER EVER EVER EVER use any social media or email login as a credential for some place else.

I don’t trust the providers on either side.


dappled_leaves's avatar

If they just ask for your email to sign you up for something (like even Fluther does), then no – they do not have access to your email. The only way anyone (other than the NSA) can access your email is if you give out not only your email address, but your email password.

jaytkay's avatar

@elbanditoroso Technically, yes. Because if they have your Gmail login

They don’t have your password. The software asks Google, “Is this person logged into a Google account?” gets a yes or no answer.

If yes, it asks, “What Google info has the user agreed to share?”

The minimum is simply “Yes, this person is logged into the Google account”.

@dappled_leaves The situation in question is different from Fluther. As I described above, a site can use Google to confirm your login instead of having its own login mechanism.

dappled_leaves's avatar

@jaytkay So they ask for people’s email passwords? That’s insane. Who would agree to that?

flo's avatar

Thaank you all. I thought everyone was going to say I’m too paranoid.

@dappled_leaves “So they ask for people‚Äôs email passwords”? The thing is they don’t ask you for your password.

dappled_leaves's avatar

I just read the part of @jaytkay‘s post that was directed at @elbanditoroso. So, not really a reason to be paranoid as long as one is paying attention to what Google profile information is public.

flo's avatar

The new thing on Facebook, it turns on your microphone and listen in to your private life unless you are computer saavy and heard about it and you opted out?

flo's avatar

….private life I didn’t mean private conversation.

flo's avatar

Next to sign up using… why not have something like “we are going to have access to some of the info in there, just so you know.” (whether it is indirect or not)?

rexacoracofalipitorius's avatar

I can’t speak to the inner workings of any individual provider, but I do know how Kerberos works. If it’s set up correctly then clients don’t get access to things that they shouldn’t have. It’s unlikely that a provider would accidentally misconfigure a Kerberos-based SSO in such a way that the emails would be available as you suggest. If you trust the provider and you trust the protocol, then you can be fairly confident that only the information they say will be shared will be. Otherwise you can’t.

Answer this question




to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
Knowledge Networking @ Fluther