Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Internet Privacy Programming Security Apple Technology

Apple Introduces Privacy-Focused 'Sign in With Apple' Button For Sites and Apps (thenextweb.com) 75

Apple today announced a "Sign in with Apple" button -- that is similar to sign-in buttons from Twitter, Facebook or Google that allow users to quickly login to a range of services using their social media account. But unlike any existing solution, Apple is focusing on privacy. From a report: More importantly, you can choose to hide your email address, and Apple will generate a random email ID visible to only to that particular app that'll forward all emails to your main email ID. Plus, this method creates a unique random email for each app, so that they can't track you and your personal data. The new sign-in feature is available across MacOS, iOS, and websites.
This discussion has been archived. No new comments can be posted.

Apple Introduces Privacy-Focused 'Sign in With Apple' Button For Sites and Apps

Comments Filter:
  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Monday June 03, 2019 @01:15PM (#58701890)
    Comment removed based on user account deletion
    • Love this feature. I'm sure there are plenty of teeth gnashing over at FB right now.

      Can you tell us how going to Facebook without telling them who you are would work? All you're going to see is the sign-in page. So let's say that somehow Facebook puts a "log in with Apple" button on Facebook. How are you going to connect with friends or people of interest if Facebook doesn't know who you are?

      • Re:Fuck you, Zuck! (Score:5, Informative)

        by Yaztromo ( 655250 ) on Monday June 03, 2019 @02:26PM (#58702536) Homepage Journal

        That's not the point. This directly competes with Facebook's Single-Sign on Service they provide to other websites, while preserving privacy.

        If this takes off in a big way, it's going to remove a huge source of data collection from Facebook. That would be the reason for Facebook gnashing their teeth -- they rely on the data collection they get through their Single Sign-on service to know everywhere you've logged in and what's you've done on websites that use it.

        Yaz

        • If this takes off in a big way, it's going to remove a huge source of data collection from Facebook. That would be the reason for Facebook gnashing their teeth -- they rely on the data collection they get through their Single Sign-on service to know everywhere you've logged in and what's you've done on websites that use it.

          Thank you. That makes sense. From this "Apple Sign-in" service, Facebook doesn't lose data collection from people's behavior on Facebook, but instead loses data collection from everywhe

        • This directly competes with Facebook's Single-Sign on Service they provide to other websites, while preserving privacy.
          If this takes off in a big way, it's going to remove a huge source of data collection from Facebook.

          Though, they'll still have the data collection comming from the scriplets powering all this "Share on FB !" buttons that they've convinced the world to plaster all around the web.

          (Note: That scriplet can gather data even before you click on it to actually share, just at the moment the scriplet starts it can already gather lots of shit
          There are extensions [eff.org] to block this kind of problems).

          Also, you're probably going to see suddenly "Sign in with Instagram !" and/or "Sign in with WhatsApp !" ( <- this last o

  • Lock-in (Score:4, Insightful)

    by brunes69 ( 86786 ) <slashdot@nOSpam.keirstead.org> on Monday June 03, 2019 @01:23PM (#58701962)

    Awesome - so now if I use "Sign In With Apple", in order to continue ever receiving emails from that entity again, I need to stay with Apple forever.

    Oh also let's totally ignore the fact that I can't reply to any of these emails without releasing my original address. "Oh but iCloud will auto-relay" - so you're saying now I also have to use iCloud email to use this service? Perfect!

    And for those of you who think "well that's how sign-in with Google works as well" - no it does not.

    • Re: (Score:3, Informative)

      Comment removed based on user account deletion
      • Re:Lock-in (Score:5, Insightful)

        by AmiMoJo ( 196126 ) on Monday June 03, 2019 @03:17PM (#58702908) Homepage Journal

        Yes, but when Google did it Slashdot told me it was evil and part of their plan for world domination, so we have to hold Apple to the same standard.

        On the face of it the problem is the same. Apple gets to know all the services you sign in to, and when you sign in to them. Although they don't, the assumption was that Google was selling that information, so we have to make the same assumption about Apple.

        • by MobyDisk ( 75490 )

          Why does Google sell your personal information? Because they can't offer the service for free.
          Why does Facebook sell your personal information? Because they can't offer the service for free.
          So how will Apple provide this "free" service?
          (I read the RTFA, but I'm unsure if this is available only to Apple iCloud users or something like that).

        • by Tom ( 822 )

          Although they don't, the assumption was that Google was selling that information, so we have to make the same assumption about Apple.

          Why?

          For Google the assumption is obvious, as selling your data is literally their business model.

          But Apple sells stuff to you (music, movies, iPhones, etc.) - you are the customer, not the product. Their only ad-related business is iAd. That's what makes a big difference. They are the one company that actually might mean it when they use the word "privacy" and they know it. It would be stupid to blow that advantage for a few $.

          • by AmiMoJo ( 196126 )

            For Google the assumption is obvious, as selling your data is literally their business model.

            Their business model is selling their most valuable asset from which they derive much of the value in all the B2B services they offer? That makes about as much sense as Coca Cola's business model being to sell the recipe for Coke.

        • I don't assume that Google is selling my info, I assume that before I even click 'submit' on Google's sign-in service, they've got ads for related products in the queue to pitch to me.

          I'm 100% confident that Google wants my data for themselves, I just don't trust them to act on my data in a way that puts me first.

          I'm also 100% confident that Apple wants me to spend money on their devices but couldn't care less about me after that, so they won't be blasting ads at me when I use their SSO.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Are you actually complaining about a feature that helps you protect your privacy? You must be fun at parties (I'm clearly kidding because you seem like someone who wants to complain about things with no logic behind them, which, as a result, I felt the need to explain for you).

      you can choose to hide your email address

      Yes, it clearly ties you to their service if you want to remain anonymous. Yet, if you choose to have a non-anonymous relationship with said service, then you are free to provide them your real

    • Re: (Score:3, Insightful)

      Umm... sure, it's lock in to apple. And? You mean your 10+ year of app/music/movie/etc. purchases haven't locked you into Android or Apple already?

    • by Kohath ( 38547 )

      If you wanted to email them, why did you use the obfuscation feature to begin with?

      The purpose is to limit the way they interact with you. Your complaint is that it limits the interaction.

      I can imagine you watching TV. Mustard commercial comes on. You complain that mustard is good, which is bad because it locks you into buying the brand of mustard you want. Also, you don't like it on your breakfast cereal. Mustard vendors and mustard customers sure are dumb. Now I must post this mustard wisdom on Slas

    • by necro81 ( 917438 )
      Damn, dude. Switch to decaf. That's a lot of rage to be throwing down at this time of day.
    • by mysidia ( 191772 )

      in order to continue ever receiving emails from that entity again, I need to stay with Apple forever.

      Not necessarily. In most cases you could login to the third party account, then register your REAL e-mail address,
      and/or then set a password for normal login or link additional login services to that account.

      Also... i'm not sure what "staying with Apple forever" means; because you don't necessarily have to buy anything from Apple to have an account with them --- just like you don't buy anything fro

  • So, their big bid to protect my privacy is to... Obscure my email address? I'm not sure all the alternatives would expose my email in the first place (I could be wrong), but it seems like it would be trivial to use a one-time or throwaway email to sign up for (for example) FB and totally negate whatever privacy violations come from that... But my guess is that the Apple method will do nothing to protect information apart from my email address, which is not my concern in the first place. Maybe I'm a dumbass
    • by gnasher719 ( 869701 ) on Monday June 03, 2019 @01:40PM (#58702104)

      Maybe I'm a dumbass and someone can clarify what the real benefit here is.

      Of a billion iPhone users, 990 million wouldn't know how to set up a throw away email address. (Just to avoid misunderstanding: 990 million out of a billion Android users wouldn't either). It's the same as with Time Machine: Everyone should be able to set up regular backups for their computer. The difference with Time Machine is that people actually do.

    • by Yaztromo ( 655250 ) on Monday June 03, 2019 @02:41PM (#58702622) Homepage Journal

      Maybe I'm a dumbass and someone can clarify what the real benefit here is.

      "Dumbass" may be pushing it a bit, but you're absolutely missing the big picture.

      Here is how OAuth type systems from entities like Facebook and Google currently work:

      1. 1. You login to abc.com, lmnop.com, and xyz.com using your Facebook (or Google) account information (in Google's case, your e-mail address).
      2. 2. All three websites now have your Facebook ID (or Gmail address). They can track what you've done on their website, and potentially co-operate and buy/sell/share/accidentally leak that data, correlate it with your account ID/e-mail address, and know about what you've done on each others websites.
      3. 3. Facebook (or Google) also gets a record of these logins (and possibly what you've read, watched, written, etc.) from all of the sites you've visited using their single-sign on systems, and can mine or sell that data however they want, without your permission.

      Contrast this with the new Apple system:

      • 1. You login to abc.com, lmnop.com, and xyz.com using the new Apple Sign-on.
      • 2. Each of these websites gets a unique, completely different account ID from Apple. If they share/sell/leak your data, there is no way to correlate it together. In effect, you appear to be three completely different people in this example.
      • 3. Apple doesn't mine or sell your data, as it's against their Privacy Policy (you are obviously free to distrust that, but it does contrast against Facebook and Google which pretty openly mine and sell your data).
      • That's the big difference. And while it may not seem like a lot when you think of an example with three websites, if you're widely using your Facebook or Google accounts for sign-on to video sites and online games and new sites and anywhere else you may want or need to login, that can be a huge treasure trove of data as to what you do online that can be correlated between sites, and that can be used by the auth provider however they want. Apple's new system busts this apart -- the people you login with get a completely unique ID instead, but can't readily setup databases to mine your data outside their own service.

        Make sense now?

        Yaz

      • Re: (Score:2, Insightful)

        by swillden ( 191260 )

        you are obviously free to distrust that, but it does contrast against Facebook and Google which pretty openly mine and sell your data

        One clarification: Google does not sell your data.

        • One clarification: Google does not sell your data.

          They do indirectly, by using your data for targeted advertising. The advertisers may not get the data directly, but they do benefit from it financially.

          Yaz

    • Maybe I'm a dumbass and someone can clarify what the real benefit here is.

      Yes, you are a dumbass.

      Signed, Red Forman [wikipedia.org].

  • Sounds nice for appleheads, but I don't trust Apple with that information either and with this feature they get ALL of it, including what gets sent to you from 3rd parties because of it...

    I'm pretty sure this falls under the heading of "May you live in interesting times"
  • I never log in with any of the buttons they have for any of the other "accounts", so it's good they're enabling this.

  • I like this concept of having each entity receiving a unique, non-shared user ID. The social app WeChat from Tencent already does exactly this, and it is so much nicer for the user, knowing that there will be no "behind your back" sharing of user data for marketing purposes.

    Info: https://mp.weixin.qq.com/wiki?... [qq.com]

  • So, Apple is not going to personally identifiable data that tracks every site that you log into using their service.... Right....
  • The point of signing in with these services is so that they can track you across the internet and use that data. Why would a site want to give you the option to not give them that information?
    • by sosume ( 680416 )

      Exactly, no site in their right mind will adopt this. Why would they? I wouldn't be surprised if Apple will start charging both the site and the end user per login.

    • They'll still track you.
      If you assign a token for an email confirmation with a token you set as a cookie hosted on a common ad network, or a browwser fingerprint, when the user signs in to a different website the cookie token will be the same and the confirmation token that gets clicked can link the two unique email addresses to the same machine.

      As soon as someone has access to a browser unique id, like a Facebook or Google tracking ID and the link between those confirmation tokens and the email addresses t

  • Specifically listing all email addresses for the last 5 years.

    I mean that's a vector data point they're trying to collect but Apple will essentially be generating per app email addresses that can't be linked across datasets.
  • Wow, only 20 years after single-sign-on got popular.
  • How the hell can it be private if you SIGN IN???
  • by ledow ( 319597 )

    So, like "Sign in with Steam"...

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...