alt Hacker NewsWhat I don't understand is why OAuth is rarely talked about in a privacy context, however your OAuth provider knows all the sites you log into and when.
It's a privacy nightmare.
Replies
userbinator • today at 6:13 AM
Centralised identity is basically the government... and having some other entity behave the same way is not good.
spaghettifythis • today at 5:10 AM
Though given most people use gmail or outlook, the two main oauth providers (Google and Microsoft) will know anyway
➕ show 1 reply
Your OAuth provider can also vouch for anyone who pretends to be you, if they so desire. They can give access to anyone, including themselves.