Many Facebook users worry about the security issues that affect this platform. One of the main concerns is if they should log in to apps and online services using Facebook. The same goes for other social media networks such as Twitter, LinkedIn and Google +. Registering on a website using your social media accounts can e very practical and will save you a lot of time since you won’t need to fill all the details in the registration form. A large number of users prefer to sign up to a new service using through their Social Media profiles, (particularly Facebook) since it makes things simple. However, it is worth considering which option is the best in terms of privacy and which allows you to manage apps and permissions more effectively.
OpenID and OAuth
Let’s start by talking about how the social login system works. When you use your social media accounts to access a third-party service, the same open source protocols are used: OpenID, OAuth or a combination of both, in some cases. OpenID serves for authentication purposes and OAuth is designed for authorization. It can be difficult to establish a difference between them but in general, authentication means that a website confirms your identity to another website. With OpenID, it is possible to log in and create accounts on third-party websites. With OpenID, it is possible to get around regular registration and you can confirm your identity using login details from a website that you have previously registered on such as Facebook.
OAuth goes beyond authentication and it offers third-party websites and apps permission to get access to data on a different website or social network. When you sign up for a messaging app, you may be asked to grant permission to gather your Facebook friends so that you can have more contacts. Usually, this authorization is done via OAuth. Since OAtuth generally needs authentication before authorization, it is normally used in combination with OpenID. OpenID confirms your identity to another website and OAuth gathers the information that the new website requires. Facebook, Twitter, LinkedIn and Google + use some OpenID and OAuth together, which means that their main protocol is similar. Privacy is then defined by the third-party apps and websites that can be accessed, who can see the information and how much control you have over those websites and apps.
How can you control the apps
All the main four social media platforms that we are looking at, give you the possibility of reviewing and revoking the apps that are connected to your accounts. Here are the ways in which you can control the apps on each social media network.
Click the profile image on the top right and then go to Settings. Scroll down to the apps tab and there you will be able to revoke access to authenticated apps. You will also see permissions and the data authorized. Twitter also provides a description of the app, in case you don’t remember what it is meant to do.
Click on the photo in the top right corner and press “Manage” next to “Privacy and Settings”. Then click on the “Groups, Companies and Applications” tab. You will see a link that says “View your applications”. In LinkedIn, it is not possible to edit app permissions, you can only remove the apps. In addition, it is not possible to see what information can be accessed by the apps. Once you select the apps that you don’t want to use anymore, you can press the Remove button.
Go to Settings and then locate the link that says “switch to classic Google +”. You need to do this because in the latest version, it is not possible to see app permissions. Then scroll down to “manage apps & activity” and then click the “Manage apps and +1’s on posts” link. You will be able to see a list of apps logged in with Google +. You may see some that say that they are disconnected, meaning that they have been deleted by you, or that the app doesn’t exist anymore. Press Edit to see visibility and to disconnect apps. To change permissions, you will need to disconnect the app and then connect it again through the app itself.
What information are you giving away?
Let’s take a look at the data that is being accessed when you use social media accounts to log in to other services and websites. In the case of Facebook, when an app uses this social media network for authorization, there can be up to 40 different permissions requested including friends’ lists and access to your photos. The app’s developer decides which permissions are needed for an app. Facebook has to review over 30 of the permissions required before the app is publicly available. This gives Facebook the possibility of monitoring the apps to make sure that they are not misusing the data.
Twitter gives apps the ability to read your tweets, see your followers and even access direct messages. Since Twitter is a public network that allows anyone to find you and see what you post (unless you have chosen to make your tweets only available to your followers), app developers can get access to a wider selection of data than in other social media platforms. However, if an app has more than one million users, Twitter applies stricter control over the way in which the data is managed.
Compared to Facebook, Google + has a short list of permissions, but they include age range, public profile and the possibility of reading and writing to the user’s public feed. The latter is probably the most concerning since it means that apps may be posting on your feed without your knowledge. In addition to the standard permissions, developers have the chance to request additional permissions like Gmail contacts and email addresses. Google has also added more options to allow users to select the permissions that are granted to a new app.
In the case of LinkedIn, app developers using authorized logins can access location, positions and basic profiles. However, other information such as education, contact details and the full profile, can only be accessed if the developers has been approved by the LinkedIn program. This is a measure that should prevent the data being mishandled. Overall, LinkedIn is the most privacy-focused network in terms of the information that app developers can access. Facebook is the second most privacy-minded option, followed by Twitter, while Google + is the worst in this area since it provides access to a lot of data.
Is it better to register with an email and password?
If you prefer not to use your social media profiles to register on another website or create an account with a third-party app, you can use your email address and create a password. However, this won’t provide stronger protection for your privacy. Although doing this prevents apps from accessing your social media profile, if you provide your email address, you may be targeted with spam and phishing. It is also worth considering how safe the company you are registering with is and if your social network is more reliable. In general, social networks offer stronger security, although they are more likely to be attacked. Still, using your social media profiles to log in to a third party service is a practical solution.
Facebook gives users more flexibility to customize permissions and privacy. It also applies more controls over apps that require a large number of permissions. This can help to prevent data abuse. However, Facebook is known for changing its privacy policies regularly and in many cases, the changes are not good for users, which is why it is important to always keep an eye on their updates. Twitter doesn’t offer many options to adjust apps permissions, but due to the way in which the website works, a lot of information is publicly available anyway. Twitter doesn’t require as much personal data from you as other apps and it can be used without having to reveal your identity. This makes it a good option when it comes to social logins.
While LinkedIn aims the option with the stronger focus on privacy, at least when it comes to what app developers can access. However, users don’t get to control permissions easily and there is no visibility of what data can be accessed by apps. It is only possible to remove apps since the option to edit permissions is not supported. Google + doesn’t offer the possibility of editing app permissions easily. In addition, there doesn’t seem to be a lot of control over the way in which app developers handle the data accessed.
In the end, the decision of whether or not you want to register using an email address and password, or using social logins, depends on your preferences. If you find social logins more convenient and prefer not to provide your password, it is important that you keep in mind how the four main social media platforms manage your data and the permissions granted to the apps you use.