Weekly Musings 196

Welcome to this edition of Weekly Musings, where each Wednesday I share some thoughts about what’s caught my interest in the last seven days.

The tech world moves quickly, doesn’t it? And sometimes in ways which surprise, even if those surprises have been announced or just telegraphed. It was a change like that which sparked the idea for this edition of the letter.

With that out of the way, let’s get to this week’s musing.

On Social Logins

February 9, 2023 is a day that, while it won’t go down as day in technology infamy, is one that will definitely be remembered. 09/02/2023 will be remembered as the day when faith in Big Tech and its intentions was again dented. Badly.

On that date, Twitter — as the company and its CEO threatened to do in the preceding weeks — flipped a switch and cut off free access to its APIs. (APIs, in case you’re wondering, are a way in which one system can connect to another and use some of the other system’s features.)

That might not seem like a big deal to the average person on the street, but it is. At least, it can be. Access to those APIs means that many third-party apps that connect to Twitter were at the point of becoming useless. Unless, of course, their creators stumped up some money. Money not all of them could shovel Musk and Co’s way.

Worse hit, though, were developers of web apps that rely on something called a social login, which enabled users to quickly log into their apps and services using their Twitter accounts

Now that free access to Twitter’s APIs is gone, more than few of those developers are or have been frantically scrambling to either remove Twitter-based logins or to adopt other login schemes. The latter is especially true for the handful of folks whose apps and services used a Twitter-based login and nothing else.

It was a situation that they could have avoided.

We can’t trust Big Tech. That much has become obvious in the last five or seven years or so. You’d think that lack of trust should be a given, and that the developers who implement social logins should share that mistrust.

But even if they did know not to trust Big Tech, those developers put their lot in with (and, subsequently, rolled the dice with) those companies. In this instance, more than a few developers are paying for that. There’s no indication what Twitter did won’t happen again with another large technology company. And that it won’t happen again. And again. I’m not predicting that outcome to occur any time soon, but the potential is there.

But let’s talk about social logins for a moment.

As mentioned a few paragraphs back, a social login enables you to take advantage of the credentials from a service or app that you already use as way to open doors to many other services or apps. Social logins, as you’ve probably guessed by now, use APIs so that one system can validate your identity with another.

Let’s say you have a Dropbox account. You can log in with an email address and password. Or you can log in with, say, your Google account or Apple ID.

A few people I know attribute developers falling back on social logins to laziness among those developers. I disagree. Implementing social logins isn’t a sign of sloth. It’s wrapped up in convenience for developers and for users

Developers can use a social login to quickly set up way to protect an account without having to maintain the infrastructure for tracking and securely storing a user’s credentials. And they don’t need to deal with the various migraines that arise when that infrastructure is breached and a user’s information is compromised

Users can take advantage of an existing login and not need to worry about remembering yet another set of user names and passwords. And before you say it, remember that users of password management tools are in the minority online.

While convenient and easy to use, social logins have the potential to become privacy and personal security nightmares. We don’t know what information being passed to service providing the social login — that might be only a user name and password, or it might be more. We definitely don’t know how that data is being used or by whom. We don’t know if our data is being sold, which adds to the issues with privacy.

And if someone cracks an account with a social login provider — say, Facebook or Amazon — the perp can get list of the other accounts using that social login. Which, in turn, gives them the power to sow more than a bit of digital chaos in, and against, your name.

And it gets worse, if you can believe it. With social logins, Big Tech becomes an even stronger mediator in our online lives. It becomes an even stronger gatekeeper to what we do, and can do, online. If we’re not part of their ecosystem, we can’t play. Or, at least, not circulating in their worlds makes it that much more difficult for us to play.

It’s easy enough to create a bogus account with, say, Twitter or Google, but why should anyone need to? Why should anyone even have to go to even that much trouble? Why should Big Tech have that much influence over what we do, or can do, online? Because a developer was looking for a shortcut? Because we, as users, didn’t want to deal with that extra user name and password combo? Because, maybe, we just don’t care about our privacy online while getting access to everything that we want to get access to?

None of that is a good, or even half-decent, reason to give large technology firms even that much additional control over what we can and can’t do online.

When I come across a site or service using social logins, I avoid using those logins — mainly because I don’t have an account with any of the providers that are presented to me. I’m happy, to be honest, to add another user name/password combination to my pile.

And if a social login is the only way to use or access it, then that app or service is a no go for me. Again, because I don’t have an account with any of the providers and have no compelling incentive to create one. I might be a single, weird outlier but I very much doubt it.

Social logins can be useful, but for me there’s too much of a trade off between convenience and privacy. Big Tech wants us to choose convenience, to choose handing over control (no matter how little) to it. But why should we oblige them?

Something to ponder.

Scott Nesbitt