Limiting/customising user data collection

(David R Brake) #1

When I went to register for this site and tried out Twitter or Google, both notified me that you are collecting data that you do not need to in order to run the service like, say, my location. Is this because both services have minimum levels of data they pass on or because you wanted it for some reason? Is this something that hosts of discourse will be able to customise depending on what they ask Google etc to pass on? If people do direct registration with the host I take it the host will be able to customise the data that they ask the users for before they can join?

(Sam Saffron) #2

no, we only want emails for auth, this is either a bug or a minimum level thing, would have to review.

Can you include some screenshots of the problem screens?

(David R Brake) #3

I would but as a “new user” I can’t!

(Sam Saffron) #4

I bumped you up, but really all you needed was 15 minutes more reading meta :slight_smile: surely we have some interesting gems here

(David R Brake) #5

Well the error message didn’t tell me how to become an “old user"– that’s also something that you could usefully change!

If these social media login features essentially demand that you gather more data than you actually want perhaps you could indicate somewhere that all you will actually be pulling in and keeping is username and e-mail information. Had I known that I would have happily used my twitter ID to login.

(Sam Saffron) #6

Twitter really is not a problem, if you have any twitter handle you can see that info. It is public.

Google seems a bit odd, we are not asking for this information I wonder if there is a way to tweak openid so it asks for less (or perhaps its the same twitter thing and you have that info public). We need to research the google thing.

Recategorizing to bug while we debug it.

(David R Brake) #7

Even if I wanted to use a private Twitter account where only people I have allowed to follow me are allowed to read my tweets, I would get the same message (I just checked). Also, although it may not have been clear, I included a Facebook screenshot as well which told me that it would get my friend list. Again, maybe this is public information but it might scare some people.

(Jeff Atwood) #8

I don’t really see the point of this topic. Copying the actual text from your screenshot of Google auth:

  • view your name, public profile URL, and photo
  • view your gender
  • view your country, language, and timezone

Those are probably the standard minimum “package” of read only public attributes available from Google.

As Sam noted everything listed on your Twitter screenshot is already public. Very, very few people have private Twitter timelines, and as an avid user of Twitter since 2007 with 120k followers, I can say with confidence they are doing it wrong – using the platform in a way it was never intended.

(I have not seen your Facebook screenshot above, it does not look present. I personally solve that problem by never, ever having a Facebook account for the entirety of my life – Facebook simply cannot be trusted as an organization, at all, ever. They are fundamentally evil. If you trust Facebook with anything private, you are going to be a very unhappy person, sooner or later.)

If you really don’t want that very, very basic stuff exposed for basic “internet driver’s license” login credentials, **why not just log in with traditional username and password? ** Why would you bother even having an account on those sites, much less using it as minimum viable login other places on the web?

I’m sorry, but I don’t see any ‘bug’ here, and I honestly don’t see the point of this topic.

I guess that is the only actionable thing here?

(Luke S) #9

I did a little poking around in my own acct. and experimented on try. Discourse asks for three different packages from google.

  • Google Sign-in code. A really long random code unique to my google account. No identifying information. This is the bare minimum for using google as an authentication provider. This isn’t listed when google asks if I’m sure I want a site to access my acct, but it is seen when I look in my own security settings in my acct.
  • Access to see email address. Presumably, used to pre-fill the contact info field.
  • Public profile. This comprises all of the data that @drbrake noticed, and it does appear to be one chunk. As has been already discussed, the only part of this that discourse seems to use is the name, again to pre-fill the long name, and this only when creating a new acct. (I choose not to keep that information here on meta, instead using a shorter form. Discourse never complains.)

So the question is, is the convenience of auto-filling forms worth the freak-out factor? The only current options that users have is to accept the whole package, or to reject everything. There seems to be no “I’ll fill in my own profile, thank-you.” option.

For comparison, SE sites only ask for the sign-in code, and email.

SourceForge, back when they did openId, only used the sign-in code.

Somewhat related: Discourse Meta

(Jeff Atwood) #10

There is, it’s right here:

The main issue is that as you pointed, out, you can’t cherry pick which profile info you want, like “full name”, you get the full package of public user info:

  • view your name, public profile URL, and photo
  • view your gender
  • view your country, language, and timezone

… which IMO is not that onerous, and if it is… hey, see above image :smile: That’s why I never, ever will have a Facebook account.

That said I don’t object to putting “we will only use name and email” somewhere in the UI, just don’t really see room for it without adding clutter at the moment.