this post was submitted on 28 Nov 2024
65 points (98.5% liked)

Privacy

32173 readers
353 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

If I created a Udemy account with my Gmail, then what's the difference between signing in with email and signing in with Google? Thanks in advance.

top 15 comments
sorted by: hot top controversial new old
[–] [email protected] 61 points 3 weeks ago

In addition to allowing Google to manage the authentication process, signing in with Google allows Google to track your visits. In some cases they get additional data about content you view.

In many cases the mere presence of that button allows Google to track that your device visited the Udemy sign in/sign up page, even if you don’t click it. Google uses this to create and update a profile of you they sell for advertising and other purposes, and exposes you to more risk if your Google account is breached. With a password manager I find using SSO to be about the same level of effort as using my manager’s autofill functionality

[–] [email protected] 28 points 3 weeks ago (2 children)

One thing not mentioned is that if you ever want to "de-Google", you will have to go to all websites and services where you logged in using your Google account, and (try and) change the authentication method. Avoid it if possible.

[–] [email protected] 22 points 3 weeks ago

Adding on to this comment, it is very often not possible to change your auth method.

If you use email to register, you can almost always change to a different email (same method) but you can't change between methods, like from Google auth to Apple auth, or even to a different google auth.

You'd need to create a new account, and therefore lose all the data on your old account.

Always choosing email gives you the most control and most privacy, I'd strongly recommend it.

[–] [email protected] 1 points 2 weeks ago

I had to literally recreate my Spotify account when I deleted Facebook, since there is just no way to login without it if you delete Facebook.

[–] [email protected] 16 points 3 weeks ago* (last edited 3 weeks ago)

A couple of things come into my mind. Note that this isn't exhaustive.

  • Google will obviously know you signed up for that service. Additionally, they will know when you log into your account.
  • Google may provide personal information that are listed in the signup screen, such as your name, birthday, etc. You will be notified of what will be provided (highly doubt Google would blantly lie about this part), and it's up to you to decide whether you want to provide them or not. The site itself may ask for more than necessary.
[–] [email protected] 14 points 2 weeks ago

In addition to the downsides mentioned here about privacy regarding Google, there is a major upside to using this service: it offloads all of the authentication logic to google, so in theory it reduces your risk surface area, or it may be more accurate to say it concentrates your risk to your Google account.

You'd like to hope most websites use using common security best practices and keep on top of things but the amount of websites I had accounts on (on websites I had long forgotten) which have been pwned over the years tells me otherwise. Using google auth sets your account security to be exactly as secure as your Google account.

[–] habitualTartare 11 points 3 weeks ago

It's a protocol called OAuth that pretty much lets google or whatever "sign in with XYZ" company take over the login process then share a unique identifier+ all information requested by the app on that "allow 3rd party to access the following" page. It's essentially letting Google manage the user/password authentication instead of udemy.

[–] [email protected] 9 points 3 weeks ago (1 children)

Google is more secure. Through email is more private. Theoretically.

Google claims they don’t monitor the sign in with Google for their data collection. So signing in with Google means you authenticate with Google and then Google tells udemy you are who you are. Don’t cite me but I’m pretty sure Google’s authentication security is one of the best compared to almost all sites. And that’s before you sign up for their more advanced account protection. Since this is the privacy sub you should be aware that if Google is lying, then they’ll know every time you sign into Udemy.

A middle ground is that Google knows every time your browser needs an authentication token for Udemy, so worse case they know your an active Udemy user when you get a new token every 30 days.

E-mails is a one and done deal. Google knows you created a Udemy account. Google does not know how active you are as user (again they claim the sign in data is only for security and not used for advertising). Which is probably a moot point, their AI can read the Udemy “wow you beat your record this week” email vs the Udemy “we haven’t seen you in a week” email.

Also wtf, get a proton mail account (yes I’m a shill for them).

[–] [email protected] 1 points 3 weeks ago

Also wtf, get a proton mail account (yes I’m a shill for them).

A shill? Why?

[–] hperrin 8 points 3 weeks ago

I signed up for a bunch of things with my Facebook account, then I lost my Facebook account. I also lost most of those accounts.

[–] [email protected] 7 points 2 weeks ago

Telling Google where you are.

[–] [email protected] 6 points 3 weeks ago

I am not sure what Udemy is or how it works, but on most websites that have a "sign in with Google" link, it means that you don't actually have a separate password for that website, instead you authenticate yourself by having a cookie for your Google account set in your browser.

[–] [email protected] 5 points 2 weeks ago

Companies like google, facebook, and apple typically have better security. Other companies know that so rather than contracting with another third party or implementing themselves, they use oauth.

With oauth, apple, google, microsoft etc. will vouch for you. There are advantages and drawbacks, with, imo, the drawbacks outweighing the benefits. Key benefit being better security over poor practices and convenience. Drawbacks being less control of your accounts, consolidating your credentials into one basket, (especially if you use weak authorization), and the potential (likely) situation those accounts are monitored

[–] [email protected] 5 points 2 weeks ago

Udemy with email: Udemy gets your email, and will probably require a verification process to verify that you own it:

Udemy with Google Sign in: You click through in your browser, to authorize Udemy to obtain some details (usually just email + basic profile details), Udmey gets a "token" (effectively a random string) which they can send to google to retrieve these other details, and verify you still have an account and you (or google) haven't revoked access, which they can use now and in the future. They don't need to verify your email as they have a token that is "proof" already. To you it's a click through, to everyone else it's a bit more complex. If Udemy has a data leak, if they didn't store your email directly, it's possible that the token could be reset before someone is able to obtain it. But it's unlikely they aren't obtaining the email address as soon as you log in and storing it.

[–] JeremyHuntQW12 1 points 2 weeks ago

If you get your YT account banned, and that happens all the time becasue the bots are going nuts, you will lose gmail as well.