In most cases, Brave already protects a user’s privacy when they interact with Google Sign-In. “Google Sign-In” in Brave, past and present
SSO systems necessarily involve the SSO-provider learning at least something 2 about a user’s actions on another site, and many systems allow the SSO-provider to learn a great deal of sensitive and private information. More relevant to this post, SSO systems can also harm user privacy, depending on how they are built and implemented. For example, the centralized nature of SSO systems means that any flaws can have repercussions across the Web 1. However, SSO systems can also be harmful to users. Examples of Google’s security bona fides include two factor authentication (2FA), advanced account protection features, and a security team that is among the best in the field. Instead of users needing to trust dozens or hundreds of websites with usernames and passwords (sites that may have wide-ranging security practices), users can instead benefit from Google’s top-notch security features, even on sites not belonging to Google. Second, and more importantly, SSO systems in general (and “Sign in with Google” in particular) can improve user security. First, SSO systems are very convenient for users, and remove the need to go through often-tedious account creation processes on different sites. SSO systems can be helpful in several ways. This feature, sometimes called single-sign on (SSO), has both security benefits and privacy risks. Google, like many popular account-based sites, allows people to use their Google account to log in to other sites. This feature will be available on desktop and Android, and is another way Brave is retrofitting best-in-class privacy protections to Web APIs that were designed without concern for user privacy. This new feature will replace Brave’s existing option of a global “allow” or “deny” setting for handling legacy Google Sign-Ins. Starting in version 1.51, Brave will increase user privacy by extending the brower’s permission system to cover legacy Google Sign-In (which needs third-party cookies, or other unsatisfactory techniques, to allow users to log in to sites with their Google account). This post was written by VP of Privacy Engineering Peter Snyder.
This post describes work done by Research and Privacy Engineer Shivan Kaul Sahib. This is the 24th post in an ongoing, regular series describing privacy features in Brave browsers.
0 kommentar(er)
