Hi Stephen,
Stephen J. Turnbull:
Jonas Meurer writes:
But still, adding so-called "social" authenticators to the mailman3 django application will expose users to the risk of clicking on those ID provider buttons.
I can see this point for Debian users. I suspect Ubuntu users are somewhat less paranoid. :-)
Don't know ;) I don't think that Debian users are particularly paranoid. But I consider it a great value of Debian that privacy is considered as something important.
Since that risk holds even for sites that enable explicitly (assuming we adopt the same policy) I will take a look at making that risk hard to realize (more distance from anything else clickable, smaller buttons with visible and accurate boundaries.
Mh, I didn't mean that people click on the buttons by accident. But that they will do so, because it is so convenient (which it is, admittedly). But in my eyes, software developers, package maintainers and system administrators all should do their best to protect their users from privacy and/or security threats.
Probably we have a different opinion on whether providing usage of authentication providers which earn their money by collecting users' data exposes users to privacy threats.
Personally, I consider it a major privacy issue if one central instance (e.g. Facebook) is able to track on which platforms and services you authenticate.
Sure, but that ship has pretty well sailed AFAICT. Most users use unconfigured versions of IE (or Edge) and Safari, which means they're subject to all manner of webbugs. My employer just asked me to stop using Firefox because it's too pedantic for their website development vendors. :-( GDPR enforcement seems to primarily be an arm of the EU trade offensive against large American services (that's the Economist's recent opinion, not mine), while Europe-based globals are undoubtedly doing the same crap.
I have a different opinion on this. You're correct that most users know next to nothing about protecting themselves against all kinds of threats on the internet. But to me this shows even more, that we as those who build the tools have a responsibility to protect our users against shooting themselves in their foot.
And I don't agree that any ship has sailed here. If you look at the mainstream development, then you're probably right. But this should not serve as the only rule, no? It's well known that the big corporates make their money with users data. That's how they survive in capitalism. But that doesn't mean that we as independent and free software developers have to agree on the dangerous interfaces and standards those corporates develop (for their business!).
Don't get me wrong: I like it that Mailman3 actually supports this wide range of authentication providers. There's probably good use cases for it. And if your users like it and you consider it a win for them, then by all means go on with providing the feature. But it's a different question what a good default and the criteria for choosing it are.
And to be honstes, I'm a bit irritated that those tracking features from big corporates like Facebook and Google, whose main business model is to aggregate as as much private data points as possible about as much users as possible are enabled by default in Mailman3 upstream.
Your irritation is not our problem, though, since you can use Debian's version, and as I mentioned earlier, as far as I know most of our sites are happy to have social auth. I will be paying attention to the list to see what others think.
My irritation was mainly about what I wrote above: that the privacy concerns against authentication providers from big corporates seem to be of low priority when deciding about defaults in Mailman3 upstream.
I agree with Torge that those social auth providers should be disabled per default. IMHO, A sane default would be to list them in the settings.py but have them commented out.
"Those" social auth providers? Are there social auth providers who provide what you consider acceptable privacy guarantees (a la Duck-Duck-Go in search engines)? If so, we could make those higher in the list/easier to use.
To be honest, I've never evaluated the privacy implications of OpenID. From a first glance, it looks *way* better.
But for sure, Github, Google, Facebook, Stackexchange and Twitter all rely on collecting users data for their business model. So it's probably not a good idea to share with them the information which platforms and services you authenticate against, *if* you care about privacy.
Anyway, all that's just *my* opinion. But it's good to have this discussion :)
Cheers, jonas