Jonas Meurer writes:
But in my eyes, software developers, package maintainers and system administrators all should do their best to protect their users from privacy and/or security threats.
Me too. Passwords are a well-known vulnerability, providing a large attack surface. I'd rather not burden Mailman providers with protecting their users' credentials, other things being equal. They're not, so we have to decide (individually and as a project) which vulnerabilities are more frightening, and how much configurability to provide, and how.
Probably we have a different opinion on whether providing usage of authentication providers which earn their money by collecting users' data exposes users to privacy threats.
We do not. We differ on the importance of those vulnerabilities to the users.
I have a different opinion on this. You're correct that most users know next to nothing about protecting themselves against all kinds of threats on the internet. But to me this shows even more, that we as those who build the tools have a responsibility to protect our users against shooting themselves in their foot.
See my reply to Worik on this.
But that doesn't mean that we as independent and free software developers have to agree on the dangerous interfaces and standards those corporates develop (for their business!).
Sure. This is a valuable service which for most users reveals very little information: the domain and IP that the user wants to authenticate to. If I were the type to visit porn or RWNJ sites, I wouldn't use GMail as my auth provider, and I'd probably use Tor as my ISP. I have no problem with using Gmail as my auth provider to Google Summer of Code (!) and Github.
Why do you think it's a problem to allow users to make the choice? As I mentioned to Worik, I wouldn't mind allowing customization of the interface, with a warning displayed about social auth. I do not see any argument for preventing them from making the choice.
My irritation was mainly about what I wrote above: that the privacy concerns against authentication providers from big corporates seem to be of low priority when deciding about defaults in Mailman3 upstream.
Then you misunderstand. We explicitly made the decision to emphasize social auth *in part* because *as authentication* is far more secure than (1) passwords and (2) most mom and pop sites. I'll grant that the "coolness" and user demand factors matter, too. And the privacy implications generally seem minor with a few exceptions (see the mentions of "DV" in my message to Worik).
To be honest, I've never evaluated the privacy implications of OpenID. From a first glance, it looks *way* better.
AFAICS (first glance in several years), OpenID is no better: the on- the-wire information is provided in basically the same way, and it looks like the content is arbitrary. The FAPI (financial information) and HEART (health information) protocols look especially tasty to big data users/privacy invaders The question is what do the providers provide (account identifier, real name, address, gender orientation, where you buy your illegal drugs ...) and what the client asks for (Mailman asks if user credentials are valid).
But for sure, Github, Google, Facebook, Stackexchange and Twitter all rely on collecting users data for their business model. So it's probably not a good idea to share with them the information which platforms and services you authenticate against, *if* you care about privacy.
I'm far more worried about the video cameras that are everywhere nowadays, hacks of government databases, people who record "private" conversations in person and otherwise, and which of my passwords are going to show up on haveibeenpwned.com next week.
Steve