Often1

This is not a privacy discussion. It is not as though BA hacked OP's accounts or gained access through some deception. Rather, OP chooses to maintain a public LinkedIn profile which contains as much information as he chooses to make public. That information is there for his friends, colleagues, recruiters, and stalkers alike.

squawk

Oh dear, I have opened a can of worms…

OAuth2 is fine, from a technological perspective of not revealing login credentials to other sites. My beef is with how so many services now have disabled (or made very hard to find) their own traditional email-based logins, in favour of supporting OAuth from the major social networks. The result is that a) those social networks have an even better profile of your online activities, in terms of other sites you use; and b) often, though not always, the requesting site will also want access to a greater or lesser amount of your social network data as part of the authentication process.

The social networks make many of these features easy/convenient for developers and users for a single purpose: to tie you into their ecosystems. OAuth logins from social networks are like cuckoos eggs, in that respect.As news publishers are finding out with Facebook's recent feed changes, that leaves you at their mercy.

But my specific concern about KLM's thing was more from the perspective of "I don't want other people on my flight to know all about me and contact me via Facebook". I wouldn't want others to know all about me on a bus, if I share that journey with them, so why a plane…? The feature is actually called "Meet & Seat" and seemingly is still available.

arkellvspressdram

This is what you use your otherwise unused google plus account for, just log into everything which needs OAuth2 using google plus and you'll never see it unless you're one of the 8 people still using it...and the sites get their pound of flesh-flavoured data.

Worcester

I would disagree. I was recently sent a $150 voucher for adverts on Linkedin and spent a frustrating half hour trying to target an ad on a vaguely relevant demographic with no success. Compare that to the precision I can achieve with Facebook.

UKtravelbear

Slighty OT but I have a tertiary email address (which does not include any part of my name) that I use for when I am asked for an email address to use wifi.

TPRun

Depends what the demo target is containing. Although I still get freaked out when I get served an extremely on point ad - and i work in ad sales

evanstim

I use a made-up email address: f*[email protected] or [email protected] or similar.

Obviously without masking the first vowel in the first word. I then use similarly rude and faked names if required to provide more details to 'register'. I do this because I like to send a message to the service provider, since some providers who require you to register will think nothing of on-selling your name and email address.

Where I come unstuck is when they need to email me a code for me to complete registration and go online, but thankfully in my experience most do not.

Globaliser

Have you tried using mailinator.com?

zymm

There are a couple of restaurants that Google you when you make a reservation, in order to provide customized service.

BertieBadger

I can certainly agree with this as I don't "do" any form of social media. I hadn't realised that some sites were requesting access beyond that to establish identity. A bit naughty.... Must add Oauth2 onto the reading list and dig into the details more. And remind myself of the maxim with all such social media services that if you don't know what the product is, then it's you

BertieBadger

Just a point of pedantry, and I know you indicated them as examples, but both these domains are actually registered so in doing this you are possibly inflicting on others the fate you hope to avoid.

No issue on your general approach but maybe better to stick to domains that are specifically set aside as non-registerable, e.g. [email protected]?

Annalisa12

I do that too.

During the Seinfeld era it was. Nosoupforyou@

squawk

I don't think it is that common, and it is separate to OAuth itself (AFAIK). But, for example, many of the Twitter analytics services require you to log in to your Twitter account via OAuth, and then (usually in order to function) request particular abilities, such as to read your list of followers or whatever. So Twitter must be providing some form of API to grant/revoke those permissions, through the federated sign on tokens.

More commonly, as seen on Quora, it's "just" a way of easing the sign on process for users so they don't have to remember emails/logins. But it ends up linking the data you put in different places to a single 'persona' and a lot of people don't realise the effect of this in terms of triangulating information about them, and sharing it with many companies etc. you otherwise wouldn't be comfortable sharing with (to say nothing of stalkers).

Anyhow, I'm very happy to make friends on flights - just not for that kind of matching to be done a) in advance of travelling and b) via Facebook…

Takiteasy

If you have accessed LinkedIn using the lounge WiFi (or the LHR wifi, say) more than once, and a crew member has done the same, then LinkedIn sometimes pairs you by IP address and you would appear in each other’s ‘people you may know’ list. The crew member may have then wondered who you were.

Or you may have been hit on after a flight, though in that case you would probably recognize the crew member from their pic

TPRun