@protonprivacy Any plans to tackle identity? For SSO purposes I’m stuck with say, google but would love to move over to proton.
You mean like something to compete with services like DeleteMe, Incogni and Aura?
I’d be down for that, I’d like it to be included with proton family, that would give me a good reason to bite the bullet and pay the extra money for it.
I think that @theomegabit@infosec.exchange is asking for Proton to become an OAuth/OIDC provider. This would allow you to sign into any service, app, platform, etc. that supports it using your Proton account. Some common providers that are widely supported are Google, Apple, Github, Facebook, and Microsoft.
It is generally considered more secure than using “regular credentials” like username/email and password when using several services. There are a few downsides to this though. One of those downsides is that your OAuth/OIDC provider will have record of all your accounts used through OAuth/OIDC. For example, @theomegabit@infosec.exchange would like to avoid Google knowing about the various services used.
@theomegabit @protonprivacy Adding @protonmail to get their attention.
They could make an SSO but who would use it? Proton users make up such a small portion of the web that it wouldn’t be worth the effort and they might as well include 8541705317 other accounts at that point, as far as they’re concerned.
They use SSO because almost everyone already has 1 or more accounts with Google, Amazon, Microsoft, etc.
@helenslunch Nobody uses a good privacy/security focused IdP because one doesn’t exist for consumer / smb besides a small handful (many which you noted).
No, no one uses them for the same reason they don’t use any other privacy/security-focused product: No demand. There’s a small niche of consumers who do care and use products like Proton but it’s an absolutely miniscule fraction of the populace who simply don’t care, or don’t care enough to actually do anything about it.