Agreed, it screams two things to me. First that the company is supremely interested in collecting my personal information beyond what I would normally expect to provide. Second that they’re just too lazy to implement their own user system.
To the average user, social login is about convenience. I see a large number of responses in this thread that seem to have forgotten about the most important person in this whole conversation: the end-user.
Users want
- Easy access
- A familiar experience
- A consistent experience
- To avoid more passwords
They generally are not aware of the privacy tradeoffs they're making by using social login.
I'd argue that if the developer truly wants to fight the good fight, they should remove social login altogether.
I find it odd that the options they support willingly are the options that are most user-hostile from a privacy perspective while the option they begrudgingly support (while making a big fuss about it) is the one option that actually tries to protect the user.
You clearly don't understand how social logins work, nor their benefits for users and site owners. Both of your assertions are wrong, and both "bad" things are exactly the opposite.
You don't get anything beyond what you ask for AND are granted access to by the user.
FB login gives email and name AFAIK, but you can ask for lots of other stuff and be denied. Google defaults to email, not sure about name, and has separate requests and grants for any additional information. They don't have nearly as much of a profile as FB does, but can give address and some other details. Apparently Apple doesn't even provide a real email, so that seems even better for "collecting [your] personal information" than using... your personal email address!
Social login is much better than storing passwords in any form (plaintext, encrypted, hashed), and gives both the user and site owner the benefit of FAANG security.
Neither is a good thing