OpenID Foundation claims ‘Sign In with Apple’ poses security and privacy risks

Chance Miller for 9to5Mac:

At WWDC 2019 earlier this month, Apple unveiled its new Sign In with Apple platform, which gives users a privacy-friendly alternative to sign in platforms from Facebook and Google. This week, however, the OpenID Foundation is questioning some of the decisions Apple made for Sign In with Apple.

The OpenID Foundation is a non-profit organization with members such as PayPal, Google, Microsoft, and more.

In a public letter to Craig Federighi, the OpenID Foundation writes that Apple has “largely adopted” OpenID Connect for Sign In with Apple, but that there are some notable differences. The foundation argues that the differences between Sign In with Apple and OpenID Connect limit the places customers can use Sign In with Apple and poses security and privacy risks… “The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple. By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software.”

MacDailyNews Take: Open ID is still around? Well, it’s nice to see that what’s left of it is still able to read the writing on the wall.

How does supposedly “reducing the places where users can use Sign In with Apple” expose users to greater security and privacy risks?


What OpenID — PayPal, Google, Microsoft, etc. — are really concerned about is that their business models are about to lose yet another way to track the world’s well-heeled smartphone, tablet, and personal computer users.

The fact is that users risk their personal security and privacy by stupidly signing in with the likes of privacy-trampling tracker Google et al. in the first place.

This article was originally posted here