There are tens of thousands of apps and sites (if not more) that let you sign in with your Facebook or Google credentials. It's a faster way to log in -- and saves you the pressure of having to create and remember countless different usernames and passwords. But do you really know what you're signing over when you sign in?
Here are the basics.
Why use Facebook and Google to log into other sites or apps?
The easy answer here is convenience. Using your Facebook and Google logins saves you the effort of having to keep track of a bunch of different usernames and passwords for each app you sign into. (Because we all use unique names and strong passwords for each our various apps ... right?) So rather than having to remember your login info for apps like Pinterest, Etsy, Trip Advisor or myriad other sites and apps you may visit on occasion, all you have to do is use one of the logins you already know by heart.
Another advantage is safety. When using Google or Facebook to log in, you're leveraging the security infrastructure and protocols of those large sites, both of which monitor your account and flag suspicious activity and have better authentication capabilities than JoeShmo.com.
But what if your password gets stolen? Doesn't that just give hackers access to everything instead of just one thing?
When it comes to Gmail, your password kind of already is a hacker's way into everything. If a malicious actor gets your email password, he can request a password reset link for any apps you use. That will then be sent to the email he just hacked into. So, using your Google credentials to log in to other apps doesn't present a new security threat beyond what already is possible for a hacker with your password.
How does it work?
In essence, Google and Facebook are vouching for you. When you choose to sign into an app with either Google or Facebook, the login dialog box that pops up is actually provided by that company, not by the app you're trying to open. You put in your username and password and the site reports back to the app saying, "Yes, we know this person and have confirmed she is who she says she is. You may proceed."
What information are they giving these apps?
At the very minimum, Facebook shares whatever is on your public profile, such as your name and profile picture. Google typically hands over either your email address or, as mobile becomes increasingly important, your phone number, giving the folks at the app the ability to contact you if they need to.
But both could provide more information than that.
For instance, Trip Advisor uses your Facebook friends to show you where people you know have traveled and which hotels and attractions they have reviewed.
If you sign into Uber with Google, the company shares your Google Wallet information for easy payments. Doodle.com, a scheduling site, asks for access to your calendars.
How can you control what information gets shared?
Facebook makes it fairly easy to grant or block access to certain types of information.
When you log into an app with Facebook, there's an option to "Edit the info you provide." Clicking the link opens a list of permissions, including your friends list, your birthday, your likes and email address. You can check or uncheck each piece of data to decide whether or not to share it. The only one you can't uncheck is your public profile.
Google doesn't have quite the same amount of flexibility, at least not yet. Typically, the app providers decide what information they are going to ask Google for and in most cases you can see what's being shared, but there's not a whole lot you can do about it. It's kind of an all-or-nothing proposition.
But some sites and apps are starting to add the ability to cherry-pick. Doodle, for example, doesn't ask for calendar access up front, but rather starts with your profile info and email address at sign-up and sends a separate request later to manage your calendars, which you can allow or deny. The Orbtiz and Etsy apps for Android also break up permissions on a need-to-know basis.
To review a list of third-party apps and sites that are connected to your Google account, go to the "Sign-in & security" section of My Account. As with Facebook, you can -- and should, periodically -- go through and remove any apps you don't use anymore. But unlike Facebook you can't get granular about which details get shared and which are kept private.
People sending email to any of Google's 425 million Gmail users have no "reasonable expectation" that their communications are confidential, the internet giant has said in a court filing.
Consumer Watchdog, the advocacy group that uncovered the filing, called the revelation a "stunning admission." It comes as Google and its peers are under pressure to explain their role in the National Security Agency's (NSA) mass surveillance of US citizens and foreign nationals.
"Google has finally admitted they don't respect privacy," said John Simpson, Consumer Watchdog's privacy project director. "People should take them at their word; if you care about your email correspondents' privacy, don't use Gmail."
Google set out its case last month in an attempt to dismiss a class action lawsuit that accuses the tech giant of breaking wire tap laws when it scans emails sent from non-Google accounts in order to target ads to Gmail users.
That suit, filed in May, claims Google "unlawfully opens up, reads, and acquires the content of people's private email messages". It quotes Eric Schmidt, Google's executive chairman: "Google policy is to get right up to the creepy line and not cross it."
The suit claims: "Unbeknown to millions of people, on a daily basis and for years, Google has systematically and intentionally crossed the 'creepy line' to read private email messages containing information you don't want anyone to know, and to acquire, collect, or mine valuable information from that mail."
In its motion to dismiss the case, Google said the plaintiffs were making "an attempt to criminalise ordinary business practices" that have been part of Gmail's service since its introduction. Google said "all users of email must necessarily expect that their emails will be subject to automated processing."
According to Google: "Just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient's ECS [electronic communications service] provider in the course of delivery."
Citing another privacy case, Google's lawyers said "too little is asserted in the complaint about the particular relationship between the parties, and the particular circumstances of the [communications at issue], to lead to the plausible conclusion that an objectively reasonable expectation of confidentiality would have attended such a communication."
A Google spokesperson said on Wednesday evening: "We take our users' privacy and security very seriously; recent reports claiming otherwise are simply untrue.
"We have built industry-leading security and privacy features into Gmail — and no matter who sends an email to a Gmail user, those protections apply."
Simpson, a long-term Google critic, said: "Google's brief uses a wrong-headed analogy; sending an email is like giving a letter to the Post Office. I expect the Post Office to deliver the letter based on the address written on the envelope. I don't expect the mail carrier to open my letter and read it.
"Similarly, when I send an email, I expect it to be delivered to the intended recipient with a Gmail account based on the email address; why would I expect its content will be intercepted by Google and read?"
• This story was corrected on 14 August to make clear that Google's court filing was referring to users of other email providers who email Gmail users – and not to the Gmail users themselves.