ძიება მხარდაჭერაში

ნუ გაებმებით თაღლითების მახეში მხარდაჭერის საიტზე. აქ არასდროს მოგთხოვენ სატელეფონო ნომერზე დარეკვას, შეტყობინების გამოგზავნას ან პირადი მონაცემების გაზიარებას. გთხოვთ, გვაცნობოთ რამე საეჭვოს შემჩნევისას „დარღვევაზე მოხსენების“ მეშვეობით.

ვრცლად

Why Mozilla-Developer-Network/MDN Needs Access Into My GitHub Or Google Account To Login !? & Why MDN Does Not Allow To Use Mozilla Account Based Login ? isn't it Violation Of Privacy ?

  • 2 პასუხი
  • 1 მომხმარებელი წააწყდა მსგავს სიძნელეს
  • 1 ნახვა
  • ბოლოს გამოეხმაურა atErik

Hi, i absolutely do-not-like & do-not-approve that Mozilla Dev Network MDN https://developer.mozilla.org/en-US/ is FORCING/COERCING us/users TO GAIN (READ+WRITE OR ANY-OTHER) ACCESS INTO MY/USER'S GITHUB OR GOOGLE ACCOUNT to login into MOZILLA MDN site. This is clear Anti-privacy & Anti-Security activity, VIOLATION of PRIVACY-RIGHTS.

Any users can create an account in Mozilla here: https://www.mozilla.org/en-US/firefox/accounts/

So WHY MDN does not allow to use that to login/access into MDN site ?! and instead FORCING users to use GitHub/Google account access based login ?

Why should i give "MOZILLA", a 3rd-party, VARIOUS-TYPES-OF-ACCESS into my Google/GitHub account ? !! !! !! !! just to view documents from Mozilla developer network site, Or to get Firefox Dev Tools, etc, etc !!

my accounts are used for my control over my projects & to have my control over my private data/emails. even a tiny moment of access into any such private account means PRIVACY is LOST, & NOT-PRIVATE anymore.

Mozilla can send a code into my email & i/user can post that code to Mozilla, to prove i'm/user-is the owner of the email-adrs ... and for entire world , this type of proof is sufficient (though not perfect).

So WHY MOZILLA IS NOT FIXING THIS/THESE ISSUES ?

If Mozilla need to send notification to me, it can use my email-address. if Mozilla needs to add/notify in GitHub in my projects, then it can use its own GitHub account to do so with specific direct MENTION to user(by using user's github-ID) , or it can send me/user specific code over email that i or a user can add myself/themselves. A user can also give Mozilla-bot a membership in their Github project to publish, or notify something. etc. etc. there is always alternative & PRIVACY-RESPECTING & better-security-practice solutions , w/o giving/having FULL-or-PARTIAL access into someone's GitHub/Google account.

tags: MDN , MDN Login Issue , Privacy , Security , Login , Signin

Hi, i absolutely do-not-like & do-not-approve that Mozilla Dev Network MDN https://developer.mozilla.org/en-US/ is FORCING/COERCING us/users TO GAIN (READ+WRITE OR ANY-OTHER) ACCESS INTO MY/USER'S GITHUB OR GOOGLE ACCOUNT to login into MOZILLA MDN site. This is clear Anti-privacy & Anti-Security activity, VIOLATION of PRIVACY-RIGHTS. Any users can create an account in Mozilla here: https://www.mozilla.org/en-US/firefox/accounts/ So WHY MDN does not allow to use that to login/access into MDN site ?! and instead FORCING users to use GitHub/Google account access based login ? Why should i give "MOZILLA", a 3rd-party, VARIOUS-TYPES-OF-ACCESS into my Google/GitHub account ? !! !! !! !! just to view documents from Mozilla developer network site, Or to get Firefox Dev Tools, etc, etc !! my accounts are used for my control over my projects & to have my control over my private data/emails. even a tiny moment of access into any such private account means PRIVACY is LOST, & NOT-PRIVATE anymore. Mozilla can send a code into my email & i/user can post that code to Mozilla, to prove i'm/user-is the owner of the email-adrs ... and for entire world , this type of proof is sufficient (though not perfect). So WHY MOZILLA IS NOT FIXING THIS/THESE ISSUES ? If Mozilla need to send notification to me, it can use my email-address. if Mozilla needs to add/notify in GitHub in my projects, then it can use its own GitHub account to do so with specific direct MENTION to user(by using user's github-ID) , or it can send me/user specific code over email that i or a user can add myself/themselves. A user can also give Mozilla-bot a membership in their Github project to publish, or notify something. etc. etc. there is always alternative & PRIVACY-RESPECTING & better-security-practice solutions , w/o giving/having FULL-or-PARTIAL access into someone's GitHub/Google account. tags: MDN , MDN Login Issue , Privacy , Security , Login , Signin

ჩასწორების თარიღი: , ავტორი: atErik

ყველა პასუხი (2)

the only thing that the mdn requests while signing in with your github account is your email address - no write access to repository or other data whatsoever.

quoting philipp "no write access...or other data whatsoever" ANY TYPE OF ACCESS into GitHub/Google account to Login into ANY-SITE is anti-privacy & anti-security , & risky & not good security practice. there are always many other alternative Privacy-Right respecting & comparatively more secure/safer solutions. Very very simple & safe solution is this : a website can send a RANDOM-NUMBER code into my specified email-adrs, & then it can allow me to login only after i can give it that code , thus this process/way can verify/establish i'm the user of that email-adrs.

AND , if a website forces me to provide my Phone# ( from a real/physical phone obtained from AT&T/Verizon/etc Cell / Wireless Carrier Service Provider, or Land line # , etc ) to send a SMS code or voice code , ( and does not allow me to use any FREELY obtained VOIP/etc phone# ) TO LOGIN INTO A WEBSITE , then i want that website to PAY ME MONTHLY $40 TO GET A REAL PHONE # FROM AT&T/Verizon/LandLineProvider/etc. if the website allows me to use free Phone# from Google-Voice or other VOIP provider or any other low-cost or free MVNO provider, etc , then i do not want the site to provide me monthly fee for the phone# service as its free.

If mozilla gave me all the things needed for creating a stable GitHub account, then i can create a new account with no-repo & no-data in it , then use it for Login into Mozilla-MDN site.

if mozilla gave me all the things (PHONE# from AT&T/Verizon/LandLine/etc) required for creating google/ggl account then i can create new ggl account & give access to that ggl-account to Login into Mozilla-MDN site.

like many users , i want more security & privacy , i want to give lesser chance to be abused , ( i do not want to give a chance to someone to abuse the 3rdparty access of "Mozilla" entry inside the GitHub/Google account , even though it has "no-write-access" or "no-data-access" ) , i do not want convenient or faster things ( faster things are hacked also ... faster ).

can mozilla give guarantee & declare publicly that : "Mozilla's access to user's Github/Google account to login into Mozilla-MDN site will never be hacked/abused. And if hacked/abused then this $$$$ amount will be issued." even with such guarantee , i or any person with little brain will-not & should-not trust such statement , as it cannot be fulfilled / not possible to fulfill by any company or anyone in this earth or any place in this universe.

anyway, just found a related June-2018 discussion on Mozilla-Discourse site, here: https://discourse.mozilla.org/t/alternatives-to-github-for-authentication/29147

so my take from those discussion is , Mozilla-MDN site still has: not applied/adopted Firefox account based login, not created Mozilla's own OAuth or 2FA in Firefox/Mozilla account, as of Sept-2020 !! :(

i have just tried to login into Mozilla-Discourse site , it allows+adopted to login via Firefox/Github/Google :) i have obviously chosen the "Firefox"-account based login there, & then it successfully verified me & allowed me to create account in Mozilla-Discourse & login.

when will other Mozilla sites (i.e.: Mozilla-MDN site) also do that/similar ?

ჩასწორების თარიღი: , ავტორი: atErik