Why Mozilla-Developer-Network/MDN Needs Access Into My GitHub Or Google Account To Login !? & Why MDN Does Not Allow To Use Mozilla Account Based Login ? isn't it Violation Of Privacy ?
Hi, i absolutely do-not-like & do-not-approve that Mozilla Dev Network MDN https://developer.mozilla.org/en-US/ is FORCING/COERCING us/users TO GAIN (READ+WRITE OR ANY-OTHER) ACCESS INTO MY/USER'S GITHUB OR GOOGLE ACCOUNT to login into MOZILLA MDN site. This is clear Anti-privacy & Anti-Security activity, VIOLATION of PRIVACY-RIGHTS.
Any users can create an account in Mozilla here: https://www.mozilla.org/en-US/firefox/accounts/
So WHY MDN does not allow to use that to login/access into MDN site ?! and instead FORCING users to use GitHub/Google account access based login ?
Why should i give "MOZILLA", a 3rd-party, VARIOUS-TYPES-OF-ACCESS into my Google/GitHub account ? !! !! !! !! just to view documents from Mozilla developer network site, Or to get Firefox Dev Tools, etc, etc !!
my accounts are used for my control over my projects & to have my control over my private data/emails. even a tiny moment of access into any such private account means PRIVACY is LOST, & NOT-PRIVATE anymore.
Mozilla can send a code into my email & i/user can post that code to Mozilla, to prove i'm/user-is the owner of the email-adrs ... and for entire world , this type of proof is sufficient (though not perfect).
So WHY MOZILLA IS NOT FIXING THIS/THESE ISSUES ?
If Mozilla need to send notification to me, it can use my email-address. if Mozilla needs to add/notify in GitHub in my projects, then it can use its own GitHub account to do so with specific direct MENTION to user(by using user's github-ID) , or it can send me/user specific code over email that i or a user can add myself/themselves. A user can also give Mozilla-bot a membership in their Github project to publish, or notify something. etc. etc. there is always alternative & PRIVACY-RESPECTING & better-security-practice solutions , w/o giving/having FULL-or-PARTIAL access into someone's GitHub/Google account.
tags: MDN , MDN Login Issue , Privacy , Security , Login , Signin
Modified
All Replies (2)
the only thing that the mdn requests while signing in with your github account is your email address - no write access to repository or other data whatsoever.
quoting philipp "no write access...or other data whatsoever" ANY TYPE OF ACCESS into GitHub/Google account to Login into ANY-SITE is anti-privacy & anti-security , & risky & not good security practice. there are always many other alternative Privacy-Right respecting & comparatively more secure/safer solutions. Very very simple & safe solution is this : a website can send a RANDOM-NUMBER code into my specified email-adrs, & then it can allow me to login only after i can give it that code , thus this process/way can verify/establish i'm the user of that email-adrs.
AND , if a website forces me to provide my Phone# ( from a real/physical phone obtained from AT&T/Verizon/etc Cell / Wireless Carrier Service Provider, or Land line # , etc ) to send a SMS code or voice code , ( and does not allow me to use any FREELY obtained VOIP/etc phone# ) TO LOGIN INTO A WEBSITE , then i want that website to PAY ME MONTHLY $40 TO GET A REAL PHONE # FROM AT&T/Verizon/LandLineProvider/etc. if the website allows me to use free Phone# from Google-Voice or other VOIP provider or any other low-cost or free MVNO provider, etc , then i do not want the site to provide me monthly fee for the phone# service as its free.
If mozilla gave me all the things needed for creating a stable GitHub account, then i can create a new account with no-repo & no-data in it , then use it for Login into Mozilla-MDN site.
if mozilla gave me all the things (PHONE# from AT&T/Verizon/LandLine/etc) required for creating google/ggl account then i can create new ggl account & give access to that ggl-account to Login into Mozilla-MDN site.
like many users , i want more security & privacy , i want to give lesser chance to be abused , ( i do not want to give a chance to someone to abuse the 3rdparty access of "Mozilla" entry inside the GitHub/Google account , even though it has "no-write-access" or "no-data-access" ) , i do not want convenient or faster things ( faster things are hacked also ... faster ).
can mozilla give guarantee & declare publicly that : "Mozilla's access to user's Github/Google account to login into Mozilla-MDN site will never be hacked/abused. And if hacked/abused then this $$$$ amount will be issued." even with such guarantee , i or any person with little brain will-not & should-not trust such statement , as it cannot be fulfilled / not possible to fulfill by any company or anyone in this earth or any place in this universe.
anyway, just found a related June-2018 discussion on Mozilla-Discourse site, here: https://discourse.mozilla.org/t/alternatives-to-github-for-authentication/29147
so my take from those discussion is , Mozilla-MDN site still has: not applied/adopted Firefox account based login, not created Mozilla's own OAuth or 2FA in Firefox/Mozilla account, as of Sept-2020 !! :(
i have just tried to login into Mozilla-Discourse site , it allows+adopted to login via Firefox/Github/Google :) i have obviously chosen the "Firefox"-account based login there, & then it successfully verified me & allowed me to create account in Mozilla-Discourse & login.
when will other Mozilla sites (i.e.: Mozilla-MDN site) also do that/similar ?
Modified