Does OpenID expose your email address to websites that use the service?

by User   Last Updated November 15, 2017 00:03 AM

For example, when using Stack Overflow with Google openID provider is my Google address exposed to Stack Overflow?

(It seems like it is because it displays my email.)

Is there a way to prevent that?

I thought OpenID was supposed to be private?



Answers 1


When you log in via OpenID, some information is given by the OpenID provider to the consumer website. The actual login part, where you type in your password, is done on the providers web page, so the consumer website doesn't know your login details. However, the OpenID provider will send to the consumer site, some of your profile details. Just what details are disclosed depends on the provider.

For example, if you sign in using your google ID, then the consumer site will be given your full name and email for a basic request. Google may also disclose your real world address and language preference. With a get_contacts call, Google would disclose your full contacts list and their email addresses (similar to when you do "Find Friends" in Facebook or similar social site.)

Some other Open ID providers will give more or less info to the consumer website. There's a nice list of what is given out by whome on this website. Facebook, MySpace and LinkedIn seem to give out the most about of info. Other providers like Twitter and paypal give out relatively less info.

Rincewind42
Rincewind42
July 21, 2011 06:01 AM

Related Questions



What to do when your OpenID provider shuts down?

Updated September 09, 2017 16:03 PM


How can I use Facebook as an OpenID provider?

Updated February 26, 2016 05:01 AM