The idea of “sign in with google” has always frightened me. It’s convenient, absolutely, but it’s also ceding control of your data—ceding control of even more of your data—to a giant corporation that has no problem working with government spying organizations like the CIA or NSA ([1] [2] [3] [4]) (at least when it's not a PR implosion), and already rules so many other dimensions of the web.
Anyone that has tried to use the internet without making these sorts of sacrifices knows that it becomes an almost hostile place: captchas are a constant interference rather than mild distraction, cookie “notices” become landmines, many services will deny you access entirely! And don't expect to read a privacy policy without finding some variant of “we may sell or share your data to third parties”, or sign up for an account without handing over your phone number, email, government ID, etc. (reminder that Status does not and will not ever collect this sort of personal info: emails, phone numbers, etc. on sign up)—trying to maintain privacy on the internet sucks.
And sacrifices in privacy are a part of web2 life. But a new era of the internet, decentralization, privacy, and censorship resistance is upon us. Web3 already offers privacy-respecting alternatives for a lot of popular services (here is a twitter thread with 130+ examples).
Web3 is the correct answer where privacy is concerned (and freedom). But what about convenience? Well, on one hand it’s not really convenient to live your life under a state of constant surveillance, nor is the bus factor of potentially losing access to your Google account (and everything else) in a data breach, but on the other hand there is real convenience in only managing a single account.1 Plus most people are ignoring the problem, or not even aware it exists, and lots of projects, infrastructure, and individuals rely on things like “Sign in with Google” or “Log in with Facebook”.
What if there was another way? What if… a wallet really is a profile? (told you so) You could use a type of single sign on that respects your privacy, and requires only an Ethereum address.
This already works for several services, as pointed out by embracingweb3 in this extremely hype article from November! More specialized options are also being developed; the first of these, “Login With Unstoppable” launched last week. And Ethereum SSO is poised to make tokenized communities even better.
The days of Web2 SSO domination are coming to an end.
1. Have we plugged password managers recently? You should be using one.