While social sign-ons are growing in popularity, some users have expressed concern over privacy. In fact, a recent survey by social sign-on tech vendor Gigya found that 41% of 2,600 Web users don’t use a social log-in because they are worried that information about their Web activity will be shared with social networks. Another 40% are concerned because they’re unsure how their personal information will be used.To combat these fears and concerns, Gigya has introduced a “privacy seal” (see image below). Publishers who want to be certified will need to be audited by Gigya to make sure they’re in compliance.
However, there’s a bit of a caveat. As I wrote in our How-To article on Social Sign-Ons, I’m wary of using Twitter to sign into any site because Twitter’s permissions let publishers post on your behalf:
The Gigya seal may lead some users to think that a publisher will never post on their behalf in Twitter. But in fact, the Gigya seal just says that a publisher will not post without the user’s permission. According to an email from Gigya’s Senior Marketing Manager:
The idea is that a user will never be surprised that a particular action was posted to their social network. So, beyond the initial authorization with Twitter to gain access to post on a user’s behalf, the site will typically have to prompt the user to confirm a share the first time an action is taken (e.g. the first time a purchase is made), rather than automatically post the share because the initial Twitter permission was granted. That first share could also include an active opt-in for the site to auto-share that particular action moving forward, again with explicit consent from the user.
In other words, publishers can still post, but need to get permission before doing so. It’s a subtle difference that may lead to user backlash if publishers abuse the privilege. That’s why I recommend using this privilege sparingly and never for posts your audience may find controversial.