Are social media sharing services like AddThis secure

Every day I find more sites using social media sharing tools such as AddThis. I love the idea - click on the little button and the link gets posted to Facebook, Twitter or Digg.

But, I am required to provide my sign-in credentials. There is no way that this is secure. Basically, I am providing my information to a third party and trusting them to do the right thing. But, they could be writing the usernames and passwords in a big database and giving that info to the NSA.

Am I missing something here?

Michaelkay

Posted 2009-09-05T12:07:48.507

Reputation: 783

Answers

No, you're not missing anything - I think you've summed up the problem in a nutshell.

If you want to use these services you have to trust that they aren't going to misuse your data. The only way you could know for sure would be to able to inspect their systems, and they aren't going to allow that.

As Patrick Harrington states in his answer there are mechanisms whereby the 3^rd party doesn't see your login details, but you still have to trust that they are using them correctly.

So either hope that they are above board and use their services, or assume a level of distrust and don't.

ChrisF

Posted 2009-09-05T12:07:48.507

Reputation: 39 650

I think it depends - if the third party is utilizing Facebook or Twiiter's oAuth authentication, they are never actually seeing your login. They are passing off a token to Twitter (for example), and then Twitter tells the third party "yeap, this person is who they say they are."

That being said, there are still many services out there that are still using basic authentication, and for all you know they could be storing your login in a database somewhere.

Patrick Harrington

Posted 2009-09-05T12:07:48.507

Reputation: 379

Is there any way - as a "mortal" user - to understand and recognize the difference between oAuth using apps and those that don't? – David Schmitt – 2009-10-06T06:37:27.063