No external sign-on

This page was created as a result of a discussion on the Wikimedia Discord server that followed the question: "Why can't you create an account/login with an external account like Google to Wikimedia projects?"

Wikimedia wikis require that you create and login with a dedicated Wikimedia account to have an account on a wiki. There are no options to "Sign in with Google" or another social service. This is for good reason: to protect the private identity of our users which could be exposed if we allowed for account sign-on from another service.

External sign-on seems like a good idea...

edit

When greeted with the signup page, users would be more likely[1] to create an account and contribute if they saw they could sign into a social service. They could also login later faster as it would not require them to fill in their credentials.

The problem

edit

If we were to provide external sign-on with a service like Google, Google would be able to know almost exactly when users sign into Wikipedia.

Google is a private entity that operates with its own interests in mind and not Wikimedia's. If a government where Google was operating were to request Google to hand over data about when and what people login to Wikimedia using their Google accounts, Google would be able to do that. That government could then utilize that information to relate Google accounts with Wikimedia accounts such as by comparing when a Google account signed in and when a Wikimedia account is created (creation times are publicized). This is an issue because governments could use this to act against people who, say, post something offending them on Wikipedia.

Even if we were to make account creation times hidden, account login information could still be used in a capacity to identify users such as by comparing it with their editing history. Any information is information that can be used against someone and that must be prevented.

Wikimedia must protect the identities of its users for their safety. No allowance of any amount should be given to potentially revealing information about someone's identity. Therefore, we cannot allow an external entity such as through an external sign-on to obtain any information that puts our users at any risk.

References

edit