I will talk to our engineers/business folks to look into and consider
your recommendation here: "I ask that Cnet reconsider requiring its
users to run Gigya scripts in order to log into their Cnet accounts
with their dedicated Cnet userid and password info." I personally
don't see why this should be a problem, especially if you aren't
connecting to any social network to log into CNET, but I'm not an
engineer, nor am I the one to call priorities--so I can't tell you what
effort it would take or where it would fall into our list of priorities,
however I will bring it to the table to see what can be done.
As far as private information, I'm not an engineer, nor am I lawyer,
but you're right, I don't know what is being captured, but I'm certain
that before CBS Interactive goes live with Gigya or
any other 3rd party service, our legal team at CBS Corp has
a contract with them agreeing to protect the privacy of our
users. At CBS Interactive we take each and everyone's' privacy
very seriously and we would not jeopardize that. After all Gigya
does have a lot to lose given that they have a huge list of high
profile clients (http://www.gigya.com/clients/). I also think that
we wouldn't be handing things to them that are personally
identifiable--most likely a unique anonymous token of some sort,
but not private data for them to authenticate people's social log in.
Alan, again I thank you for your feedback and expressing your concerns
in regards to this. Like I said I will take your feedback and present
it to our engineers and business folks to see if it is something
we can consider doing.
I'm using the NoScript add-on with FireFox 12. For those of you not familiar with it, NoScript allows you to disable embedded scripts from third-party websites. It's very effective for finding out what third-parties are running scripts on a website you're visiting.
Today I discovered that unless I allow scripts from Gigya.Com to run on Cnet web pages, I can't log in to my Cnet account.
Gigya is a "social infrastructure service provider". What they do is provide third-party scripts that allow users to log in to accounts like Cnet using their social networking IDs. Thus, a website like Cnet that uses Gigya services allows you to log in using your Facebook or other social networking ID.
The only problem here is... I wasn't trying to log in to my Cnet account with a Facebook ID, or with any other social networking ID. I was trying to log in with my Cnet userid/password. Through trial and error I found that unless I allowed Gigya scripts to run on Cnet webpages, I couldn't log into my Cnet account.
Thus, whether you want it or not, scripts that support social networking logins are running when you log into a Cnet account.
What else are the Gigya scripts doing? When they accept Facebook login info, are they also running Facebook scripts? They have to interface with Facebook somehow to get your profile info.
The requirement to run Gigya scripts in order to log into Cnet accounts is forced on Cnet account holders, whether or not they have social network IDs and/or want to participate in sharing information of any kind with a social network "infrastructure service" like Gigya?
I ask that Cnet reconsider requiring its users to run Gigya scripts in order to log into their Cnet accounts with their dedicated Cnet userid and password info.
Note: boilerplate to the effect of "Private information for Cnet users who use their Cnet userid/password to login to their accounts is not shared with Gigya or any other social network service" will not suffice. How do you know? Gigya is running some kind of scripts when Cnet users login. How can you guarantee that login and profile information is not being obtained by those scripts? Because Gigya told you it wasn't?
Anyone else have views on this? Should we be required to run social networking login scripts when we login to Cnet accounts using our Cnet login information?