Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feedly Forces Its Users To Create Google+ Profiles

Posted by timothy on from the rapids-pulling-you-downstream dept.

somegeekynick writes "Feedly users, a lot of whom migrated from the now-defunct Google Reader, are now finding out that they will not be able to login to the service without a Google+ Profile. In a blog post from Edwin Khodabakchian, which was posted almost at the same time the change rolled out, the reason for the change is stated as following Google's own move from using OAuth to Google+ for authentication. What has riled up a lot of users, as can be read in the comments, is that this change has come without warning and a lot of feeds are now being 'held hostage' by Feedly, especially for users who are reluctant to create Google+ Profiles."

31 of 251 comments (clear)

  1. rs by Anonymous Coward · · Score: 2, Informative

    The main Google Reader replacement.

    1. Re:rs by ericdano · · Score: 4, Informative

      The main, crappy replacement. The real replacement is Newsblur.

      --
      It's either on the beat or off the beat, it's that easy.
      I moderate therefore I rule!
      --
  2. Roll your own authentication guys by wiredlogic · · Score: 4, Insightful

    We also understand that some people would prefer to have more identity choices. So we have been testing twitter, facebook and wordpress login options. We will be rolling them out over the next 7 weeks.

    Apparently they are too busy looking for other ways to force you to have 3rd party accounts to realize the obvious solution and roll their own authentication system.

    --
    I am becoming gerund, destroyer of verbs.
    1. Re:Roll your own authentication guys by Bogtha · · Score: 2

      I don't want to notify my Google+ circles that I just added something to my feeds, and inevitably that's what will happen.

      It's not inevitable. When I added a feed in the old Google Reader it didn't tell anybody I was doing it. Just because Google has Google Plus, it doesn't automatically translate that each and every action you take while authenticated must necessarily be shared. Even if you assume that is the case, the whole reason why the Circles feature is designed the way it is is because Google acknowledge that it's not appropriate to share everything with everybody. You're literally taking a feature that is designed to limit sharing and ascribing to it the opposite intention.

      They want to tie your Feedly account to some other social network to increase its marketing value to them. The more interconnections they can associate with your account, the more valuable it is to them.

      Do you have any evidence for this or is it just your supposition? When I build a website, I prefer to use third-party authentication schemes because it's the right thing to do. I don't give a shit about marketing value, I give a shit about not pushing yet another login system on people when there's no need for it.

      --
      Bogtha Bogtha Bogtha
  3. Pump up the numbers by Desler · · Score: 3, Insightful

    Well thats one way to keep pumping up the Google+ numbers with more inactive accounts.

    1. Re:Pump up the numbers by icebike · · Score: 4, Interesting

      Well, first, you missed the bit about it being retracted.

      But besides that, Feedly has nothing to gain by pumping up Google+. (Unless there is some money changing hands under the table).

      Google is out of the feed reader business, so all you really need is an account at Feedly. They would like to pawn off the
      authentication server stuff onto someone else. But they are just serving up news feeds. There is really no reason to
      have any account details at all on hand, and they could just hand out random numbers for accounts.

      The problem here is that Feedly is finding it just as hard to monetize RSS as Google did, because, quite frankly, RSS was never
      intended to be monetized. It was intended to bring you to feeder's web site.

      But once you have things like Feedly and before that Google Reader scraping the full stories linked to the feeds, it becomes unprofitable
      for feedly, and unprofitable for the Feed sites, because nobody visits the sites anymore.

      I read a couple dozen feeds. On some feeds I never visit the site. On others, I have my reader (not feedly) set up to automatically go to
      the site, scrape the page via Google Mobilizer and show me just the text. No pictures, adds or any of that.
      The upside, those things aren't fetched from the site, saving them bandwidth. The downside, the site makes no money from me.

       

      --
      Sig Battery depleted. Reverting to safe mode.
  4. Re:What the fuck is a "Feedly"? by penix1 · · Score: 5, Informative

    More importantly, this is a non-news story since they have since rolled back those changes.

    --
    This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
  5. Not a Story by Anonymous Coward · · Score: 5, Interesting

    From TFA:

    [Update 2: The change has been rolled back: you can now go to http://cloud.feedly.com and login using the old Google Authentication mechanism. The main lesson we learned here is that user should control how they want to login to login to their feedly. We will make sure not to forget this. Have a good week end].

    Nothing to see here. Move along.

    1. Re:Not a Story by rudy_wayne · · Score: 3, Insightful

      From TFA:

      [Update 2: The change has been rolled back: you can now go to http://cloud.feedly.com/ and login using the old Google Authentication mechanism. The main lesson we learned here is that user should control how they want to login to login to their feedly. We will make sure not to forget this. Have a good week end].

      Nothing to see here. Move along.

      Until they try to figure out another way to force this on people.

      Google's ultimate goal is simple. You can't just use only Gmail or only Youtube or whatever. If you want to use one service, you have to use them all.

  6. All your accounts are belong to us. by TheDarkener · · Score: 4, Insightful

    I'm f***ing sick of Google and their integration of Google+ into Youtube (and obviously their other, and 3rd party services). I don't like Google+. I like Youtube (less and less these days, however). I don't use GMail, or any other Google service (besides search when DuckDuckGo doesn't find me what I want). It's like they're trying to force-feed us their horrible social network via proxy (no pun intended). NO I DO NOT WANT TO POST MY YOUTUBE COMMENTS ON MY DESOLATE GOOGLE+ ACCOUNT. Just keep them separate, they were never meant to be tied together.

    --
    It is pitch black. You are likely to be eaten by a grue.
    1. Re:All your accounts are belong to us. by Joining+Yet+Again · · Score: 3, Interesting

      If geeks had 1% of the organisational skill of a bunch of illiterate factory workers at the beginning of the 20th century, stuff like this - and almost all of our First World problems - would be trivial to deal with.

      For this one, my suggestion would be for everyone nagged to create a G+ page to fill their page with dildos and friend only Google executives. Use competitor Facebook to spread the word. Once a few million people have done this, G+ becomes a joke.

    2. Re:All your accounts are belong to us. by norite · · Score: 4, Informative

      Try this:

      https://www.startpage.com/

      It uses google, but even google don't know who you are when you go through these guys :)

      --
      -- Fuck Beta
    3. Re:All your accounts are belong to us. by swillden · · Score: 4, Informative

      Because I want to at least *feel* like I have SOME sort of control over what I do online and where my personal effects end up?

      Then you should like the G+/YouTube integration because now you can make YouTube comments that are not public. Pick the people/circles you want to share your comment with and only those people will be able to see your comment on the video. Yes, for this to work they have to have Google+ accounts, too, or they will be part of "the public" and be unable to see what you wrote.

      I'm not sure if the video owner can see comments that are shared privately. I suspect not.

      Anyway, if it's control you're looking for, this change gives you control that you didn't previously have.

      (Disclaimer: I'm a Google engineer, but I don't work on YouTube or Google+. My only real knowledge of them is as a (satisfied) user.)

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    4. Re:All your accounts are belong to us. by tlhIngan · · Score: 5, Insightful

      Why do you think Facebook, well known for shitting on people's privacy settings, is any better than Google?

      "Privacy settings" is a marketing term..

      There is NO such thing as privacy online. Posting something online is equivalent to posting it to the world - it's like keeping a secret by telling someone. And if you're not going to tell anyone, why post it online?

      The only reason why "privacy" is an option is because Facebook and everyone else knows that people won't post anything otherwise. So they invent "privacy settings" to trick (yes, trick) everyone into revealing things that they rationally won't.

      The old adage (from decades ago) goes "never put online anything you don't want to read in the New York Times". Or I guess, the Google front page these days.

      Nothing's changed, just Facebook has managed to sucker in a bunch of gullible people into thinking there's any semblance of privacy online. And that doesn't even cover the need to monetize your information. Just putting it online is dangerous enough.

    5. Re:All your accounts are belong to us. by Anonymous Coward · · Score: 3, Interesting

      I couldn't get to the whois information of www.startpage.com. Could you?

      Funny enough, whois doesn't report any info on nsa.gov, either.

  7. Re:Can anyone explain these "-ly" names? by Mitreya · · Score: 2

    I just don't understand all of these companies with names that take some word and stick 'ly' at the end.

    It's simple -- they are the companion websites to all those "-ster" websites everywhere.
    I wonder what Feedster is doing!

    WHOIS feedster.com
    Registration Service Provider: Dotster.com, support@dotster-inc.com

  8. The Frog In Boiling water... by enter+to+exit · · Score: 2

    Use Google to search for an alternative you can use on your Android phone and sign up to it with your Gmail address.

    If you have an android phone/a youtube account/ or a gmail address you have a g+ account.

  9. Re:What the fuck is a "Feedly"? by Anonymous Coward · · Score: 2, Informative

    Death by a thousand cuts. They'll do it again. This is all part of an apparently huge push to force g+ on people.

    Gmail recently started requiring access to plus.google.com in order to login. Some of us block access to social networks.You must now regularly few (sometimes more than once a week) a g+ nag screen.

    I am migrating my dozen+ accounts from gmail. Thanks for the push, google!

  10. Re:NEVER roll your own authentication. by nctritech · · Score: 4, Insightful

    Were you going for a "funny" tag with this? Are you a software developer? You know that OpenSSH isn't a program for website user authentication, right?

  11. Find a better Google Reader replacement... by Anonymous Coward · · Score: 4, Informative

    Feedly's login policy was what forced me to use Inoreader (www.inoreader.com), the only reader I was aware of that provided a standalone login. And boy am I happier for it. Light, fast and simple yet also feature rich. Just like the Google reader I used to know and love....

    1. Re:Find a better Google Reader replacement... by gigaherz · · Score: 2

      I use The Old Reader, but I do login with OAuth. As far as I know, they have their own login box, I just don't use it.

  12. Re:NEVER roll your own authentication. by Jane+Q.+Public · · Score: 4, Informative

    Software developer should NEVER try to roll their own authentication, just like they shouldn't try to roll their own encryption.

    Security is the domain of PROFESSIONALS and EXPERTS only. Your average softdev should NEVER EVER EVER try to roll their own authentication.

    It's better to use existing software written by PROFESSIONALS and EXPERTS. Like OpenSSH. That's what everybody should use for authentication.

    Wow. How wrong could this be? Let me count the ways...

    Nah. I have better things to do. I'll just say that a "real" developer uses tools developed by others to "roll their own" authentication. Nobody said you should to invent your own hashing algorithm or anything. Just follow recommended practices, use a known-to-be decent hash method, and be sure to salt.

    It ain't rocket science.

  13. Re:What is the issue with creating a Google+ accou by Anonymous Coward · · Score: 5, Informative

    What is the issue with creating a Google+ account?

    The issue is that using "John Doe" as your name when it is not your name is in violation of their Names Policy, you are subject to having the account suspended or canceled.

    This is so much bullshit on so many levels. Using a real-life and permanent name in conjunction with social networking activity is, in my opinion, extremely stupid. Making this a requirement for participation is frightening.

    G+ has taken some steps in the right direction, but IMO this has been more talk and less action than is necessary and their behavior with forcing G+ membership for Google store/youtube comments is abhorant.

    Preserving anonymity, pseudonyms, and online identity separate from 'real life", insofar as is possible, is essential to a healthy Internet.

    AC

  14. Re:I don't see the problem by Anonymous Coward · · Score: 5, Insightful

    Has it never occurred to you that some of us DO NOT WANT to use facebook?

  15. Re:What is the issue with creating a Google+ accou by icebike · · Score: 5, Insightful

    I keep seeing the seeing these paranoid critters screaming bloody murder about being forced to use Google+. What exactly is the issue with creating a Google+ account and not adding any information you do not want to share? Please enlighten me!

    Has the privacy disaster that is Facebook not once entered your brain after all these years?

    People are losing jobs, and failing to get jobs, because of this nonsense, people are being forced to turn over social network account passwords, and the accounts, with or without passwords are being mined, not only by advertisers, but also by government agencies.

    Look, its fine that you buy into this stuff, but don't drag me into it, just because you don't see a problem in your little world. Even teenagers are starting to realize facebook is a trap.

    There is simply no reason to believe Google+ is going to be any different. You can see the creeping invasion already.

    --
    Sig Battery depleted. Reverting to safe mode.
  16. tt-rss is highly recommended by Fragmented_Datagram · · Score: 5, Informative

    I highly recommend setting up the free tt-rss service. There's also a nice mobile client.

  17. Re:NEVER roll your own authentication. by Salgat · · Score: 4, Insightful

    I simply don't trust myself to make a 100% secure server, as most should not be and are not qualified to do so. Why go through all the trouble and risk when a free alternate solution already exists?

  18. Answers.com isn't getting any answers from me by tepples · · Score: 3, Insightful

    Because some of the users that you want to serve disagree with the policies of one of the major authentication providers. For example, Answers.com isn't getting any answers from me because I have no Facebook account. (I graduated and lost my .edu mail before Facebook existed.)

  19. Google accounts predate Google+ profiles by tepples · · Score: 2

    Google+ is the account system for Google.

    Google accounts were around years before Google+ profiles. Even if someone has a Google account, that doesn't mean he wants to create a public Google+ profile with his legal name.

  20. Google account != Google+ profile by tepples · · Score: 3, Informative

    Use Google to search for an alternative you can use on your Android phone

    So what handheld computer should I use if I want to write my own software but don't want Google

    If you have an android phone/a youtube account/ or a gmail address you have a g+ account.

    No, you have a Google account. Google is requiring certain users who already have a Google account to add a Google+ profile to their Google account and associate all activity on their Google account with their Google+ profile.

  21. Re:NEVER roll your own authentication. by VortexCortex · · Score: 3, Informative

    Software developer should NEVER try to roll their own authentication, just like they shouldn't try to roll their own encryption.

    No. Authentication is far easier to understand. Proof of knowledge is simple to perform, and is new authentication protocols can be built from the cryptographic primitives with ease. I'm certain you have no knowledge in this area, if you had some experience creating authentication systems you would know the same advice for ciphers does not apply to authentication. It's true

    Furthemore, today we lack a widely adopted authentication standard that provides revocation, and optional anonymity. There current major competing authentication standards are all laughable due to their reliance on the broken SSL trust graph. Firefox - settings - Advanced - Certificates - View Certificates - Hong Kong Post & CNNIC. These are root certificates that can be used by the Chineese government to create a "valid" cert for Google.com or Yourbank.com without those domain's permission. Together with an unsigned DNS root infrastructure the entire security system of the web is completely and utterly a security theater. Your route passes through there servers and you've still got a big green bar saying yourbank.com is secure when you've been MITM'd by the Chinese, Russians, Iran, Turkey, etc. Folks we are actively at "cyber war" with. I say this to illustrate the FACT: You MUST write your own authentication system, because EVERYONE ELSE who we thought COULD be trusted SHOULD NOT BE TRUSTED; They're all worse than morons, they've PURPOSEFULLY built a fucked up system.

    HTTP AUTH already exists and is supported in every web browser. Since it asks for authentication before displaying any content it is the right direction (unlike EVERY OTHER AUTHENTICATION). However HTTP-AUTH is clunky and most redardedly HTTP and TLS do not know about each other so the nonce you send as proof of knowledge in the clear which could instead be used to key your TLS/SSL stream cipher DOES NOT do so.

    All the well used existing authentication standards are fucking jokes. OAuth? Don't make me laugh: It's the best way to phish passwords EVER! Just make, say, a google or facebook login logo and have it redirect to a page that is not google or facebook to collect their password. Sure 2 factor exists, but it's not commonly used and even it has gaping huge holes.

    So, what we need are PRE-REQUEST authentication systems. A browser plugin that detects you're about to visit a secured site (perhaps from its database of prior authentications) then it pops up the browser password dialog NOT ON THE PAGE and perform the secure handshake providing proof of knowledge of a key and another nonce to hash with you password [or HMAC(domain, pw) ] to generate a session cipher key and then immediately begin send encrypted data back and forth without any PKI bullshit needed at all since the endpoints already have a pre-shared secret with which to generate a session secret. The ONLY time you need Public Key crypto is when you register an account and establish the pre-shared key. That window is so small, and impractical since the shared key is not useful unless a permanently maintained MITM attack is performed on every connection attempt that it makes PKI hierarchy essentially moot (esp: considering that PKI is useless due to aforementioned explicit trust of enemy actors as roots).

    Your advice to not create your own authentication system is the absolute WORSE advice you can possibly give since ALL prominent authentication standards are complete and utter rubbish. You at least have a CHANCE of creating something more secure than the blatant SECURITY THEATER that is everything else.

    To be perfectly clear, this is infinitely better than everything else: Browser plugin asks for master password; For any domain, Domain GUID = HMAC( userID, domain ), HMAC( HMAC( Master PW + Salt ), domain + nonce ) = session cipher key; Send Domain GUID, nonce, and your encrypted data to the server.