Running Gigya scripts required for CNet Login
by Alan Mintaka - 6/19/12 9:59 PM
I'm using the NoScript add-on with FireFox 12. For those of you not familiar with it, NoScript allows you to disable embedded scripts from third-party websites. It's very effective for finding out what third-parties are running scripts on a website you're visiting.
Today I discovered that unless I allow scripts from Gigya.Com to run on Cnet web pages, I can't log in to my Cnet account.
Gigya is a "social infrastructure service provider". What they do is provide third-party scripts that allow users to log in to accounts like Cnet using their social networking IDs. Thus, a website like Cnet that uses Gigya services allows you to log in using your Facebook or other social networking ID.
The only problem here is... I wasn't trying to log in to my Cnet account with a Facebook ID, or with any other social networking ID. I was trying to log in with my Cnet userid/password. Through trial and error I found that unless I allowed Gigya scripts to run on Cnet webpages, I couldn't log into my Cnet account.
Thus, whether you want it or not, scripts that support social networking logins are running when you log into a Cnet account.
What else are the Gigya scripts doing? When they accept Facebook login info, are they also running Facebook scripts? They have to interface with Facebook somehow to get your profile info.
The requirement to run Gigya scripts in order to log into Cnet accounts is forced on Cnet account holders, whether or not they have social network IDs and/or want to participate in sharing information of any kind with a social network "infrastructure service" like Gigya?
I ask that Cnet reconsider requiring its users to run Gigya scripts in order to log into their Cnet accounts with their dedicated Cnet userid and password info.
Note: boilerplate to the effect of "Private information for Cnet users who use their Cnet userid/password to login to their accounts is not shared with Gigya or any other social network service" will not suffice. How do you know? Gigya is running some kind of scripts when Cnet users login. How can you guarantee that login and profile information is not being obtained by those scripts? Because Gigya told you it wasn't?
Anyone else have views on this? Should we be required to run social networking login scripts when we login to Cnet accounts using our Cnet login information?