Sign in with Google in Chrome

Original Article ↗ Hacker News Discussion ↗

Confusion and convenience of SSO vs passwords

  • Some users find “Sign in with Google” (and Chrome’s auto sign‑in) genuinely helpful when they forget how they registered or when a site’s own “Login with Google” is broken.
  • Others avoid SSO entirely, using password managers with unique passwords to avoid lock‑in to Google and cross‑site identity correlation.
  • Several point out that average users are not like HN readers: they see authentication as friction and often prefer one‑click Google/Apple sign‑in.

Intrusive UX and privacy worries

  • The Google One Tap / FedCM-style banners are widely described as intrusive: large overlays, often delayed just enough to hijack focus or appear under a tapping finger, including on sensitive sites (e.g., porn).
  • People fear accidental clicks that share name/email/PII with untrusted third‑party sites, and complain that merely visiting already lets Google track them via the embedded script.
  • “Incognito/private” modes are seen as misleading: they hide local history but not tracking or fingerprinting; some report seeing targeted ads after incognito searches.

Workarounds and mitigations

  • Many rely on uBlock Origin (and similar) with custom rules (e.g., blocking accounts.google.com/gsi/* or the credential_picker_container) or “annoyances” lists; DNS/Pi‑hole blocking of Google identity domains is suggested for extreme setups.
  • Chrome has a hidden setting (chrome://settings/content/federatedIdentityApi) and Google account preferences to reduce prompts, but they require being signed in and don’t always work reliably.
  • Some switch to Firefox, Brave, or ungoogled Chromium; Safari users need extensions like StopTheMadness, as there’s no native toggle.

FedCM standard and competition concerns

  • The Chrome UI is part of the emerging Federated Credential Management (FedCM) standard: a browser‑mediated SSO meant to replace cookie/redirect flows and reduce cross‑site tracking.
  • Critics argue that, despite being “open,” it entrenches Google as the default identity provider on Chrome/Android and risks further centralizing web identity.
  • There’s unease that the spec process is dominated by Google contributors; Firefox and WebKit appear cautious/neutral, citing unresolved privacy and design issues.

Business upside vs user downside

  • Developers report huge sign‑up boosts (e.g., 8×) after adding One Tap; a persistent identity is valuable for growth and email marketing.
  • Others counter that many sign‑ups are accidental, generate spam, and degrade trust and brand perception, even if metrics “go up.”
  • Some users actually like the feature for its speed and minimal clicks; they’re a clear minority in this thread but demonstrate that there is real demand.