ElijahLynn

IDEA: Build a service that identifies all the Single Sign On accounts tied to your Facebook/Google/GitHub/Twitter accounts for you and gives you a nice list and instructions on how to separate out the accounts with links if possible.

exikyut
That's an interesting concept.

Thinking about it for a bit, I'm sadly hesitant that it might need to be built as a browser extension or mobile app, rather than a website, because none of these services provide programmatically-accessible (even read-only) feeds of what you're looking for, so you'd need to scrape everything. This brings up two issues: 1) the headache of IP ratelimiting (and/or flat-out IP bans from trigger-happy systems optimized for fighting fraud/bots hosted on cloud infrastructure). IIUC there are proxy services that you can outsource the workaround problem to, but this is awkward to get behind in the face of 2), which is that users would need to input their actual usernames and passwords so that the service could request the account page with the details on it in order to scrape the data.

Given that these are broadly web services poked at via HTTPS, you could potentially get everything you needed from a browser extension (as long as the service doesn't require you to set any HTTP headers that extensions aren't allowed to touch).

The second possibility is using an app. Writing a thin layer that lets you craft custom HTTPS/whatever requests from a WebView would probably be the most straightforward approach.

The main issue with both the extension and app approaches is that they code-dump both the idea and methodology of "here is how to do X" into the hands of the IQ-99 skiddie group (especially with an extension). So now you have more people running around scraping pages and whatnot and trying to figure out how to weaponize everything. Probably won't go anywhere (in terms of producing actual attacks), but the noise may potentially make your life harder.

The least-complex solution seems to just be a giant boring list of links, for example:

- https://myaccount.google.com/permissions

- https://twitter.com/settings/connected_apps, https://twitter.com/settings/connected_accounts

- https://github.com/settings/apps/authorizations, https://github.com/settings/applications, https://github.com/settings/installations, https://github.com/settings/apps, https://github.com/settings/developers, https://github.com/settings/tokens

Hmm, that's kind of all over the place for some things. A single aggregate view that combines everything could definitely be very interesting...