The only extra information you would be volunteering is that you signed in to a specific website. In most cases, this is not really a big deal.

If I don't want them knowing I surfed to somewebsite.com, why would I want them to know that I actually logged in to someotherwebsite.com?

I get that people have different levels of trust for these services than I do. I'm just more cynical than most, I guess.

You are also trusting the Oauth provider to never login as you for their own inscrutable purposes.

That is true. But then many people put a lot of trust in the major providers in many other areas too, such as hosting their private files and email, holding card payment information, and so on.

Yeah an email provider is basically Oauth with extra steps for ALL your accounts.

Absolutely. In the case of Facebook, it's easy to imagine them logging into websites as you to slurp up your contact list on that site. Don't worry, you agreed to it somewhere in the thousand pages of small print!

Or as the case of twitter demonstrates, you're also trusting all future owners of the Oauth provider, whoever they may be. If an erratic billionaire with a penchant for breaking the rules whenever it suits him buys your Oauth provider, who's to say what he'll do with his new access? He could treat your accounts as his personal toys. Better hope you don't earn his personal ire when he's on another wine and ambien bender.

Linked in used to (maybe still does) encourage you to provide them login details to your email so that they can scan it for potential matches.

> this is not really a big deal.

If it's not a big deal, then why do they offer this service "for free"?

It's all part of their commercial panopticon. You're missing the forest for the trees.