No external sign-on

When greeted with the signup page, users would be more likely^[1] to create an account and contribute if they saw they could sign into a social service. They could also login later faster as it would not require them to fill in their credentials.

If we were to provide external sign-on with a service like Google, Google would be able to know almost exactly when users sign into Wikipedia.

Google is a private entity that operates with its own interests in mind and not Wikimedia's. If a government where Google was operating were to request Google to hand over data about when and what people login to Wikimedia using their Google accounts, Google would be able to do that. That government could then utilize that information to relate Google accounts with Wikimedia accounts such as by comparing when a Google account signed in and when a Wikimedia account is created (creation times are publicized). This is an issue because governments could use this to act against people who, say, post something offending them on Wikipedia.

Even if we were to make account creation times hidden, account login information could still be used in a capacity to identify users such as by comparing it with their editing history. Any information is information that can be used against someone and that must be prevented.

Wikimedia must protect the identities of its users for their safety. No allowance of any amount should be given to potentially revealing information about someone's identity. Therefore, we cannot allow an external entity such as through an external sign-on to obtain any information that puts our users at any risk.