I've working on a slightly different approach based on password-less cross-domain decentralised authentication. But this is Google and they want all your data and they've got the support of the US government so I reckon that will probably win against any ethical solution.