Join 3,499 readers in helping fund MetaFilter (Hide)


Explain 3rd Party Twitter Authorisers for me
October 27, 2012 3:28 AM   Subscribe

Confirm/Deny for me that lots of 'log on with Twitter' instances involve handing over a lot of rights to your twitter account which aren't relevant ?

I often come across places which are using Twitter authorisation to allow people to identify themselves.

What I don't understand (or perhaps find hard to believe) is how the person who wants the logon (for instance a blog comment provider) asks for a whole set of rights to your Twitter account which don't seem relevant.

Take this as an example. It's what you get shown if you want to comment on some Mobypicture content.

They want the rights to "follow new people" and "update your profile" ? And actually in this context even "post tweets for you" is completely nuts as well. So my understanding of this is if I agree Mobypicture can add arbitary new followers at any time to my account; post random messages which appear to have been written by me and; update my profile to include material which I've never seen ?

Mobypicture are certainly not alone in this.

So my question is : have I misunderstood this - are they really getting the permissions I think are and is there any reasonable explanation for why they might want this ?
posted by southof40 to Computers & Internet (7 answers total) 2 users marked this as a favorite
 
Twitter only offer 3 levels of access to be requested by developers. Read, Read+Write and Read+Write+DM. I don't know what mobypicture does, but if they require any of the Write permissions (an opt-in post message options would count) then their only option is to ask for the whole lot.
posted by gregjones at 4:01 AM on October 27, 2012 [1 favorite]


I think this doesn't actually addresses your question with regard to giving Mobypicture more info/rights than you'd like, but for the option of commenting, it looks like you can just join Mobypicture and not use your Twitter account.

Like you said, many sites let you use your Twitter or Facebook login to gain access. I choose never to sign in that way and join said sites by creating an account directly. I can still make comments on a given site but don't have to share my comments on my social networking sites.
posted by shoesietart at 11:43 AM on October 27, 2012


I work for a company that makes webapps that offer twitter / facebook login. We make sure there is always a way to opt out of sending messages to fb/twitter, and a user approval of messages sent by the app (if possible on a per message basis), because anything else would make our clients look like assholes. But of course this discretion is up to the people implementing the app in question.
posted by idiopath at 12:03 PM on October 27, 2012 [1 favorite]


There are some commenting apps that automatically tweet your comments, that kind of thing. It's... really annoying and I don't know how to disable it (so I just don't use my twitter account for comment applications).
posted by Lady Li at 12:11 PM on October 27, 2012


That said it may also be functionality to allow you to do things - so if you see someone while you're using the app who you want to follow, and you click 'follow on twitter', the app can add them as a person you follow. Or if you click the checkbox that says 'tweet this comment', then you have to allow the app to send tweets as you in order for it to work. It's not necessarily (in fact, it's not ideally something that the app would do without your asking for it.
posted by Lady Li at 12:13 PM on October 27, 2012


They really are getting the permissions you fear, though mainly for the technical reasons gregjones explains.

Their motivation is almost certainly not malicious, though it is a little lazy: by leaning on the Facebook or Twitter authentication systems, their programmers have much less work to do than they would in developing/testing/maintaining their own authentication and registration systems.

But the spread of these things are creepingly horrible for reasons you clearly already sense, yes. Like others above, I don't use them.

(I'll do my own attention-whoring on Twitter, thanks!)
posted by rokusan at 10:13 PM on October 27, 2012 [1 favorite]


Thanks for all the answers. I was unaware of how 'chunky' the perms granularity was offered by Twitter to third-parties. It does explain why I see what I see although I'm left wondering why Twitter have made it so ! Thanks again.
posted by southof40 at 2:28 PM on November 11, 2012


« Older I have 200 scanned images of m...   |  What changed about Florida's G... Newer »
This thread is closed to new comments.