Many sites that require logging in now allow you to log in with your Twitter account and most are harmless. Some, though, have gone TOO FAR. I STARTED to log in on Huffington Post this morning and got this:
No way, Jose! Read what this would allow them to do! (Click image to see full size)
Check out the last two bullet points:
- Allow Huffington Post to update your profile ?
- Allow Huffington Post to POST TWEETS ON YOUR BEHALF ?
Question 1: Why would they ever need to update your Twitter profile from Huffington Post?
Question 2: Does that mean that when you choose to Tweet a post on their site they can send it to your Twitter account or does that literally mean they can “post tweets on your behalf” meaning any tweet any time without you knowing about it?
Kelly Hungerford (@KDHungerford on Twitter) wondered the same thing when she saw the same pop-up wording for paper.li (those papers we tweet and RT regularly on Twitter). Here is the official paper.li answer to her question, “Why am I authorizing paper.li to use my Twitter account?:
- We do not update your profile with any information. As this is a standard Twitter Pop-up, it is possible they are using it for multiple accounts.
- Paper.li does post tweets on your behalf; when you re-tweet or direct message from an article on a Paper.li, and / or if you activate the Promo-Tweet on your paper.
That this is a “standard Twitter Pop-up” is bad news because that means we’re going to be seeing this much more often. That this wording is so vague is worse news because even if TODAY it means tweet what we tell them, LATER it could mean they can tweet through our accounts and we gave them permission to do it!
I don’t know about you, but I don’t want any site doing anything I did not SPECIFICALLY direct it to do. This makes me wonder if I have ever approved any other such actions without catching that or whether any site that was granted access without such serious approval can retroactively change what we agreed to allow them to do.
If anyone ever notices any site tweeting for me,
please do let me know and I’ll put an immediate stop to it.
If you want to remove any application’s access or see what sites you have permitted access to your Twitter account, when logged into your account click on Settings > Applications. Unfortunately there doesn’t seem to be any way to tell what we have granted any particular app – we can only click Revoke Access.
If anyone knows of any other site that has an authorization allowing them to change or use our Twitter accounts please let us know in the comments here or by tweeting @GrowMap or by using our contact tab (above) so we can revoke access and warn others.
One other thing. Has anyone seen anything similar on connecting to Huffington Post (or any other site) via Facebook or LinkedIn? IMHO, any connection that wants to “use” your accounts is one to disconnect immediately.
{ 50 comments… read them below or add one }
← Previous Comments
Twitter: FeldyMentor
June 6, 2012 at 8:35 am
A year later and I’m sad to say that I see this all over the place. It’s the screen at which I always exit without signing up for whatever it I was interested in, in the first place. The part that gets me AND FOLLOW NEW PEOPLE.
Twitter: WebMAOhist
September 30, 2011 at 2:00 am
After publishing my article
http://keycaptchaured.wordpress.com/2011/09/08/to-spam-or-not-to-spam-that-is-not-the-choice-anymore/
where I wrote that even after removing access to any applications on my twitter account,
I continued to observe spam tweets under my twitter username (account),
my password to my twitter account was invalidated,
I received Email from twitter support telling,
that my account was compromised and I should pass procedure of resetting my password
But when I use my twitter (or Google’s OpenID) account to login to other sites such as mashable.com or ipbskins.ru, I do not give them my password from my twitter (or Google) account, or any password at all!, and I am still able to use the same previously created user profiles logging into them from the same twitter account after changing my twitter’s (Google) account username and password.
These sites, like sites on IPB (I.Board) CMS permit to tweet from such users to which I login through twitter.
But if my twitter account or derivative accounts created through it, are compromised, they are able to post from them, though I do not see how changing passwords, username or even deleting original twitter account can now prevent such abuse.
Do I have control over my accounts at all?
And it is just a matter of a good will or intermediary sites or twitter to abuse them or not.
And if they abused by resource owners (who decided to change their policies), or are compromised by 3d party, what choice do I have to stop misusing my accounts?
As far as I see it,
I have no control over my own accounts
Any comments?
De-li(a)r-ious WebMA$Oist Conspywrightor with Multiple Nym Disorder Syndrome would love you to read ..New Trends in Spamming: Spam Fused into Antispam Protection with Spamming Visitors Instead of Web Sites
Twitter: GrowMap
September 30, 2011 at 9:55 am
It sounds like a phishing site may have somehow gotten your password and if a site uses OAuth it is SUPPOSED to prevent that; however, ANYTHING can be hacked.
As for whether we have any control over our accounts given the wording we are being presented with in these authorizations I would say that eventually the answer to that will be NO.
I suspect they (Facebook, Twitter, Google, etc.) will gradually start selling access to our accounts and slipping first a few and then probably a lot of advertisements in there because I have no doubt the wealthy elite are extremely unhappy about losing control over those of us who still use our brains for thinking.
They are trying to regain that control of what we can see and say and take over the Internet one way or another – and unless we are more clever than they are they will because they never give up. Look at things like Cash Pensions (how they illegally converted REAL pensions to 401Ks and then took the money back through fees and manipulation of stock prices) and imposing National IDs on us.
The post I’ll feature in CommentLuv in this reply has a ton of information about what we’re up against. If we can’t stop them from taking away the Internet we’re using now we may have to go back to dial-in bulletin boards or create an independent Internet. Did you know the Hamm radio folks have their own satellite? Hmmm.
growmap would love you to read ..Blog Post Promotion
I think the safest way to deal with things like this is having several e-mail addresses and use them to login to different sites. And keep one that you use for your friends etc. Just get them all together in an email program like windows live mail.
Danny would love you to read ..Remington RM1015P 10-Inch 8 Amp Electric Pole chain Saw
Twitter: WebMAOhist
September 8, 2011 at 1:41 am
So, I removed access from any app in my twitter account and I still continue getting spam-tweets like
http://twitter.com/#!/ParMoiMeme/status/111387319138910209
which I keep as sample (removing others)
And what choice do I have anyway, even if I read those descriptions?
They can be wrong
Even if I remove the earlier given authorizations from target service (like Twitter here) and even from intermediary one (like Huffington here), isn’t it just a declarative wish from user’s side?
I wrote a follow-up:
To Spam or Not To Spam: That is Not The Choice Anymore?
http://keycaptchaured.wordpress.com/2011/09/08/to-spam-or-not-to-spam-that-is-not-the-choice-anymore/
ConspiWRiGHting MA$Ohist would love you to read ..To Spam or Not To Spam: That is Not The Choice Anymore?
Twitter: GrowMap
September 30, 2011 at 2:44 am
We have to remember that Twitter belongs to Twitter and they can do whatever they wish there. We should not assume that is necessarily some hacker or spammer – it COULD be Twitter enabling it. I’m NOT saying it is – it may not be – but that IS always a possibility.
Gail Gardner would love you to read ..Libraries and Library Blogs: Are You Visible Enough?
← Previous Comments
{ 2 trackbacks }