Woah! Read Those Twitter Authorizations Carefully

Many sites that require logging in now allow you to log in with your Twitter account and most are harmless. Some, though, have gone TOO FAR. I STARTED to log in on Huffington Post this morning and got this:

Twitter Huffington Post Login

No way, Jose! Read what this would allow them to do! (Click image to see full size)

Check out the last two bullet points:

  • Allow Huffington Post to update your profile ?
  • Allow Huffington Post to POST TWEETS ON YOUR BEHALF ?

Question 1: Why would they ever need to update your Twitter profile from Huffington Post?

Question 2: Does that mean that when you choose to Tweet a post on their site they can send it to your Twitter account or does that literally mean they can “post tweets on your behalf” meaning any tweet any time without you knowing about it?

Kelly Hungerford (@KDHungerford on Twitter) wondered the same thing when she saw the same pop-up wording for paper.li (those papers we tweet and RT regularly on Twitter). Here is the official paper.li answer to her question, “Why am I authorizing paper.li to use my Twitter account?:

  • We do not update your profile with any information. As this is a standard Twitter Pop-up, it is possible they are using it for multiple accounts.
  • Paper.li does post tweets on your behalf;  when you re-tweet or direct message from an article on a Paper.li, and / or if you activate the Promo-Tweet on your paper.

That this is a “standard Twitter Pop-up” is bad news because that means we’re going to be seeing this much more often. That this wording is so vague is worse news because even if TODAY it means tweet what we tell them, LATER it could mean they can tweet through our accounts and we gave them permission to do it!

I don’t know about you, but I don’t want any site doing anything I did not SPECIFICALLY direct it to do. This makes me wonder if I have ever approved any other such actions without catching that or whether any site that was granted access without such serious approval can retroactively change what we agreed to allow them to do.

If anyone ever notices any site tweeting for me,
please do let me know and I’ll put an immediate stop to it.

If you want to remove any application’s access or see what sites you have permitted access to your Twitter account, when logged into your account click on Settings > Applications. Unfortunately there doesn’t seem to be any way to tell what we have granted any particular app – we can only click Revoke Access.

If anyone knows of any other site that has an authorization allowing them to change or use our Twitter accounts please let us know in the comments here or by tweeting @GrowMap or by using our contact tab (above) so we can revoke access and warn others.

One other thing. Has anyone seen anything similar on connecting to Huffington Post (or any other site) via Facebook or LinkedIn?  IMHO, any connection that wants to “use” your accounts is one to disconnect immediately.

The following two tabs change content below.

Gail Gardner

Small Businsss Strategist at GrowMap
Creator and owner of GrowMap.com, Gail is primarily known for mentoring small businesses and encouraging bloggers to join collaborations to share skills and support small business.