Scary permissions required?


#1

I’m using a social locker plugin which requires people to tweet in order to unlock content on my website. I’m concerned about the number of permissions Twitter needs to make the plugin work.

“This application will be able to:

  • Read Tweets from your timeline.
  • See who you follow, and follow new people.
  • Update your profile.
  • Post Tweets for you.”
    Some of these are misleading and I don’t think I would agree to these permissions. Why would I let the app follow new people, update my profile and post tweets “for me”? It sounds way too scary.

Is this standard when you give an app read and write permissions?
Thanks in advance for any guidance.
:upside_down_face:


Suggestion: More Granular Read & Write App Permissions
#2

This is a standard message yes.

What plugin this is? (tweeting to unlock things sounds like it might trigger anti spam measures if it’s spammy looking tweets)

Really there are only 3 permissions: Read, Write, DMs. (4 if you include email permissions)

Apps can be “Read Only”, “Read & Write”, and “Read, Write & DMs”. (Also there’s access to Email addresses - special permissions you need to get whitelisted for)

So any app with Read & Write permissions, regardless of what it actually does, displays that warning.

Which I think good, because it warns people of the capabilities of an app before accepting, but also it could be better - i’ve thought about this before too - would be nice to have selective Write permissions, only limiting to Tweeting, or only profile updates etc.


#3

Thanks so much for your response - that helps to clarify for me.
:+1:


closed #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.