June 27, 2011

Would you grant complete access to your Twitter account?

Rafal Los posed the question recently in his blog: "am I too paranoid?"

The context is he was speaking about a Twitter statistics website that he found which requires your login credentials in order to provide capabilities beyond statistics. Being the good security-minded chap that he is he looked into what this widget will do for you if you provide your credentials. Here's what he found.

It will...

* Read Tweets from your timeline.
No worries here, everyone can do that.

* See who you follow and follow new people.
Okay to the see who you follow, that's public. ...wait, "follow new people"? Why? What makes it think I want to follow these people it auto-follows? Nope, don't like this. I would accept suggestions on who to follow though.

* Update your profile.
Huh? What for? What would it add? Don't like that. Rafal mentions he doesn't even let his marketing people do that. Heh, I don't have marketing people but if I did I might let them access it...well maybe.

* Post Tweets for you.
What are you going to post? Advertisements spamming ppl? That's get me fewer followers. Ah no, no you won't you lil widget, you won't be doing this.

* Reading direct messages.
Excuse me! Why? For what purpose?

There's no way I would want a widget like this to have complete access to my Twitter profile. Am I too paranoid like Rafal? Maybe but I think for good reason, well many reasons. One such reason is need to know principle. In my opinion, this widget does not need access to some of the areas it accesses. It's the same reason why I don't give out my social security number easily or without asking why they need it. At the DMV, sure, at a department store, nope.

So no Rafal, you aren't being too paranoid...you're being sensible, safe, smart.

Check out Rafal's blog, he writes some good stuff.
http://h30499.www3.hp.com/t5/user/viewprofilepage/user-id/604516

Entry related to this topic:
http://h30499.www3.hp.com/t5/Following-the-White-Rabbit-A/Am-I-Just-Too-Paranoid-Federating-Identity-by-Twitter/ba-p/2414931

1 comment:

kmullersdorf said...

I agree, I think it will won't take long until the security thinking around social media will reach new levels. What do you think?