With the advent of OAuth, an open standard for authorization, you can easily sign up for new services and apps simply by relying on your Facebook and Google profiles. But that simplicity also makes it easy to give total strangers a window into our lives, as Wired’s Andy Baio explains in a recent post.
Instead of filling out a lot of forms and trying to remember a new password, you can just rely on the likes of Google and Facebook to handle everything and finish the authorization process in one or two clicks.
But this frictionless (Mark Zuckerberg’s new favorite word) world has serious risks. Baio uses the example of Unroll.me, a service that helps him avoid unwanted mailing lists and spam. He was about to sign up when he realized that, when he stopped to think about it, he actually knew nothing about the people behind this startup.
“For all I knew, it could be run by unscrupulous spammers or an Anonymous troll looking for lulz. And I was about to give them unfettered access to eight years of my e-mail history and, with password resets, the ability to access any of my online accounts?”
To use a real world example, it would be like walking past a billboard that offers to keep unwanted flyers and catalogs out of your mailbox. Without bothering to learn anything more, you drop a copy of your keys into a black box. Sounds risky when you put it that way.
For anyone who’s suddenly thinking, “oh man, I’ve given access to a ton of random apps”, there is a relatively simple solution. The best one we’ve come across so far is mypermissions.org, which gathers together the services like Facebook, Twitter, Google and Foursquare that power a lot of third party apps. You can also manage the services that have access to your accounts from within your Facebook or Google settings. We were a bit shocked to find close to one hundred apps had permission to access our Facebook data, nearly a dozen of which we didn’t recognize or remember signing up for.
It’s fun to try out new web apps, but these digital one night stands don’t mean you should be giving away your data to relative strangers from that point on.