New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't require so many permissions (or explain why you do in FAQ) #262

Open
kiprobinson opened this Issue Aug 13, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@kiprobinson

kiprobinson commented Aug 13, 2018

When adding Block Together, it is asking for the following permissions:

  • Read Tweets from your timeline.
  • See who you follow, and follow new people.
  • Update your profile.
  • Post Tweets for you.

This seems like a lot. I discovered the app from a Twitter thread (https://twitter.com/shannoncoulter/status/1028632688586936320), which included this which kind of set off alarm bells in my head:

You can ignore the copy that says the app will be able to post to your timeline. It will not. That’s boilerplate copy that appears for all external Twitter apps. I’ve tested the tool it doesn’t do anything unexpected/unwanted.

Training users to ignore important warnings is the kind of thing that enabled to Cambridge Analytica. If there's some reason why you need all these permissions, you should at least state in the FAQ why this is.

oops So I just checked the FAQ one more time before posting this, and I see now that you are actually explaining why you need "Post Tweets for you" permission. But it's not in a place that seems obvious to me (even though it's at the top). Maybe put it under its own h3 named "Required Permissions"?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment