
 92 Facebook Apps Have Access To My Account - benjlang
http://mypermissions.org/clean2014/
======
johnernaut
I recently had a spree of hack-attacks (or so I thought) via my Twitter
account where it was making anonymous spammy tweets. I kept changing my
password to no avail. I then realized that it was a service that I had given
permissions to a long time ago that had been hacked and the attacker was
spamming tweets through my account via that service.

------
sethbannon
Great service. It's a shame it's necessary. It's an (intentional) failing of
UX design that makes it so difficult to know what apps have what permissions
on the main social platforms.

------
k-mcgrady
I check which apps have Facebook permissions and remove them all the time so
13 didn't surprise me (I wanted those 13 to have permissions). Twitter was
more of a surprise with 45 - 41 of which can 'act on my behalf.

Edit:

Please change the title of this post (at time of writing it is: "92 Facebook
Apps Have Access To My Account"). The service checks permissions for around 10
different sites - not just Facebook.

~~~
benjlang
What would you suggest as the title of this post?

~~~
k-mcgrady
Something along the lines of "Check which apps have permission to your social
media accounts"

~~~
stevoo
Not catchy enough ... i wouldnt have clicked on that title.

~~~
k-mcgrady
I'd rather not have link-bait titles as I'm less likely to click those.

~~~
650REDHAIR
It was submitted by a "growth hacker" from the same venture firm that invested
in MyPermissions. Better to submit with a link bait title now and have it
changed by an admin than to submit with a proper title and never see the front
page.

~~~
benjlang
I haven't worked at that VC firm for a few months now... I submitted this
because I thought it would be useful for the HN community.

------
Spittie
I prefer to prevent - I almost never give access to my account to some
application/websites, and prefer the plain old email to create an account
somewhere.

I've just checked on Facebook, and I have two. A game (that only supported
Facebook sign-in, I usually just delete the game if I find that) and a third-
party client.

Same for Twitter, I just have a bunch of third-party clients.

~~~
gygygy
Of course, but 5-6 years ago some of us were teens who had no idea about
online privacy. It worries me to see how many application I used long time
back had so much information about me.

~~~
subverting
So its fine if facebook is data mining everything but ahhhh freakout when some
third party app has a smidge? Lol...

~~~
Shish2k
Facebook has a reputation to uphold, so they won't do anything _completely_
and _obviously_ evil without slowly ramping up to it over several years first;
third party apps can abuse all the data they want, get shut down, and then
come back a week later with a new name.

------
lazyjones
"Apps" in this context probably means mostly "websites I used 'login with
facebook' on".

(I would have had a closer look if this wasn't a closed-source download ...)

------
kubiiii
"Start cleaning : this plug in can access all of your data on all websites
tabs and navigation activity." Kind of ironic. Pretty useful anyway.

~~~
olivieramar
Unfortunately, there's no way we can help you without getting that kind of
access. That being said, we really expect people to do their due diligence
when giving security apps permission to act on their behalf. We'd love to hear
if you can think of a better way for us to do it.

~~~
kubiiii
Don't get me wrong, I find your site useful, and must I add, well designed.
Maybe you could ask the user if he wishes to revoke the authorizations for
your own app after scanning.

~~~
olivieramar
All you need to do to get that done is disable the extension. Once that's
done, there is no access.

------
lowmagnet
The irony of this thing asking to post on fb/twitter then create yet another
login is not lost on me.

~~~
olivieramar
Our service is free. As such, they only thing we ask, is that you pass on the
word. The easiest way, is through social services, but we do that without
asking you for any permissions whatsoever. Also think of it this way, where do
people actually need protecting? On those exact social services :-)

------
robinhoodexe
"The author of this addon has not been verified"

How ironic

~~~
olivieramar
You're using Firefox or explorer right? Their process of verification is
downright absurd. Every time we update the service we need to reverify the
addon and it takes months. The irony is that we only update the addon to give
more protection to users.

------
lhnz
One thing that annoys me, re: permissions - when you signup for a service
through Twitter, and the next time you try to login you forget that you used
Twitter to sign-up so you click on LinkedIn. And the process continues until
you've given permissions for every single social network account you own...

~~~
blueskin_
This is one of many reasons why, if a service only supports
facebook/linkedin/twitter/gmail/whatever login, I do a Tab Closed; Didn't Read
on it.

------
ateevchopra
Its really helpful. Apps like "What emotion are you" and "where you will be 10
years from now" have permission to read my messages !. Thanks for opening my
eyes !

------
wjk
0 have access to my facebook, how disappointingly satisfying.

------
pavanred
I tried the android app. Say, I check the permissions of my facebook account
by logging in, I didn't find a way (at least a conspicuous one) to logout.

And, I didn't find the point of forcing me to create a mypermissions account
if I am allowed to login and use the app without me confirming my account via
the confirmation mail. I might as well create an account using a fake or
someone else's email.

------
C1D
This is pretty shocking. I found out that 4 apps can access my inbox! I've
removed all of them except for the gmail iOS app.

~~~
mathattack
Wow! Can you share what those 4 were?

~~~
C1D
9gag, Mailbox, Immersion and Tumblr.

~~~
mathattack
Without using Mailbox, by name that's not surprising. The other 3 are a
surprise.

------
rplnt
I can see 8 for facebook (two of those are my apps and one is something called
"Developer", I guess that's related). Thought it would be more.

Four for google if I count various stackoverflows as one. Five for twitter and
that's it. Can't even imagine how would one rise to a hundred.

------
zozu
Luckily I manage this on a monthly base. Only 23 on Facebook and none of those
can acces information I do not want them to see. Good link though, we need
more awareness for third party apps accesing our social media profiles.

------
gygygy
Some applications I used as a newcomer to facebook still had access to my
profile. And I never knew they still had this much access. Thank you for this
link.

------
alexcroox
93* __

------
01Michael10
Cleanup your social media apps? How about delete your Facebook account to
start 2014. Facebook is so 2010... I deleted my account years ago.

~~~
LukeB_UK
Does HN now stand for Hipster News?

~~~
01Michael10
What does this replay have to do with my comment?

Why has my comment been down voted? The point of the post is social media apps
cause a privacy concern. What about Facebook itself? This is like go remove a
couple of small cancerous tumors but let's not treat the lung cancer.

------
Murk
What is Facebook?

On another note I have 132 text files with passwords in. The whole security
thing isn't going to get easier.

~~~
arvidjanson
Not sure if you're ironic, but just incase not: ever heard of 1password and
similar apps? Cleans that right up!

------
smackfu
Aren't most of these "Facebook Apps" just using Facebook for easier account
creation / login?

~~~
aestra
Would you like to login with Facebook for easier account creation/login?

Nope, if that's the only option, I'll opt to not take part in your service.

------
Semaphor
Only 34 but I decided I might spring clean and removed 8 of those that I don't
need anymore :)

------
adambenayoun
Holy guacamole - 110 applications have access to my facebook account.
...removing...

------
smockman36
I would love to see some stats from mypermissions.org on people's permissions

~~~
captn3m0
Seeing as mypermissions.org is just a site with links, i think its just not
possible. The most stat that they can get you is the number of people which
click on a particular application link (say fb vs twitter)

EDIT: I wrote the above when I didn't know about their chrome extension. That
could perhaps be used for more stats.

------
Vaanir
Some of the Google ones are ambiguous or duplicated.

I revoked everything anyway.

------
apiapi
This is why Google+ login is more accepted than Facebook and others
[http://blog.oauth.io/the-oauth-report-1-social-
logins/](http://blog.oauth.io/the-oauth-report-1-social-logins/)

------
smiro2000
Anyone else deleted all of them?

------
SnaKeZ
Is it reliable?

~~~
solox3
They're just links to the network sites' permission pages.

~~~
olivieramar
Try their other site. MyPermissions.com

