Hacker News new | past | comments | ask | show | jobs | submit login

This is insane. I have Google/FB test accounts that I use to try out new products. I am now inclined to set up offline mail to make sure that my emails are not readily available to anyone but me. Of course Google still archives my removed emails but I think their policy is to remove them after a certain period. Can someone at Google confirm?

How about feeling inclined to actually read the permissions that the service is requesting from you and deciding upon that?

Same thing applies on smartphones too. If an app requests a lot of permissions that do not look like a legit part of the service, stay the hell away from it. A couple of examples:

    * Facebook Messenger does not need access to my location and call logs.
    * The main Facebook app does not need access to my SMS.
    * Signal does not need access to my calendar.
Solution: I have none of these apps on my phone.

Edit: a couple more examples:

    * WhatsApp does not need to read my Google services configurations.
    * Viber does not need access to my Bluetooth.
    * Snapchat does not need access to my audio settings.
    * Instagram does not need to run at startup.
    * Microsoft Word does not need to have the ability to set an alarm.

Android is tricky. I'm not an expert at their permissions settings but it seems that some of them are worded alarmingly for over-reaching yet justifiable permissions. I'm thinking for example (not one you listed, but..) that displaying push notifications immediatly when the phone is not in use requires a permission to "prevent the phone from sleeping"...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact