Hacker News new | past | comments | ask | show | jobs | submit login

The solution you're looking for is OAuth. It's in fact never been "all or nothing", its' always been a choice by each app and service. The reason most apps ask for everything is because 99% of users don't understand or care, and if you try to explain it to them, they'll get confused, bored, or nervous, and not use your app.

"What's nice about OAuth is that it allows the end user to control access to information and revoke access as needed."

Users are free to revoke their their permissions at any time, but they won't be able to use an app without the permissions. You could very easily build a UI with user-variable permission scopes on account creation/management with OAuth, but no one bothers, because it would be a pain to manage on the backend for zero economic gain.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact