Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Our app used to ask for Twitter write permission in order to provide "follow" buttons. It was infuriating: we only wanted to be able to follow/unfollow for people (since our site used Twitter's social graph rather than rolling our own) but in order to do so we had to ask for full write permissions, which caused people to freak out and assume we wanted to tweet on their behalf or make changes to their profile.

Contrast with Facebook which has a much better implementation of finely grained permissions where you can opt to only ask for the permissions your application needed.

In the end, we switched to asking for read-only permissions for most users and let them upgrade to read-write the first time they wanted to perform a Twitter-write operation. This was a hassle from an engineering point of view but did completely eliminate complains about us asking for too much access: http://lanyrd.com/blog/2012/twitter-read-only/

We eventually moved to our own social graph, which eliminated the need to update Twitter's graph from our interface entirely.



> Contrast with Facebook which has a much better implementation of finely grained permissions where you can opt to only ask for the permissions your application needed.

Facebook's minimum level of permissions is still infuriatingly broad. I hate getting "why do you need my friends list and public profile?!" feedback on our Facebook apps. If I could opt out of them, I would - often, I just want your FB ID and e-mail!


You could just ask for them.


E-mail, sure. Facebook ID? No. Most people don't have that 10-20 digit number memorized, and Facebook doesn't really show it anywhere other than the APIs these days either.


Why not implement privilege-shedding and enable your users to turn write privs on and off at will?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: