Tuesday, 8 May 2012

Why does DISQUS want to update my tweets?

So I was trying to add a comment into Stephen's blog, and to authenticate I chose twitter.

This is great since It gives me a way to prove my identity without creating yet another account .

But, when I am redirected to Twitter to authorize DISQUS, I get this:


WTF! Why do I need to give DISQUS access to update my profile and post tweets?

I don't want that , I just want to authenticate myself.

Now Google seems to do a much better job here, since it only asks for my email address to be validated:

Well at least that is what I hope that the OAuth permission shown above actually does! (I really don't want DISQUS to access my inbox and start writing emails for me)

This is a great example of empowering users to make security decisions. Which is this case Google gets a #pass and DISQUS a #fail