Sophos Cloud Optix
A new site, MyPermissions.org, makes it easy to herd a posse of wild cats – aka the hoard of applications and sites to which we’ve granted permission to access our information on Twitter, Facebook and more.
MyPermissions doesn’t ask for your personal information or login details, thank goodness. Otherwise, it would be a phishing goldmine.
Rather, the site simply offers a handy set of links to permissions lists. It also allows you to easily revoke access from the permissions pages.
On top of that, MyPermissions offers a reminder service: a monthly email via ifttt that prompts you to check your permissions.
Of course, you can set up a reminder on your own calendar and bookmark permissions pages on your own, but MyPermissions is a handy place to do it all from one spot.
Clicking through to different sites’ lists of permissions is an eye-opener. Do you know, offhand, how many applications can access your Facebook information, for example?
I was a trifle surprised to find that I’ve granted permission to 15 Facebook applications. I thought it sounded high until I read a comment from PStamatiou on a Hacker News thread about MyPermissions:
Nice! Just revoked access to about 40 things on Twitter, 30 on Flickr, 15 on Google, a handful on LinkedIn, 11 on dropbox, and about 150 (yikes!) on Facebook.
150 applications can access Pstamatiou’s personal information on Facebook??? Yikes indeed!
Of course, there are many legitimate apps and websites which you can give permission to connect with your account – but that doesn’t mean you have to have a free-for-all.
Remember, any application that gets permission to access your profile information potentially puts that information at risk. And, in the case of Facebook, it could put your friends’ information at risk, as well.
Any permissions can be dangerous, but Facebook is particularly worrisome, given the high number of users who are happy to give their personal information to strangers.
As Sophos found when it contacted 200 Facebook users posing as a plastic frog back in 2007, 87 responded, with 82 – or 41% – leaking personal information when they did so.
That personal information can be used for identity theft. It can be used for a mind-boggling array of other nastiness, as well. Bill Pringle has a nice compilation page of Facebook security issues, but lest we forget, the other social media sites can be used in similar mischievous ways.
As Tim O’Reilly Tweeted about the site (the site proudly displays said Tweet on its home page), MyPermissions is an excellent idea. “Treat your permissions with respect,” Mr. O’Reilly advises.
I wholeheartedly agree. Now, if you’ll excuse me, I’m off to choke a few Facebook applications in their cradles before they turn out to be monsters.
And please, feel free to let us know what surprises you in your permissions page.
REALLY UN-informative…Thank You?!?! You've given us NO advice beyond your usual (understood) here…not good for someone we're just sharing with today! Thanks anyway!
I think the advice is: Remove any apps/websites you don't recognise from your list of permissions.
If you used to use the site/app but don't anymore, it may be worth zapping it.
Hope that helps. If you have any other questions which we can help answer, we're happy to assist!
Thanks, Graham, and sorry, Liz. What Graham said is exactly what I should have said in the original post—guess I was running low on caffeine at day's end. My bad!
Link to MyPermissions not working
Working here for me – http://mypermissions.org
Which browser and which version are you using?
Google chrome. there is no such site according to chrome.
Not working for me either, using Chrome and IE9, looks like it might have died a horrible death….
Works for me but not for my friend in another town. For him "mypermissions.org" resolves to different IP than for me. Maybe IP has just changed, and it's still not updated to all DNS servers. Another twist is that when accessing directly with IP I get results in another site – I guess something like VirtualHosts are used to serve correct site from the server in that IP.
Link to http://mypermissions.org not working, using Google Chrome….I get this message "Oops! Google Chrome could not find mypermissions.org"
any suggestions?
Is there no utility to make revoking app permissions easier? It takes so long to do it one by one!
I have DNS issues too, making me unable to reach the site. I am in Europea (France).
I don't allow any apps – haven't for some time and live happily without them.
http://mypermissions.org dosen't work with firefox 9.0
Clearly some folks are having problems accessing the MyPermissions website, so here's a quick list of the links that they point you to – if you want to check your permissions:
Facebook: http://www.facebook.com/settings/?tab=application…
Twitter: http://twitter.com/settings/connections
Google: https://www.google.com/accounts/IssuedAuthSubToke…
Yahoo: https://api.login.yahoo.com/WSLogin/V1/unlink?.in…
LinkedIn: https://www.linkedin.com/secure/settings?userAgre…
DropBox: https://www.dropbox.com/account#applications
Instagram: https://instagr.am/oauth/manage_access
Flickr: http://www.flickr.com/services/auth/list.gne?from…
Hope that helps!
Yeah, I was just about to write that all the links should be to the HTTPS versions of those URLs!
PS: The site loads fine on all my browsers.
Thanx 4 bein human……
Thanks for being on the edge with important info! MyPermissions.org makes it easy! Link works fine. Only found two stray apps, but that's two too many that are gone now!
works fine for me!
this is good site to prevent unwanted things
Here's the tally for the six networks in which I have accounts:
1. Yahoo account: flickr had access – Removed
2. LinkedIn account was accessible by:
• Events (by LinkedIn)
• Reading List by Amazon
• Polls by LinkedIn
All access removed
3. flickr account: No access by any apps
4. facebook account: No access by any apps
5. Dropbox account: No access by any apps
6. Google account: No access by any apps
Thanks for the informative article Lisa. Helpful and easy to understand, as usual.
By the way, I had no problem accessing mypermissions.org from any of the following browsers:
– SeaMonkey
– Firefox
– Safari
– Camino
– Chrome
– Chromium
Only needed to delete four overall. None on Facebook. Thanks, Sophos, for this reminder.
The other option is… just don't publish anything to these sites that is all that personal. Honestly ? What do I care if people can see all of my photos, and status updates ? My rule is: if it really is that private, don't put it on the internet.
Well, I went to the site, and clicked on Facebook first. And what did they request right off the bat? My login details and password. >.<
That's *Facebook* asking you for those details.. You have to be logged in (for obvious reasons) to view/edit your Facebook settings.
What surprised me was how many apps had permissions on Facebook, and how many of them had not been used in a long time (> 3 months.) Needless to say, those were revoked immediately.