Permissions abuse ~or~ the Facebook shell game.in
My favorite thing on the internet ever so far.
Share music with my Facebook friends. Great idea. Find all kinds of new music without having to commit to buying it. Great idea. Subscription feature that lets me take it on a plane trip. Great idea.
Today I have to reconnect to Facebook for some reason. I look at the ridiculous list of permissions that Spotify wants me to grant them. Access to my data when I'm not online. Permission to post on my behalf. To name my third son Spotify. I wouldn't have thought twice about dismissing and going about my day, but for two things.
Connecting to Facebook is apparently the only realistic way to find your friends in the world with whom you might want to share music.
The words of my friend Teddy, who works at Facebook. When I first signed up with Spotify i was reluctant to connect it to Facebook for the mental discomfort it caused me to grant any application the rights for which it was asking. To paraphrase,
"You gotta realize, though. If they go and take a bunch of your data and post a bunch of stuff on your wall that you don't want there, it makes them look bad and Facebook look bad too."
Luckily I wasn't indulging my Katy Perry sweet tooth this morning when I get a message from an acquaintance on Facebook that Spotify is indeed posting every single song that I listen to on my behalf. Exact same permissions that were granted two months ago, but now being used in the exact way that I didn't want.
It took me about 5 minutes of incredulous tweeting to figure out that I could go 3 levels down into the settings on Facebook and remove this particular permission from the Spotify app. I decided while I was at it to remove every other permission for the Spotify app as well delete about 30 apps that I had idea were even there. One bad apple.
The question I have
How can this sort of app behavior be opt-out?
Obviously Facebook and app developers in general would plead to the FCC before congress that any of this behavior is opt-in in the first place, that Spotify asked me up front for these permissions and I said "yes". This is technically true, but total bullshit.
When an app asks for permission to do this and this and that on your behalf, why isn't there a simple little checklist of those things that you do and don't want it to do up front, instead of buried 3 levels deep in settings that are continually being moved around Facebook?
Cue the title of this post.