69 comments

[ 3.0 ms ] story [ 134 ms ] thread
"Apps" in this context probably means mostly "websites I used 'login with facebook' on".

(I would have had a closer look if this wasn't a closed-source download ...)

"Start cleaning : this plug in can access all of your data on all websites tabs and navigation activity." Kind of ironic. Pretty useful anyway.
Unfortunately, there's no way we can help you without getting that kind of access. That being said, we really expect people to do their due diligence when giving security apps permission to act on their behalf. We'd love to hear if you can think of a better way for us to do it.
Don't get me wrong, I find your site useful, and must I add, well designed. Maybe you could ask the user if he wishes to revoke the authorizations for your own app after scanning.
All you need to do to get that done is disable the extension. Once that's done, there is no access.
"The author of this addon has not been verified"

How ironic

You're using Firefox or explorer right? Their process of verification is downright absurd. Every time we update the service we need to reverify the addon and it takes months. The irony is that we only update the addon to give more protection to users.
Only 34 but I decided I might spring clean and removed 8 of those that I don't need anymore :)
Some of the Google ones are ambiguous or duplicated.

I revoked everything anyway.

Is it reliable?
They're just links to the network sites' permission pages.
Try their other site. MyPermissions.com
Holy guacamole - 110 applications have access to my facebook account. ...removing...
Luckily I manage this on a monthly base. Only 23 on Facebook and none of those can acces information I do not want them to see. Good link though, we need more awareness for third party apps accesing our social media profiles.
I can see 8 for facebook (two of those are my apps and one is something called "Developer", I guess that's related). Thought it would be more.

Four for google if I count various stackoverflows as one. Five for twitter and that's it. Can't even imagine how would one rise to a hundred.

(comment deleted)
I prefer to prevent - I almost never give access to my account to some application/websites, and prefer the plain old email to create an account somewhere.

I've just checked on Facebook, and I have two. A game (that only supported Facebook sign-in, I usually just delete the game if I find that) and a third-party client.

Same for Twitter, I just have a bunch of third-party clients.

Of course, but 5-6 years ago some of us were teens who had no idea about online privacy. It worries me to see how many application I used long time back had so much information about me.
I realized the first time I clicked on a Facebook app and it automatically spammed my friends and my wall that FB apps were something I wouldnt be using. Not only because of privacy concerns but also because of spamming concerns.
So its fine if facebook is data mining everything but ahhhh freakout when some third party app has a smidge? Lol...
I think the idea is more about being aware of it.

And "a smidge" might be full access, more-or-less, to all the important stuff.

Facebook has a reputation to uphold, so they won't do anything completely and obviously evil without slowly ramping up to it over several years first; third party apps can abuse all the data they want, get shut down, and then come back a week later with a new name.
I think what's far worse is what most applications ask for in terms of permissions... I mean, why does a "flashlight" app need access to my GPS position, contacts and sd storage? I've waded through lists of apps for simple things like that (note, it does need "camera" access to turn on the flash).

I think that when apps register on the store, they should have to include at least 100 characters explaining why they need access for each special permission.

5-6 years ago I was a teen too :)

Actually, I'm still a teen for some months.

Its really helpful. Apps like "What emotion are you" and "where you will be 10 years from now" have permission to read my messages !. Thanks for opening my eyes !
Some applications I used as a newcomer to facebook still had access to my profile. And I never knew they still had this much access. Thank you for this link.
Aren't most of these "Facebook Apps" just using Facebook for easier account creation / login?
They actually are, but the issue here isn't the easier login service, it's what kind of info they gain access to when they do. Some of the information makes ZERO sense with what the application or site actually do.
Would you like to login with Facebook for easier account creation/login?

Nope, if that's the only option, I'll opt to not take part in your service.

The irony of this thing asking to post on fb/twitter then create yet another login is not lost on me.
Our service is free. As such, they only thing we ask, is that you pass on the word. The easiest way, is through social services, but we do that without asking you for any permissions whatsoever. Also think of it this way, where do people actually need protecting? On those exact social services :-)
Cleanup your social media apps? How about delete your Facebook account to start 2014. Facebook is so 2010... I deleted my account years ago.
Does HN now stand for Hipster News?
What does this replay have to do with my comment?

Why has my comment been down voted? The point of the post is social media apps cause a privacy concern. What about Facebook itself? This is like go remove a couple of small cancerous tumors but let's not treat the lung cancer.

i would, but FB is till the defacto standard to keep in touch with friends/contacts if you aren't living in the same city/country with them anymore.
Email? IM? Skype? Text? The main reason I left Facebook was because of family members getting on it...
I think he has a point. My father, mother, and even my grandfather uses Facebook. Why are they using it? Because it enables them to keep in touch with their classmates and friends. Long lost friend especially. They are too long apart that email, IM, Skype, and text does not exist yet.

Additionally, for email, IM, Skype, and text, you need to know their email address, username, or number to contact them. In Facebook, there's a chance that you can find them by just searching their name.

I have never wanted to re-live high school myself.

If someone (family or not) does not have my email address and/or phone number there is a reason for it so certainly won't want them contacting me on Facebook...

i was abroad for quite some time and lived in various different cities. While i dont necessarly need to email/im with all the people i met, its certainly nice to see whats going on in their lives and contact them from time to time.

I know that i wont if id had to write an email, which i dont even have for many of my contacts from these times.

(comment deleted)
How do you know if someone isn't on Facebook? They'll tell you ;)

Facebook is still attractive despite the negatives, and I haven't yet seen a good wholesale replacement for it.

Personally I'd like a better feed manager built into the browser itself. And a very simple way to publish too. Access control is the difficult problem.

0 have access to my facebook, how disappointingly satisfying.
What is Facebook?

On another note I have 132 text files with passwords in. The whole security thing isn't going to get easier.

Not sure if you're ironic, but just incase not: ever heard of 1password and similar apps? Cleans that right up!
I check which apps have Facebook permissions and remove them all the time so 13 didn't surprise me (I wanted those 13 to have permissions). Twitter was more of a surprise with 45 - 41 of which can 'act on my behalf.

Edit:

Please change the title of this post (at time of writing it is: "92 Facebook Apps Have Access To My Account"). The service checks permissions for around 10 different sites - not just Facebook.

What would you suggest as the title of this post?
Something along the lines of "Check which apps have permission to your social media accounts"
Not catchy enough ... i wouldnt have clicked on that title.
I'd rather not have link-bait titles as I'm less likely to click those.
I thought this title got the point across, before clicking the link, I knew it would lead me to a page that will show me the knowledge on how to remove apps from social platforms.
It was submitted by a "growth hacker" from the same venture firm that invested in MyPermissions. Better to submit with a link bait title now and have it changed by an admin than to submit with a proper title and never see the front page.
I haven't worked at that VC firm for a few months now... I submitted this because I thought it would be useful for the HN community.
@benjlang Arbitrary or sensationalist titling is generally frowned upon on this site.
It's a great product and it's a great title. The fact that we all here speaking about it proves that it's a great title that caught your attention.
This is pretty shocking. I found out that 4 apps can access my inbox! I've removed all of them except for the gmail iOS app.
Wow! Can you share what those 4 were?
9gag, Mailbox, Immersion and Tumblr.
Without using Mailbox, by name that's not surprising. The other 3 are a surprise.
Great service. It's a shame it's necessary. It's an (intentional) failing of UX design that makes it so difficult to know what apps have what permissions on the main social platforms.
I recently had a spree of hack-attacks (or so I thought) via my Twitter account where it was making anonymous spammy tweets. I kept changing my password to no avail. I then realized that it was a service that I had given permissions to a long time ago that had been hacked and the attacker was spamming tweets through my account via that service.
One thing that annoys me, re: permissions - when you signup for a service through Twitter, and the next time you try to login you forget that you used Twitter to sign-up so you click on LinkedIn. And the process continues until you've given permissions for every single social network account you own...
This is one of many reasons why, if a service only supports facebook/linkedin/twitter/gmail/whatever login, I do a Tab Closed; Didn't Read on it.