With the News Limited mastheads moving to the “metered paywall” model for their online activities, I curiously checked out what sort of information they might want to sign-up as a registered user.
I was a bit surprised.
When signing up using your Twitter account, they want access to “read tweets from your timeline”, “see who you follow, and follow new people“, “update your profile“, and “post tweets for you“.
I wouldn’t be too fussed about “read tweets from your timeline” and “see who you follow”, as unless your profile is private/locked, they can just do that anyway.
Anyone can.
I find to be able to “post tweets for you” something of a worry. It means they can post anything they like and have it appear to have come from you.
I’m sure they don’t want to do anything malicious with that power, most likely wanting to just post links to stories you’ve enjoyed, and liked through icons on their various sites.
The crux of the problem here is that if anyone breaks into their systems and steals all the OAuth keys people give to News Limited by signing up this way, those hackers might not be so nice.
A big collection of Twitter OAuth keys would be most attractive to hackers.
How confident can we be that their systems are secure enough to protect all those keys from being stolen and misused?
However, I find giving them the ability to “update your profile” and “follow new people” a bit stunning actually.
Why would they be interested in updating your profile? Why do they want to be able to make you follow new people?
As for following new people, News Limited presumably want to get you to follow their various Twitter accounts automatically – but what possible purpose would they have for updating your profile?
Now, of course, we don’t know if they would ever use those powers explicitly, but then it gets back to the safety of those keys.
If someone gets a hold of them, all hell could – (and probably would) – break loose.
A hacker might get to use YOUR account to spread whatever message they want, to all your followers.
In an extreme case, a Murdoch-governed media entity might even try to spread propaganda through your account, in the lead up to an election.
Far fetched? Maybe. Probably.
But we know the Murdoch press around the world don’t necessarily follow the bounds of decency or the law. The same Murdoch who is known to have actively “assisted” in the downfall of the Whitlam Government in 1975:
“So did Rupert Murdoch and prime minister Malcolm Fraser, who were working hand in glove in an effort to destroy Whitlam politically.”
If you’ve signed up this way already, you should consider revoking the access you have given them. They seek similar access through Facebook signup.
Unless I trust News Limited completely – (both to be good citizens, and to protect their data) – I wouldn’t be authorising them – (or anyone who steals their data) – to basically become me on my social media accounts.
I don’t, and neither should you.