{"id":8254,"date":"2013-05-20T14:44:33","date_gmt":"2013-05-20T04:44:33","guid":{"rendered":"http:\/\/michaelwyres.com\/?p=8254"},"modified":"2013-05-20T14:44:33","modified_gmt":"2013-05-20T04:44:33","slug":"news-limited-seeks-excess-access-to-your-social-media-accounts","status":"publish","type":"post","link":"https:\/\/michaelwyres.com.au\/mwdc\/2013\/05\/news-limited-seeks-excess-access-to-your-social-media-accounts\/","title":{"rendered":"News Limited Seeks Excess Access To Your Social Media Accounts"},"content":{"rendered":"

With the News Limited mastheads moving to the “metered paywall<\/a>” model for their online activities, I curiously checked out what sort of information they might want to sign-up as a registered user.<\/p>\n

I was a bit surprised.<\/p>\n

<\/p>\n

When signing up using your Twitter account, they want access to “read tweets from your timeline”, “see who you follow, and follow new people<\/b>“, “update your profile<\/b>“, and “post tweets for you<\/b>“.<\/p>\n

I wouldn’t be too fussed about “read tweets from your timeline” and “see who you follow”, as unless your profile is private\/locked, they can just do that anyway.<\/p>\n

Anyone can.<\/p>\n

I find to be able to “post tweets for you” something of a worry. It means they can post anything they like and have it appear to have come from you<\/i>.<\/p>\n

I’m sure they don’t want to do anything malicious with that power, most likely wanting to just post links to stories you’ve enjoyed, and liked through icons on their various sites.<\/p>\n

The crux of the problem here is that if anyone breaks into their systems and steals all the OAuth<\/a> keys people give to News Limited by signing up this way, those hackers might not be so nice.<\/p>\n

A big collection of Twitter OAuth keys would be most attractive to hackers.<\/p>\n

How confident can we be that their systems are secure enough to protect all those keys from being stolen and misused?<\/p>\n

However, I find giving them the ability to “update your profile” and “follow new people” a bit stunning actually.<\/p>\n

Why would they be interested in updating your profile? Why do they want to be able to make you follow new people?<\/p>\n

As for following new people, News Limited presumably want to get you to follow their various Twitter accounts automatically – but what possible purpose would they have for updating your profile?<\/p>\n

Now, of course, we don’t know if they would ever use those powers explicitly, but then it gets back to the safety of those keys.<\/p>\n

If someone gets a hold of them, all hell could – (and probably would) – break loose.<\/p>\n

A hacker might get to use YOUR account to spread whatever message they want, to all your followers.<\/p>\n

In an extreme case, a Murdoch-governed media entity might even try to spread propaganda through your account, in the lead up to an election.<\/p>\n

Far fetched? Maybe. Probably.<\/p>\n

But we know the Murdoch press around the world don’t necessarily follow the bounds of decency or the law<\/a>. The same Murdoch who is known to have actively “assisted” in the downfall of the Whitlam Government in 1975<\/a>:<\/p>\n

“So did Rupert Murdoch and prime minister Malcolm Fraser, who were working hand in glove in an effort to destroy Whitlam politically.”<\/p><\/blockquote>\n

If you’ve signed up this way already, you should consider revoking the access<\/a> you have given them. They seek similar access through Facebook signup.<\/p>\n

Unless I trust News Limited completely – (both to be good citizens, and to protect their data) – I wouldn’t be authorising them – (or anyone who steals their data) – to basically become me on my social media accounts.<\/p>\n

I don’t, and neither should you.<\/p>\n","protected":false},"excerpt":{"rendered":"

With the News Limited mastheads moving to the “metered paywall” model for their online activities, I curiously checked out what sort of information they might want to sign-up as a registered user. I was a bit surprised. When signing up using your Twitter account, they want access to “read tweets from your timeline”, “see who […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[379,420,475,561],"class_list":["post-8254","post","type-post","status-publish","format-standard","hentry","category-media","tag-newslimited","tag-paywall","tag-security","tag-twitter"],"_links":{"self":[{"href":"https:\/\/michaelwyres.com.au\/mwdc\/wp-json\/wp\/v2\/posts\/8254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michaelwyres.com.au\/mwdc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michaelwyres.com.au\/mwdc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michaelwyres.com.au\/mwdc\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/michaelwyres.com.au\/mwdc\/wp-json\/wp\/v2\/comments?post=8254"}],"version-history":[{"count":0,"href":"https:\/\/michaelwyres.com.au\/mwdc\/wp-json\/wp\/v2\/posts\/8254\/revisions"}],"wp:attachment":[{"href":"https:\/\/michaelwyres.com.au\/mwdc\/wp-json\/wp\/v2\/media?parent=8254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michaelwyres.com.au\/mwdc\/wp-json\/wp\/v2\/categories?post=8254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michaelwyres.com.au\/mwdc\/wp-json\/wp\/v2\/tags?post=8254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}