It’s 10pm, do you know where your data is?

There is an interesting article from Andy Baio over at Wired that looks at how easy it has become to give total strangers a window into our lives. With the advent of OAuth, people can easily sign up for new services and apps by relying on their Facebook and Google profiles. Instead of filling out a lot of forms and trying to remember a new password, you can just rely on these companies to handle everything and finish the process in one or two clicks.

But this frictionless (Mark Zuckerberg’s new favorite word) world has serious risks. Baio uses the example of Unroll.me, a service that helps him avoid unwanted mailing lists and spam. He was about to sign up, when he realized that, when he stopped to think about it, he actually knew nothing about the people behind this startup.

“For all I knew, it could be run by unscrupulous spammers or an Anonymous troll looking for lulz. And I was about to give them unfettered access to eight years of my e-mail history and, with password resets, the ability to access any of my online accounts?”

To use a real world example, it would be like walking past a billboard that offers to keep unwanted flyers and catalogs out of your mailbox. Without bothering to learn anything more, you drop a copy of your keys into a black box. Sounds risky when you put it that way.

For anyone who’s suddenly thinking, “oh man, I’ve given access to a ton of random apps”, there is a relatively simple solution. The best one we’ve come across so far is mypermissions.org, which gathers together the services like Facebook, Twitter, Google and Foursquare that power a lot of third party apps. We were a bit shocked to find close to one hundred apps had permission to access our Facebook data, nearly a dozen of which we didn’t recognize or remember signing up for.

It’s fun to try out new web apps, but these digital one night stands doesn’t mean you should be giving away your data to relative strangers from that point on.

Filed under: security

via google.nl