Hacker News new | ask | show | jobs
by JacobAldridge 4476 days ago
My thought (as a non techie) is that it's just easier to ask for everything.

Need to use an open source library in building your codebase? No need to analyse everything to see which permissions it does or doesn't impinge upon. Want to add a new feature down the track? No need to consider whether it changes the user permissions.

And I'd be surprised how many people are turned off by the number of permissions - I'll almost always back off if there are any, and if I really want to use the product I have to trust them to do no evil. My guess is an awful lot of people are always living in that trust space, especially if they don't understand the tech.
1 comments
martco 4476 days ago
My thought (as a developer) is that it's just lazier (and worse for the product) to ask for everything. The more permissions you ask for, the less users you'll get.

For example, Facebook blatantly recommends that app developers ask for only the bare minimum of permissions on the initial app engagement. They cite numbers showing that click-through rate falls off precipitously once users see more than a few permissions required. They say that you should only ask for more permissions as the user explicitly tries to do something that requires them, for instance, ask for sharing rights only when they click 'Share', not before.

Lots of people are turned off by the number of permissions. Be surprised.

link
ritetag 4475 days ago
Sure, it's a turn-off. However, people are learning that APIs and social network auth policies confine devs; it's a neccasary evil. We're blessed by a plethora of press that evidences people overlooking the Twitter auth thing and signing up nevertheless.
link
ballard 4476 days ago
Yup. I think OAuth calls it scope, and it's a list of requested permissions.
link