[martco]

My thought (as a developer) is that it's just lazier (and worse for the product) to ask for everything. The more permissions you ask for, the less users you'll get.

For example, Facebook blatantly recommends that app developers ask for only the bare minimum of permissions on the initial app engagement. They cite numbers showing that click-through rate falls off precipitously once users see more than a few permissions required. They say that you should only ask for more permissions as the user explicitly tries to do something that requires them, for instance, ask for sharing rights only when they click 'Share', not before.

Lots of people are turned off by the number of permissions. Be surprised.

[ritetag]

Sure, it's a turn-off. However, people are learning that APIs and social network auth policies confine devs; it's a neccasary evil. We're blessed by a plethora of press that evidences people overlooking the Twitter auth thing and signing up nevertheless.

[ballard]

Yup. I think OAuth calls it scope, and it's a list of requested permissions.