Hacker News new | past | comments | ask | show | jobs | submit login

I'm having a very hard time conceiving of what definition of "manage" a user could come up with that would have made them realize the possible consequences of granting this permission, given that the text also includes the phrase "and permanently delete your mail in Gmail." If the user shouldn't trust the requester with delete permission, what possible definition of "manage" could somehow have convinced them this was an unsafe operation?

At some point, you have to either trust users to bother to read what you put in front of them and think about the ramificaitons, or you have to assume they don't and categorically disallow that functionality. And I, for one, am not in favor of categorically denying API access to Gmail.




Indeed.

Why would anyone approve an app that could "permanently delete your mail in Gmail"? I wouldn't.

The bottom line: yes, you really do need to read those pesky dialogs.


Maybe because the app could be a mail client? If I downloaded a mail client and it wasn't able to delete my email I'd think it was a pretty crap piece of software. The same as I'd expect if I wanted a fully featured mail client to connect via IMAP.

I'd also feel a bit annoyed if a Twitter client I was using was unable to delete tweets, and I had to go back to the Twitter website to do that.

The thing about making APIs to let other people interface with your product is that you have to expose all the functionality of that product, or there's not really any point.

There are some fair comments in this thread saying that the "manage" permission is significant enough that it should be flagged a bit (or a lot) more strongly than the common "identify" permission, but personally I don't think the point of the API is something that needs questioning.


There's a very common case for exposing only a subset and that's granting read-only access.

That seems to be just what OP expected - he says "I exported my recent e-mail history to Fleep, a collaboration platform used by a new client, and let their software synchronize future e-mails".

So why, based on this, would he feel good about granting permission for something to delete his email? (even ignoring possible confusion over the meaning of "manage"). Delete != read-only.

His first thought should have been "is this too much access"? A quick Google search would have led him to https://developers.google.com/identity/protocols/googlescope..., where he could have seen that indeed there is a read-only scope for access to gmail (https://www.googleapis.com/auth/gmail.readonly).

Obvious conclusions he should have drawn - either: 1) Fleep is poorly or maliciously written, and requires overly dangerous OAuth scopes 2) His understanding of Fleep is wrong, and Fleep intends to do more than just read his emails

I don't know which is true, but he should have investigated before hitting the Internets with his tail of woe.

But at the end of the day, everything worked as it should, and we can probably assume that Fleep does what it says - its simply that he rushed past a warning dialogue.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: