The ability to signup/login with a website using your Facebook, Twitter or other supported account are popping up everywhere and for good reasons – to make signing up for yet another site easier. Many of these give you the social account option, or create an account by entering your email address and etc. The opposite of that registration flow is restricting users to only one social account option such as Facebook. Users that blindly authorize their account might not realize that they’re really offering more of their personal information than intended.
For example, if we take a look at the information requested from Pinterest, Facebook tells us that the application will only receive our basic information (whatever that might mean). Hovering over the question mark near the text will tell you the following can be accessed: name, profile picture, gender, networks, user ID, list of friends, and any other information you made public. Does having access to one’s profile picture, networks they belong to, or even list of friends be considered basic and necessary for using the application?
Let’s take another example from site XYZ.com, mind you, this site only allows Facebook as their primary signup/login option. From here you can already tell that way too much information is being shared here, let alone your email address where you can be pestered further. At the very end you will also notice that the permission mentions that the app may post on your behalf, but what kind of posts will be made? That’s a lot more than basic.
The question now becomes, would you signup for a site if the only option available is Facebook? Do applications that really request these permissions in their scopes require this information to “use” the application?
Developers using Facebook’s API – request information from users that is “really” required for basic functionality rather than requesting it just because you can.