Because it’s not a reasonable expectation that your private messages would be shared with an advertising partner when you link your account to it, and “give access” is rarely a step that your average user actually reads, much like agreeing to TOS’s upon signup.
And catering to the average user’s expectation is what should dictate policy, not a “technically we have permission” caveat.
In this case Netflix was not an advertising partner. You were signing into Facebook Chat inside the Netflix chat, and participating in Facebook chat messages inside the Netflix app.
You were opting in and using the Netflix app as a Facebook Chat client. Its like being surprised the Pidgin executable could see your Jabber messages.
In the sense that some users may not have realized what they were allowing, that's fair. But that just implies that the permission dialog for this sort of thing should be pretty onerous while being very easy to understand.
There are details that aren't clear here too: Did Netflix request read permissions when you signed in via Facebook? If so, that's shitty and is worthy of condemnation, but the onus falls more on Netflix than Facebook there. You should be able to sign in with Facebook without expecting your DMs to be sent to Netflix. It's still on Facebook, but to a much lesser extent: They should make what's being shared super clear when you sign in with Facebook, and that includes making the sign in super onerous and scary if its something like reading DMs, so the user doesn't miss these details. And they should be reviewing third party apps and what permissions they request, and making sure its inline with the functionality the app is presenting.
However, if the normal Facebook authentication flow did not grant this permission, and the permission was only granted when the user accessed the "Netflix Chat" or whatever feature which obviously did, in actuality, require the read permission to function, then this isn't that big a deal.
You would expect that giving permission to send specific pre-approved messages does not imply permission to read everything you've ever said to anyone or they've said to you..
That's not what the feature was. The feature was that you could use Messenger inside Netflix and Spotify to chat with your friends without leaving those apps. If you opted into using Messenger to chat with your friends inside Spotify, I'm confused why you think Spotify couldn't access your messages, given that Messenger was unencrypted at the time and you were running it inside Spotify. How else would the feature work? It's Messenger running inside Spotify; just like how iOS has access to the unencrypted files and network traffic of any app on your iPhone, Spotify could access any of the unencrypted files or network traffic in Spotify.
It's a dumb feature and I'm glad they killed it, but the "gotcha" here isn't much of a gotcha IMO. It was an opt-in feature to use Messenger inside these other apps; of course the other apps could see your messages if you opted into that. It's like complaining that GMail "shares your private email" with Apple Mail if you use Apple Mail as your mail client.
The web was rampant with these patterns in the early 2010s when OAuth didn't exist, and HTTPS the exception rather than the rule.
The most egregious example was probably LinkedIn's GMail "integration," ostensibly used to invite your GMail contacts to LinkedIn. Back then, that sort of thing felt innocuous. But the implementation was even worse. Due to lack of OAuth and MFA, you literally entered your GMail password into LinkedIn. Then LinkedIn logged into your GMail account where they could do anything. Even if they limited it to scraping your contacts, they still got every email address you'd ever sent or received an email to or from, over the lifetime of the account.
In any other context this would be called phishing. And by the way, this pattern still exists. For example, apps that force you to log into a third party site in their embedded WebView can read the entire DOM (including your password). ..
Yeah definitely. There are still some pretty bad patterns out there; for example, if you try to add an event from Facebook Events to your Google Calendar, instead of generating a normal ICS file or event link, they... ask for read/write access to your entire Google Calendar account. No thanks!
Similar to apps that ask for access to your entire Contacts list to "find your existing friends"... You can bet they're uploading that entire thing to their servers and trying to growth hack with it.
Would be nice if APIs offered more granular permissions. Almost every one of these is global read/write so it’s impossible to distinguish between good and bad actors.
If I give Apple Mail my credentials for my GMail account, I would expect Apple Mail to be able to access my email in my GMail account. Switching the word "email" to "DM" doesn't feel like a meaningful difference: if I'm using a third-party client to access and send messages, of course the third-party has access to my messages. Would I expect Tweetbot to be unable to access any tweets other than the ones sent from Tweetbot? That's... not a very useful third-party client. These were third-party Messenger clients; they had access to your Messenger DMs if you opted into using them.
it’s disingenuous to think that users read and fully understand the various permission scopes of a service. “private” has an unambiguous meaning—playing the “well, technically” card falls pretty flat imo.
If Thunderbird had a hosted web version, yes. Are you arguing that data portability and interoperability should never be possible if the receiving app is an online service?
Of course Thunderbird could send an automatic update that starts shipping your emails to Thunderbird's servers. You dont expect that, but only because you trust them.
unless I’m wrong thunderbird software has complete access to all your emails when you give thunderbird your email details. Of course, that does not imply that a specific thunderbird employee can read your emails, it is probably encrypted on that end but if they pull a switcheroo and download all your emails into an AWS instance, yes that might be possible (and probably wildly illegal too)
