Ben Ward

Tumblr 109184251

.

Image

Twitter - An application would like to connect to your account (via factoryjoe)

Why on earth would I want universalmusic.com (I was signing in to Eminem.com) to be able to update my information on Twitter?!

I’ve seen and overheard comment that offering granular controls in authorization UI is scary for users, or confusing, or all sorts of negative. None of those comments have ever come with citations, as far as I’m aware.

From working on Fire Eagle, I’m an advocate for granular control. Pick sensible defaults, and allow users disable optional parts if they desire. It seems even more important in the case of Twitter, where the impact of abuse is higher.

Take Flickr: If an application asks for read/write access to my photos, that includes private photos and deletion rights. I can’t disable that. I can’t just say ‘this app only accesses public content’.

Starting out with over-simple authorization UI, where permissions are all-or-nothing, is wrong. Start with a balance of control and ease of use. No-one has convinced me that we need to make these dialogs stupid from inception. Dumbing down comes in response to feedback; we should not presume our user’s are going to jump fearfully when faced with information.

As it stands, I think user’s are going to start clicking ‘Allow’ on Twitter just as easily as they click ‘OK’ in Windows. If they’re not empowered to change the detail in that first paragraph, they will just ignore it. Via: flickr.com.

You can file issues or provide corrections: View Source on Github. Contributor credits.