undefined | Better HN

0 pointsAnotherGoodName2y ago0 comments

Google docs literally has the exact same feature and we're not even talking about it. Using the exact same OAuth framework as here you can grant Netflix and Spotify the right to read everything and all comments in your Google Docs. You can even grant them the right to read all your emails in Gmail!

In all seriousness i believe anyone providing oauth should just shut it down at this point, Cambridge Analytica was entirely users granting a third party oauth access to read their friends lists with an explicit permission dialog and all and it was a scandal that led to massive fines. The world decided that oauth access is not ok even with the dialogs prompting to allow third party access and at this point we as developers should listen and take it away. Google currently flys under the radar with the exact same access that led to cambridge analytica but they should probably just shut it down unless they want to run the risk of similar court cases.

0 comments

tety2y ago

In order to write something that reads user emails in Google APIs you have to go through multiple levels of hell, so I don't think that's a fair comparison

AnotherGoodNameOP2y ago

It seems you have to do that here too though. In the end you have to deal with the headline the media can write about it.

If Netflix and Spotify went through the vetting process for the purposes of enabling an in-app email client the media could write pretty much the same headline.

tety2y ago

Google has strict licensing for what you can do with such data (almost nothing) and you have to go through an extreme vetting process

However, this won't generate the same headline because any company can go through it, and it isn't some API sold for some special privileged company. Also the user knows it is sharing their mails (not sure if that's the case with facebook)

AnotherGoodNameOP2y ago

From the above post the Titan API seems to be an oauth API that's extremely vetted, hence the special name and why only spotify and netflix has access.

j / k navigate · click thread line to collapse

0 comments

tety2y ago

In order to write something that reads user emails in Google APIs you have to go through multiple levels of hell, so I don't think that's a fair comparison

AnotherGoodNameOP2y ago

It seems you have to do that here too though. In the end you have to deal with the headline the media can write about it.

If Netflix and Spotify went through the vetting process for the purposes of enabling an in-app email client the media could write pretty much the same headline.

tety2y ago

Google has strict licensing for what you can do with such data (almost nothing) and you have to go through an extreme vetting process

AnotherGoodNameOP2y ago

From the above post the Titan API seems to be an oauth API that's extremely vetted, hence the special name and why only spotify and netflix has access.

j / k navigate · click thread line to collapse