alt Hacker NewsHi! We're doing that to allow you to update your profile from within the app. Not doing anything else besides that. If you have concerns, take a look at the source code: https://github.com/colibri-social/colibri.social
Replies
verdverm • today at 12:42 AM
If that's all you are doing, then narrow the permission set for oauth. No need to have access to posts if you aren't touching them.
Very interesting project.
From a product uptake perspective, I could suggest that since a user is still building trust when they begin use - to only require as few permissions as needed. I'd punt that profile update requirement out personally for another method later.
An example might be when a user has used your app for N sessions, or after N months.