This post covers two simple things you can do to safeguard your accounts and privacy, and even save yourself some time in the process. The first is how to check which parties have authorized access to your social and email accounts, and how to revoke those you don’t need (you may be surprised by the sheer volume of these). The second is how to use disposable email addresses to avoid newsletter spam and unnecessary account enrollments.
Checking 3rd Party Permissions
If you’ve ever used one account to sign into another service (using OAuth) or tethered an app to a social media account, you’ve authorized a 3rd party to access one of your email or social media accounts. This potentially allows them to harvest personal data and make posts as though they were you (to advertise or otherwise maliciously exploit the trust of your contacts). Third party authorizations can happen in other ways, too, so you might not even be aware of who you’ve let in. There may be good reason to authorize an app or service (giving TweetDeck access to your Twitter account, for instance), however, if you discover unnecessary authorizations or parties you don’t recognize, you should revoke their permissions posthaste.
Unfortunately, not all services make it easy or intuitive to check on 3rd party permissions, and every site manages them in a slightly different way. Thankfully, there is an easy way to check and manage these across most major platforms: MyPermissions.
MyPermissions keeps up-to-date links to the permissions management pages of popular email and social media sites, so you can get to each with a single click (you will have to sign into your account if you haven’t already; and no, this does not grant MyPermissions 3rd party authorization to your accounts). Currently, the provide one-click navigation for: Facebook, Twitter, Google, Yahoo!, LinkedIn, Dropbox, Instagram, FourSquare, WindowsLive, AOL, and Flickr. Once you’re in, you can look at all the apps/services with authorized access to each account and easily revoke those you no longer need/want/recognize.
Incidentally, if you followed the advice in last week’s post regarding the use of a password manager, you shouldn’t ever need to rely on OAuth again.
Bonus: here’s the direct link to manage your Evernote permissions.
Avoid Unnecessary Accounts and Spam with Disposable Email
Another super simple way you can reduce online account vulnerabilities is by just avoiding signing up for them unless you absolutely have to. There are lots of times you just want to download a file, post a comment, or read an article without having to create an account and provide your email address, opening your inbox to a flood of unwanted advertisements and newsletters. For occasions like these, I use disposable email addresses (and if any further personal information is required, I make stuff up). The process is simple:
- Open a new browser tab and go to a disposable email site like Guerrilla Mail
- Copy the address that was just generated for you (in this case, firstname.lastname@example.org)
- Keep that tab open, and paste the temporary email address into the site asking for your credentials
- If the site requires email verification, the link will show up in inbox on your Guerrilla Mail tab
- Congratulations! You now know an easy way to dodge a deluge of junk mail while preserving the sanctity of your online identity.
Previous installments in this series:
- Locking Down Online Accounts – Part One, two-factor verification
- Locking Down Online Accounts – Part Two, using the KeePass password manager