MyPermissions, a startup offering a suite of security protection and privacy tools, is today becoming the first service to offer live protection for users’ Twitter accounts. What that means is MyPermissions will now be able to alert you in real time as new Twitter applications access your personal information, tweets or direct messages or gain the ability to post tweets in your name.
The move to offer better protection for Twitter is an important milestone for this security-minded company, whose very creation was inspired by a Twitter hack. Explains CEO and co-founder Olivier Amar, around a year and a half ago, one of the founders had his Twitter account hacked, and his friends began clicking on the spam tweets that an app was posting on his behalf. Already frustrated and feeling violated, what was even worse was when he realized there was no way to revoke the permissions of the malicious app responsible for the spammy tweets from the Twitter mobile interface. And so, the idea for MyPermissions was born.
Today, the company offers a one-stop shop for managing your app permissions and settings via a trio of security products, including a cross-platform, cross-browser extension, as well as mobile applications for both iOS and Android. You can check to see which apps you have connected to your various online accounts, such as Facebook, Twitter, Google, Yahoo, Instagram, Foursquare, Flickr, Dropbox and more. Then, from one dashboard you can manage those permissions or revoke them entirely.
However, in terms of providing users with live updates and alerts, until today MyPermissions’ browser extension only supported Facebook — the other apps when clicked would just take you to the permissions web page where you could make your changes directly. But now, MyPermissions can offer the same real-time protection for Twitter, too.
Amar explains that this means the extension now handles the two services MyPermissions users access the most. “Facebook accounts for about 40 to 50 percent of what the users are checking regularly, and Twitter accounts for another 20 percent of the user base. That’s why we had Twitter second,” he says. Google, Instagram and others will follow.
To access the Twitter extension, new users just install the web browser extension and log into Twitter. They’ll then be presented with a list of apps that have access to their Twitter accounts. (MyPermissions, we should note, does not record your personal information on its own servers). On the list of apps provided, you can see not only what apps you have previously permitted, but what level of access they had asked for, including the ability to post on your behalf, access your private inbox, and more. In my own tests, I found that I had authorized a remarkable number of Twitter-enabled apps — 168! — many of which were so old I couldn’t even remember what they ever did.
The first time an app tries to access your Twitter information, you’ll be prompted whether or not you want to allow or deny that request. If you choose to allow, you won’t be bothered again, but if you deny, the app’s access is immediately revoked.
Though Twitter users are often more aware of when and where they’re providing Twitter apps with access to their accounts compared with Facebook, for example, they still often forget to go back and clean up an app’s access after they stop using it. Even when companies shut down and go out of business, they will still sit there in your Twitter profile with access to your data, says Amar.
In addition to offering users real-time protection and alerting for Facebook and now Twitter, MyPermissions also keeps users abreast of general security concerns or changes involving their apps, as well as trends they’re seeing across their own user base. For instance, if they see a lot of users revoking access to a particular app, they can look to see if the app is doing something malicious or has just gotten overly spammy. They can then send out an alert via email if it’s the latter, or even step in and revoke access on behalf of users if an app is known to be malware.
In other cases, such as with the major Twitter hack earlier this year, MyPermissions helped its user base understand what had happened in more detail, what steps they needed to take next and why. But most importantly, it aims to do all this in a way that’s easily understood by anyone, whether or not they’re technically inclined.
However, MyPermissions can’t protect users from all forms of spam and hacks. If someone targets you directly and attempts a brute-force password hack or uses social engineering techniques (like phishing, which many news orgs have fallen victim to this year) in order to trick you into giving up your personal information, your Twitter account could still become compromised.
Tel Aviv-based MyPermissions raised $1 million in seed funding earlier this year from lool Ventures, 500 Startups, 2B Angels, Plus Ventures and others.
Now live with both Facebook and Twitter alerting, MyPermissions will begin to roll out similar alerting features for the other services it currently supports. Longer term, the company plans to expand its offering to different types of users and services, again with the mindset of targeting the mainstream user in particular.