WSJ Social: When news apps want to steal your face

I read about WSJ Social, the newspaper’s experiment at providing a socially driven version of itself entirely inside Facebook, and thought, hey, I should check it out. So I Googled “WSJ Social” and clicked on Since my browser was already logged in to Facebook, I was immediately confronted with a Facebook permissions screen. I captured it above for posterity.

Here is the problem: All I want to do is see what WSJ is up to. I might or might not actually want to use the product. But before I can proceed, here is what I’m asked to approve:

(1) “Access my basic information — Includes name, profile picture, gender, networks, user ID, list of friends, and any other information I’ve made public.” Well, this stuff is public already, right? I think I can live with this.

(2) “Send me email — may email me directly…” Hmm. I’m not eager to add to my load of commercial email and there’s no indication of the volume involved. But I’m not hugely protective of my email address — you know, there it is in the image above — so I guess this isn’t a dealbreaker.

(3) “Post to Facebook as me — may post status messages, notes, photos, and videos on my behalf.”

Excuse me? You want to do what?

Forget it, NewsCorp. Ain’t happening.

Now, I fully understand that the app may be up to nothing terribly nasty — some or most of what it wants to do may be routine back-end stuff. But it doesn’t provide me with any confidence-building information. Tell me, WSJ Social: How often are you going to post under my account? And what kinds of messages are you going to send? How will I know you’re not going to spam my friends? How do I know the WSJ’s rabid editorial-page id won’t start posting paeans to Sarah Palin under my name?

Facebook permissions screens may have become as widely ignored as Terms of Service checkboxes and SSL certificate warnings. But the notion of the Journal (or anyone else) insisting on its right to “Post to Facebook as me” before it will even let me examine its news product is simply ridiculous.

UPDATE: On Twitter, WSJ’s Alan Murray responds: “Not going to happen. Standard permissions in order to allow WSJ Social to share stories you ‘like’ with your friends.”

Post Revisions:

Get Scott’s weekly Wordyard email


  1. Wow. #3 is just… wow. I use Facebook just about every day, but I’ve made it a thing not to use apps. (With the exception of the Twitter app that reposts my Tweets there, so that the people who follow me in both places can enjoy seeing everything twice.) I primarily browse with Chrome where I’m not logged into FB, and use Firefox mostly for Facebook. Your post reinforces my desire to limit FB infiltration.

  2. “Forget it, NewsCorp. Ain’t happening.”

    When a copyeditor says “ain’t” you know it’s serious!

    “Facebook permissions screens may have become as widely ignored as Terms of Service checkboxes and SSL certificate warnings.”


  3. Facebook doesn’t seem to realize that adding just a few more lines of text assuring their users that applications do ask permission before posting activity, and you can keep all activity amongst your friends, would go a long way to encourage participation by cautious adults. (I blame Facebook here, rather than the developers, because the permissions notices are always the same; there seems to be no personalization.)

  4. Scott’s app posting tweets to Facebook uses the same level of permission. These apps usually post what you *want* them to post. They’ve been doing it for a long time now. Have you not noticed before? They do not want to piss you off so they will not do anything outrageous. There’s no profit in that.

  5. Scott Rosenberg

    Thanks for that, Cindy. I know this isn’t a “new” thing. But for an app that’s importing my tweets, when it tells me it needs the right to post, I understand why. If it’s gonna post my tweets, I have to let it post my tweets.

    But I just want to read the WSJ’s news. When I go to the WSJ website they don’t ask to post anything under my name. It feels weird and off-putting to be asked that question when all I want to do is read some content. I accept Alan Murray’s explanation. I just think it needs to be on that permissions screen. And if Facebook doesn’t let them do so, it should.

  6. Joe

    I noticed that WSJ Social asks for email, publish wall permission, and offline data access but the Washington Post’s Social Reader does not. Better option?

  7. Michele

    I have a “no FB apps” policy. I use FB to share pics with distant family and friends and that is it. My security settings are almost all “custom”, and I recheck them after every FB update. I also know that life existed before FB, and it can exist without FB if it needs to. Perhaps I am missing out on some of the interactivity that could come from web 3.0/semantic web, but I would rather not go there.

  8. MatsSvensson

    Always do this:

    0. DON’T click ok.

    1. report the app to facebook.

    2. Go to the apps page and give it one star, and a really bad review.
    make sure everyone knows they are potential spammers/hackers.

    3. Post on the company/app’s wall just what you think about the scumbags that they are.
    (if you have to “like” them to to post, don’t forget to unlike after you’re done.

  9. Folks, WSJ Social no longer requests the “Access my data any time” permission. I’d also like to clarify that all posting by the app is under your direct control (you must explicitly click “like”, “comment” or “post” for anything to appear on your wall); and that the email is used to tell you about the new features in the product.

    Frank, you ask for WSJ Social to explain how each of the permissions is used, but that isn’t possible in the “Request For Permissions” screen. It is standard for FB apps, and unfortunately cannot be augmented with details about the usage, or any other custom pieces of information for that matter.

    As the tech-lead on WSJ Social, it pains me deeply to see that this screen is what is preventing you from enjoying the app we’ve poured our hearts and souls into developing. I hope that you do get past that screen and give the app a try.

  10. Yuriy — thanks for posting that info. nd congratulations on launching WSJ Social.

    I fully understand that Facebook doesn’t let you modify the explanatory texts. (I’m sure they want to prevent bad actors from messing around with safeguards. It’s too bad they can’t make an exception for trusted partners.)

    I’ll try out the app again soon.

    I do think that when media organizations put too much of their relationship with their readers into Facebook’s hands they risk just this kind of misunderstanding….

  11. Just a few minutes ago, I was confronted with the same permission screen when all I wanted to do was make a comment on an article I found at That’s when I did a Google search and found this page.

    All I wanted to do was make a comment about a plugin for WordPress. Does anyone know if there is a way to grant permission, make a comment and then remove permission?

  12. Yuriy: It pains me to think that you don’t accept that people don’t want an app posting to their wall, even if it’s the august WSJ. I really hope you can get past your resistance and advocate for change with WSJ management.

    By the way, saying something is “standard” is a red flag. It’s a feeble way to try to get people to lower perfectly legitimate defenses. I can’t believe you and Alan Murray said that.

    Possible SAVING GRACE: FaceBook users can go into apps settings and turn off the post to my wall setting for apps individually.

  13. On FB, I only gave authorization for the portions of the app that were required. It even allowed me to remove authorization for …”may post status messages, notes, photos, and videos on my behalf” and “…may access my data when I’m not using the application”. But when I tried to use the app, it wouldn’t allow me to use it unless I allowed the aforementioned. So I’ve just decided no to use the app at all.

  14. Scott Rahner

    This article does not apply anymore with all the recent FB changes.

    1) Very few news apps ask for these permissions anymore (including WSJ Social)
    2) You can control each permission at the accept dialog and in your settings. You can even hide your email from them. Also within each app and in your settings you can control permissions for individual articles.
    3) When discussing standard permissions above, there are certain FB permissions that an application gets just by being an application on FB.

  15. thanks for this info, i am now confronting with such an application, and i refused it on the spot. i think you can always change the settings (if you really want), go and unlike the app / page etc.

  16. Gene Paul

    Just to log in order to make a snarky comment about a PhD in media something or whether overwhelmed by pop-ups. Seriously? She didn’t know how to turn on the pop-up blocker or, in most cases, turn it off as it is on by default? Anyway, I have this Facebook account with a fake name and fake picture so I can look at the pictures on my friends Facebook accounts. They complain about all give and no take… . In any event, to login with FB, I had to let her be able to use my Facebook account to make comments, post pictures, etc. in my name, as far as I could tell, anyone on Facebook. I was like – WTF? Anyway, I’ll see anything benign about it. Also, I have never used Facebook to like anything, lick anyone’s lollipop, by fake diamonds with real money to play an online game (conclusion: for mere $499, anyone can be a big shot in the game), etc.

  17. If, “allow WSJ Social to share stories you ‘like’ with your friends.” is what the app wants to do (which is a perfectly reasonable expectation), then that’s the specific permission it should request. This isn’t even really so much NewsCorp’s fault as Facebook’s. They surface vague datatypes to the user instead of actions, that are specific. And worse, this is an all or nothing proposition. It would be great to give users a line-item veto at the beginning and then when they ‘like’ something, ask if it can be shared if the app wasn’t given permission. Ultimately Facebook will fight this tooth and nail, because users will be more conservative, and growth would be slower. This is why legislation happens. To secure the rights of the populace. People aren’t screaming loudly enough yet, and they really don’t know what their options are. (and Facebook isn’t going to tell them)


Post a comment