The Article goes on to note:
since Gmail added OAuth support in March 2010, an increasing number of startups are asking for a perpetual, silent window into your inbox.
I’m concerned OAuth, while hugely convenient for both developers and users, may be paving the way for an inevitable privacy meltdown.....
If you’ve ever granted permission for a service to use your Twitter, Facebook, or Google account, you’ve used OAuth.
This was a radical improvement. It’s easier for users, taking a couple of clicks to authorize accounts, and passwords are never sent insecurely or stored by services who shouldn’t have them. And developers never have to worry about storing or transmitting private passwords.
But this convenience creates a new risk. It’s training people not to care.
It’s so simple and pervasive that even savvy users have no issue letting dozens of new services access their various accounts.....
Clearly, we’re not going to stop using awesome new utilities just because there’s a privacy risk. But there are best practices you can follow to stay safe.
- Clean up your app permissions. The best thing you could do, right now, is to log into each service you care about and revoke access to the apps you no longer use or care about, especially those that have access to Gmail. Finding the permissions pages can be tricky, but the nice folks at MyPermissions.org made a handy dashboard linking to every one.
- When in doubt, change your password. Have a feeling that someone might be reading your mail, but not sure which app is to blame? Changing your password instantly invalidates all your Google and Facebook OAuth tokens, though Twitter tokens persist after password changes.
For more on how OAth works: