Lanyrd no longer requires write access to your Twitter account

We've made an important change to the way Lanyrd interacts with your Twitter account: we no longer require write access in order to use the site. Instead, we'll ask permission to upgrade to write access only when you do something on the site that needs it.

A relatively common question we get asked is "why does Lanyrd want permission to send Tweets and update my profile?!". The answer has always been that we don't — we want permission to follow accounts, but only when you click a "follow" button on Lanyrd. Since Twitter doesn't have finely grained permissions we've had to ask permission to do everything even though we have no intention of ever tweeting on your behalf.

Today we've changed the way we handle Twitter permissions. We now ask for read-only permission the first time you sign in, and only ask to upgrade to write access later on when you do something that needs it; for example following someone on Twitter from the our attendee directory.

A popover requesting additional permissions, displayed when a user attempts to follow or unfollow someone.

We know some people have held off signing in to Lanyrd because of our permissions policy. We heard you, and we're excited that we can now offer our service to a wider group of people. Please sign in to Lanyrd and let us know what you think!

Some background information

Ever since we launched Lanyrd back in August 2010, we've used Twitter for our sign-in process. We built Lanyrd on top of Twitter because it is already the social network of choice for most professional events, at least in the tech industry. Conference backchannels use Twitter hashtags, speakers include their Twitter account on their slides and organisers promote their conferences through event Twitter accounts.

Twitter provides two levels of application permissions: read-only, and read-and-write. Most of what Lanyrd does can be achieved using read access — we pull your Twitter profile information to kick-start your Lanyrd profile, and we pull the list of people you follow so we can show you your suggested events.

Unfortunately, some of our functionality also requires write permission. Since we show you events from people you are following, we need to provide "follow" buttons on both our profile pages and our attendee directories. Twitter's JavaScript follow button isn't appropriate for us for a few reasons: firstly, it requires JavaScript (almost all of Lanyrd's functionality works both with and without JavaScript turned on) and secondly, it doesn't perform well for pages like the attendee directory which show several profiles on one page. It is also not easy to style.

Ideally we would only ask for the exact permissions that we need, but Twitter don't give us that option — it's everything or read-only.

Our new implementation offers us the best of both worlds. We don't have to ask for write permission when users first sign in, but we can request that additional permissions the first time someone attempts to follow another user.

What if you already have a Lanyrd account?

Next time you sign in to Lanyrd, you'll be asked to give us read-only access to your Twitter account. Agree to this once and future attempts to sign in will happen instantly, without Twitter asking the question again.

If you've already signed up for Lanyrd, we also currently have a write token for your Twitter account. Hopefully we've assured you that we'll never do anything surprising with this, but we completely understand if you want to reduce our permissions down to read-only. You can do this by revoking access to the Lanyrd (full access) application in your Twitter application settings.

We hope you like this new approach we have taken; we are really pleased to be able to offer these reduced permissions for login. As always we would love to hear what you think, either in the comments below or by email to support@lanyrd.com.

Morgan Roderick commented…

What a great improvement! I hope this means even more people will use Lanyrd for our monthly meetings.

Commented at 10:37am on 20th June 2012

Gemma Hentsch commented…

Awesomesauce, I did know of several people who'd rejected Lanyrd because of this, so hopefully they'll get onboard now :)

Commented at 10:42am on 20th June 2012

Dan Voell commented…

Thanks for the update. I've run into that problem before. Facebook and Twitter need to update their language or more fine tune the API. People get really revved up about that phrase "XYZ can post on your behalf". 99.9% of companies have no intention of posting on your behalf (without permission) even though they need that particular authentication. Good Luck with the change.

Commented at 12:44pm on 20th June 2012

Sergey Chernyshev commented…

Would love to see the statistics from this change! Promoting incremental registration is hard, glad to see you guys are doing the right thing!

Commented at 1:49pm on 20th June 2012

Joseph Scott commented…

Excellent move. I've stopped allowing sites read-write access to my Twitter account just to do authentication. No point in having to trust sites not to spam my account if I can just prevent that possibility in the first place.

Commented at 5:20pm on 20th June 2012

You need to sign in to comment on this entry

When

Time 11:32am

Date 20th June 2012

Share

Stay in the loop

Subscribe to our blog

Stay in the moment

Follow us on Twitter