Andy Baio writing about the dangers of authorising apps to look in your Gmail. I am pretty careful about this stuff and I don't really *use* my gmail (it's a dump address that I've got more or less just so I can access Google's other services), and I *still* had a bunch of apps authorised to use it that I looked at and had only the haziest recollection of ever authorising, so I've cleared them out. The odds are that none of them are malicious, of course, but it's only going to take one service to get bought out by someone less ethical than it's founders for things to start going wrong. It's not just gmail, of course – we're all getting very used to authorising one website to see what we're doing on another one, and is should be part of anyone's personal security practice to review which websites can see what where on a semi-regular basis, just like you should all be changing your passwords regularly, and using a password manager. You are all doing that, aren't you?

I likned to this only a couple of weeks ago, but it's very useful in light of the above, so I'm re-linking it. A list of popular web apps, with links that will let you manage what other web apps have permissions to use them, so that you can easily make sure that nothing has permissions it shouldn't.