A few months back, I signed a petition online. The kind of petition you know won't actually do anything, but makes you feel good for signing it.
Yes, it was a spur of the moment thing.

As one had to log in to sign the petition, and I didn't feel like creating yet another account, just for a petition, I used their “sign in using your Twitter account” feature.

You can imagine how surprised (and unimpressed) I was when, a short while later, I found out I had posted a new message to Twitter via petitionspot.com.

Yup, although I didn't give petitionspot.com any authorisation to post using my Twitter credentials, and only used these credential as a form of authentication [1], apparently they thought it was fine and went right away with using my account for shameless self-promotion.

And they also created an account on their platform, without warning.


[1] Authentication against what anyway? Is petition fraud such a widespread problem we need to authentify?