A few months back, I signed a petition online. The kind of petition you know
won't actually do anything, but makes you feel good for
Yes, it was a spur of the moment thing.
As one had to log in to sign the petition, and I didn't feel like creating yet another account, just for a petition, I used their “sign in using your Twitter account” feature.
You can imagine how surprised (and unimpressed) I was when, a short while later, I found out I had posted a new message to Twitter via petitionspot.com.
Yup, although I didn't give petitionspot.com any authorisation to post using my Twitter credentials, and only used these credential as a form of authentication , apparently they thought it was fine and went right away with using my account for shameless self-promotion.
And they also created an account on their platform, without warning.
 Authentication against what anyway? Is petition fraud such a widespread problem we need to authentify?