Hey HN! Thanks for checking this out! Sorry for the crazy permissions requirements, unfortunately I don't think there's any way around them. I also don't think there's anything I can do to assuage a highly skeptical person that I'm not a bad actor. But the code is here for anyone interested enough to look at it: https://github.com/willcosgrove/retweet-rip
The app also does not save the access tokens it gets back from twitter. They get thrown in a background job to be worked on, and once the job is done the access tokens are forgotten.
Unfortunately, permissions are only configurable on a read only or read/write basis. Since this app changes settings, it has to have the read/write permissions. I don't save access tokens, so it reauthorizes every time you click enable/disable. I just posted the code on github for anyone who's interested. Here is the link to the code that messes with your twitter account: https://github.com/willcosgrove/retweet-rip/blob/master/app/...
Twitter's API permission levels are really coarse grained [0]. I assume it needs write access in order to change the timeline, but some more detail from the author would be nice.
Someone posted this [1] during a similar discussion yesterday. It shows you what a world without retweets is like without requiring anything beyond the minimal permissions required to do so.
It should be possible for the permissions on the original to be very 'harmless' but, for some reason, the access requires 'can post tweets on your behalf'. That's a shame.
This is the most overdue feature of Twitter. Since ages.
I have no idea, why they do not offer a global show/hide retweets option. If you follow a couple of hundred accounts—like I do—having retweets enabled pretty much ruins your entire timeline.
The app also does not save the access tokens it gets back from twitter. They get thrown in a background job to be worked on, and once the job is done the access tokens are forgotten.