The article has many valid points, but the Topsy example is simply poor execution on their part to request so many extended permissions as part of the initial login authorization dialog.
Any Facebook authorization dialog that asks for all of those permissions in the Topsy example is doing it wrong. It is not like you need to ask for all of those permissions up front. Offline access and publish stream is a very dangerous combination and should only be requested when a user is turning on a feature within the app that requires them. Let the user in with the bare minimum of permissions (user_about_me), build their trust, and then only ask for more permissions as and when they are needed.
Plus when you cancel out of the Facebook authorization dialog on Topsy, you get a 500 error response. Topsy fail on multiple levels.
Any Facebook authorization dialog that asks for all of those permissions in the Topsy example is doing it wrong. It is not like you need to ask for all of those permissions up front. Offline access and publish stream is a very dangerous combination and should only be requested when a user is turning on a feature within the app that requires them. Let the user in with the bare minimum of permissions (user_about_me), build their trust, and then only ask for more permissions as and when they are needed.
Plus when you cancel out of the Facebook authorization dialog on Topsy, you get a 500 error response. Topsy fail on multiple levels.