App Permissions
When an app asks to access your Ditto account, you see a consent screen that lays out exactly what it wants. Nothing is granted until you approve, and you can approve only part of what is requested.
You see this consent screen live whenever an app requests access (at /apps/consent/...).
The Consent Screen
The consent screen, titled Authorize app access, shows the app’s name and (when provided) the email of whoever requested access. Each permission is listed with a plain-language label and a short description. You check the ones you want and click Approve, or Decline the whole request. The server re-checks your selection, so you only ever grant the subset you actually chose.
Two Kinds of Memory
Ditto separates your memory into two spaces:
- Main memory — your personal, private knowledge graph. This is the memory you build through normal use of Ditto. Access to it is sensitive and always opt-in.
- App memory — an isolated, per-app sandbox. Every app gets its own app memory for you automatically; it is the app’s own space and is never shared with other apps. An app accepting your invite does not get your main memory.
Granular Memory Scopes
Memory permissions follow the pattern memories:<action>:<target>. There are five actions and two targets.
The five actions:
| Action | What it allows | Sensitivity |
|---|---|---|
| read | Read existing memories | Lower |
| create | Save new memories (cannot change or remove existing ones) | Lower |
| update | Modify your existing memories | Higher |
| delete | Remove your memories | Higher |
| archive | Archive your memories | Higher |
read and create are the lower-sensitivity actions: an app can read what is there and add to it, but cannot rewrite or remove anything. update, delete, and archive each change or take away existing data, so they are higher-sensitivity and granted individually.
Main-memory scopes (sensitive)
- Read your main memory
- Save new memories to your main memory
- Update your existing main memories
- Delete your main memories
- Archive your main memories
Main-memory permissions are highlighted with a warning and are never pre-checked. Approving any of them grants access to your private main memory, so only opt in for apps you trust.
App-memory scopes (the app’s sandbox)
- Read its own app memory
- Save new memories to its app memory
- Update its app memories
- Delete its app memories
- Archive its app memories
These act only on the app’s own isolated memory, not your main memory or any other app’s.
Other Scopes
Apps can also request:
- Read the memory graphs you’ve subscribed to — include the public and friend-shared graphs you subscribe to in the app’s reads. See Knowledge Graph Sharing.
- Read your name
- Read your username (@handle)
Approving Less Than Requested
You are never forced to grant everything. Uncheck anything you would rather not share before approving. An app that wants main-memory access but only gets app-memory access still works inside its own sandbox; it simply will not see your personal memory.
Related
- Building Apps on Ditto — how developers request these scopes
- Connected Apps — connecting apps as a user
- Cross-App Data Sharing — letting one app read another’s data
- Knowledge Graph Sharing — sharing and subscribing to graphs