Imagine the scenario. You’re trying out some cool new Twitter app. It asks you to sign in via OAuth as per usual. You look through the permissions – phew – it doesn’t want to access your Direct Messages.

https://shkspr.mobi/blog/2018/12/twitter-bug-bounty/