The landing page: ‘Which Classic Pokemon Are You?’

The landing page.

This is verbatim. I assume it looks slightly better on most smartphones, but on a desktop computer it’s just horrible. Perfect for the inaugural post of this blog!


Clicking on ‘START’ takes me directly to the Twitter app authorisation:

‘Twitter / Authorise an application’. Note that to tweet in your name, the app really does need all those permissions — at least as of early 2014. It would be helpful if Twitter allowed developers to request only what they need.

Under normal circumstances, this website shouldn’t need permissions at all: It could just generate a tweet URL, let you click that, and maybe use Twitter cards to show a nice summary in case a simple image URL doesn’t work (but to be fair, this most likely would increase the server bandwidth).

I linked an archive of the previous page from that image’s caption. It most definitely is not pokemon.com.


The immediate effect of the app is as follows: It tweets and then redirects to Twitter (not the tweet itself).

Shady Apps: ‘I’m a Magmar. […]’

The link redirects back to the landing page, at least as of now. Note that the site uses a few different URL shorteners (and don’t click those links, please).


So far so harmless. Let’s see where this goes!