[twitter-dev] Re: OAuth and impact on Twitter userbase / volume and freedom of speech
Nearly all the users on my dabr install are Chinese and have found it via word of mouth. Once BasicAuth is turned off I plan to close the page down. I was considering a man-in-the-middle OAuth dance, in which anyone who trusted me gave me their username and password. I did the dance and gave them the keys, which they could then copy and paste in to the site. But, I don't speak Chinese, couldn't be bothered to put the few lines of code in which would allow them to enter keys, and didn't want the responsibility of suddenly having the whole of Chine asking me to do the same for them so that they too could also have access. Ryan On Aug 19, 12:01 pm, Ken k...@cimas.ch wrote: Tom, Been meaning to get back to you on that. I have followers in China and follow some Chinese accounts as well. I don't think they are using any special technique - via web, facebook, twitter for iphone, hootsuite... Blockages are occasional, partial, not very effective... On Aug 14, 6:20 pm, Tom van der Woerdt i...@tvdw.eu wrote: Simple answer: because people in china can't even get to twitter.com *once*. Tom
[twitter-dev] Re: OAuth and impact on Twitter userbase / volume and freedom of speech
If they can't get to Twitter even once, then the point of the original argument is lost as they need to set up a Twitter account in the first place. Perhaps the OP should obtain permission from Twitter to create accounts for persons affected by censorship and then facilitate their access through his app. On Aug 14, 6:20 pm, Tom van der Woerdt i...@tvdw.eu wrote: Simple answer: because people in china can't even get to twitter.com *once*. Tom On 8/14/10 4:37 PM, Ken wrote: Why is this an issue? A few months ago, someone from Twitter I believe suggested a pattern such as this: User starts to create an account on your site To enable the Twitter integration, you send them to Twitter.com *once* where they allow your app. You store their token and log the user in to your site with a temporary password you generate, that they can change. You might collect their email address this way. From then on, they never have to go to Twitter.com. They can interact with Twitter via your app, using your website, email, sms, etc. Of course, with the massive use of your site that you claim, it won't be long before your site is listed by Websense and the various evil governments mentioned above. On Aug 14, 1:04 am, TheGuru jsort...@gmail.com wrote: Is there no one from Twitter proper who has a position regarding this? On Aug 13, 2:12 pm, TheGuru jsort...@gmail.com wrote: Add that to the list of even more reasons why this is an issue. However, even stating oh well, tell them to use their cell phones, obviously isn't a solution of any degree. Smart Phone penetration in the US, for example, is still less than 20%... On Aug 13, 9:43 am, earth2marsh ma...@earth2marsh.com wrote: At least people at work have the potential to use phones to access Twitter I'm worried about users like those in China behind The Great Firewall. Currently, they can interact with Twitter by using proxies and http basic auth. But OAuth requires access to twitter.com (or some sort of mediation). xAuth could be a solution, but there is already a shortage of clients that support alternate endpoints, and some of those use OAuth instead of xAuth (or neither). When basic auth is shut off, who knows how many Chinese voices will fall silent or in North Korea. Or in Iran. Or in ? I'm interested in hearing what others think about this. Marsh On Aug 12, 10:31 pm, TheGuru jsort...@gmail.com wrote: I'm curious to post this question to see if Twitter has fully thought out the impact of forcing OAuth onto their API applications. While it may appear to be a more secure method preferred in principle by users, the fact of the matter is that one of the main benefits of the API, is the ability for third party twitter alternatives to be created, thus allowing people to tweet during business hours, when they normally could not due to firewall / web sense restrictions, etc, that prevent them from accessing the twitter.com domain. Via basic authentication, users would never have to visit twitter.com to login and gain access to twitter functionality via api clients. By shutting this down, you are now forcing ALL potential users to login via twitter.com, many of which do not have access to this domain in their workplace environment, thus excluding them from easily using your service wholesale. This can / will, I suspect, have significant impact on twitter usage / volume, unless I am missing something and there is an alternative the does not require them to directly access the twitter.com domain to grant access.
[twitter-dev] Re: OAuth and impact on Twitter userbase / volume and freedom of speech
You're failing to see the point. In the past, with basic auth, there was no need to create any sort of account from the third party app side. No need for a database, local accounts, nothing. A user could login as this wish, without issue, regardless as to whether or not they need to access the Twitter.com domain, ever. Removing this login method changes the entire flow, adds requirements for third party apps to now maintain their own, potentially, local database user accounts, etc, and still requires the user to access, even once, twitter.com. It just doesn't flow to say, hey, when you're home, do this, then come back later. Sure it may work, it's just not eloquent, and has a negative impact on any existing userbase. BTW, for your reference, yes, we have already been web sensed in many cases anyway for many users at their location. Of course, just so my claim rings true with you, please reference the following link, and I'll let you figure out which application applies: http://www.google.com/ig/directory?q=twitter (Note: that's installed userbase for iGoogle only, doesn't count gmail, standalone, wave, etc, that'd take it closer to 1,000,000). On Aug 14, 9:37 am, Ken k...@cimas.ch wrote: Why is this an issue? A few months ago, someone from Twitter I believe suggested a pattern such as this: User starts to create an account on your site To enable the Twitter integration, you send them to Twitter.com *once* where they allow your app. You store their token and log the user in to your site with a temporary password you generate, that they can change. You might collect their email address this way. From then on, they never have to go to Twitter.com. They can interact with Twitter via your app, using your website, email, sms, etc. Of course, with the massive use of your site that you claim, it won't be long before your site is listed by Websense and the various evil governments mentioned above. On Aug 14, 1:04 am, TheGuru jsort...@gmail.com wrote: Is there no one from Twitter proper who has a position regarding this? On Aug 13, 2:12 pm, TheGuru jsort...@gmail.com wrote: Add that to the list of even more reasons why this is an issue. However, even stating oh well, tell them to use their cell phones, obviously isn't a solution of any degree. Smart Phone penetration in the US, for example, is still less than 20%... On Aug 13, 9:43 am, earth2marsh ma...@earth2marsh.com wrote: At least people at work have the potential to use phones to access Twitter… I'm worried about users like those in China behind The Great Firewall. Currently, they can interact with Twitter by using proxies and http basic auth. But OAuth requires access to twitter.com (or some sort of mediation). xAuth could be a solution, but there is already a shortage of clients that support alternate endpoints, and some of those use OAuth instead of xAuth (or neither). When basic auth is shut off, who knows how many Chinese voices will fall silent… or in North Korea. Or in Iran. Or in …? I'm interested in hearing what others think about this. Marsh On Aug 12, 10:31 pm, TheGuru jsort...@gmail.com wrote: I'm curious to post this question to see if Twitter has fully thought out the impact of forcing OAuth onto their API applications. While it may appear to be a more secure method preferred in principle by users, the fact of the matter is that one of the main benefits of the API, is the ability for third party twitter alternatives to be created, thus allowing people to tweet during business hours, when they normally could not due to firewall / web sense restrictions, etc, that prevent them from accessing the twitter.com domain. Via basic authentication, users would never have to visit twitter.com to login and gain access to twitter functionality via api clients. By shutting this down, you are now forcing ALL potential users to login via twitter.com, many of which do not have access to this domain in their workplace environment, thus excluding them from easily using your service wholesale. This can / will, I suspect, have significant impact on twitter usage / volume, unless I am missing something and there is an alternative the does not require them to directly access the twitter.com domain to grant access.
[twitter-dev] Re: OAuth and impact on Twitter userbase / volume and freedom of speech
At least people at work have the potential to use phones to access Twitter… I'm worried about users like those in China behind The Great Firewall. Currently, they can interact with Twitter by using proxies and http basic auth. But OAuth requires access to twitter.com (or some sort of mediation). xAuth could be a solution, but there is already a shortage of clients that support alternate endpoints, and some of those use OAuth instead of xAuth (or neither). When basic auth is shut off, who knows how many Chinese voices will fall silent… or in North Korea. Or in Iran. Or in …? I'm interested in hearing what others think about this. Marsh On Aug 12, 10:31 pm, TheGuru jsort...@gmail.com wrote: I'm curious to post this question to see if Twitter has fully thought out the impact of forcing OAuth onto their API applications. While it may appear to be a more secure method preferred in principle by users, the fact of the matter is that one of the main benefits of the API, is the ability for third party twitter alternatives to be created, thus allowing people to tweet during business hours, when they normally could not due to firewall / web sense restrictions, etc, that prevent them from accessing the twitter.com domain. Via basic authentication, users would never have to visit twitter.com to login and gain access to twitter functionality via api clients. By shutting this down, you are now forcing ALL potential users to login via twitter.com, many of which do not have access to this domain in their workplace environment, thus excluding them from easily using your service wholesale. This can / will, I suspect, have significant impact on twitter usage / volume, unless I am missing something and there is an alternative the does not require them to directly access the twitter.com domain to grant access.
Re: [twitter-dev] Re: OAuth and impact on Twitter userbase / volume and freedom of speech
IHMO the discussion of international politics and social media should take place in a wider forum, such as Twitter itself, and not be limited to oAuth vs. basic authentication. ;-) There was a keynote speech at Open Source Bridge 2010 by Danny O'Brien about this - see http://opensourcebridge.org/sessions/478 and http://www.cpj.org/ to get started. -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos Quoting earth2marsh ma...@earth2marsh.com: At least people at work have the potential to use phones to access Twitter… I'm worried about users like those in China behind The Great Firewall. Currently, they can interact with Twitter by using proxies and http basic auth. But OAuth requires access to twitter.com (or some sort of mediation). xAuth could be a solution, but there is already a shortage of clients that support alternate endpoints, and some of those use OAuth instead of xAuth (or neither). When basic auth is shut off, who knows how many Chinese voices will fall silent… or in North Korea. Or in Iran. Or in …? I'm interested in hearing what others think about this. Marsh On Aug 12, 10:31 pm, TheGuru jsort...@gmail.com wrote: I'm curious to post this question to see if Twitter has fully thought out the impact of forcing OAuth onto their API applications. While it may appear to be a more secure method preferred in principle by users, the fact of the matter is that one of the main benefits of the API, is the ability for third party twitter alternatives to be created, thus allowing people to tweet during business hours, when they normally could not due to firewall / web sense restrictions, etc, that prevent them from accessing the twitter.com domain. Via basic authentication, users would never have to visit twitter.com to login and gain access to twitter functionality via api clients. By shutting this down, you are now forcing ALL potential users to login via twitter.com, many of which do not have access to this domain in their workplace environment, thus excluding them from easily using your service wholesale. This can / will, I suspect, have significant impact on twitter usage / volume, unless I am missing something and there is an alternative the does not require them to directly access the twitter.com domain to grant access.
[twitter-dev] Re: OAuth and impact on Twitter userbase / volume and freedom of speech
Add that to the list of even more reasons why this is an issue. However, even stating oh well, tell them to use their cell phones, obviously isn't a solution of any degree. Smart Phone penetration in the US, for example, is still less than 20%... On Aug 13, 9:43 am, earth2marsh ma...@earth2marsh.com wrote: At least people at work have the potential to use phones to access Twitter… I'm worried about users like those in China behind The Great Firewall. Currently, they can interact with Twitter by using proxies and http basic auth. But OAuth requires access to twitter.com (or some sort of mediation). xAuth could be a solution, but there is already a shortage of clients that support alternate endpoints, and some of those use OAuth instead of xAuth (or neither). When basic auth is shut off, who knows how many Chinese voices will fall silent… or in North Korea. Or in Iran. Or in …? I'm interested in hearing what others think about this. Marsh On Aug 12, 10:31 pm, TheGuru jsort...@gmail.com wrote: I'm curious to post this question to see if Twitter has fully thought out the impact of forcing OAuth onto their API applications. While it may appear to be a more secure method preferred in principle by users, the fact of the matter is that one of the main benefits of the API, is the ability for third party twitter alternatives to be created, thus allowing people to tweet during business hours, when they normally could not due to firewall / web sense restrictions, etc, that prevent them from accessing the twitter.com domain. Via basic authentication, users would never have to visit twitter.com to login and gain access to twitter functionality via api clients. By shutting this down, you are now forcing ALL potential users to login via twitter.com, many of which do not have access to this domain in their workplace environment, thus excluding them from easily using your service wholesale. This can / will, I suspect, have significant impact on twitter usage / volume, unless I am missing something and there is an alternative the does not require them to directly access the twitter.com domain to grant access.
