[twitter-dev] Update on Twifficiency
Hi all, Over the past 24 hours, we've received some questions about the Twifficiency app, so we thought we'd use this as an opportunity to quickly share some information around our Developer Principles. For background, the Twifficiency app computes a Twifficiency score based on different aspects of your Twitter account and posts the score as a Tweet. While the developer included a disclaimer that these Tweets would be posted to Twitter, user feedback indicated that the text was too far down on the page to be noticed before proceeding. As a result, many users were surprised that their scores were being tweeted automatically. Which brings us to our Developer Principles, one of which is Don't surprise users. Specifically, we require developers to get users' permission before sending Tweets or other messages on their behalf. Allowing an application to access your account does not constitute consent for actions to automatically be taken on your behalf. Twifficiency violated this principle, so we suspended the app yesterday afternoon while we worked with the developer to make sure users were better informed about the application's actions and could control whether or not a Tweet would be posted. With these changes --which include a more prominent warning and a checkbox on the main page-- the application has been re-enabled. Our developer principles can be found in our API Terms of Service: http://dev.twitter.com/pages/api_terms Brian Sutorius API Policy
Re: [twitter-dev] Update on Twifficiency
On behalf of the Internet. Thank you. ~e On Wed, Aug 18, 2010 at 3:45 PM, Brian Sutorius bsutor...@twitter.comwrote: Hi all, Over the past 24 hours, we've received some questions about the Twifficiency app, so we thought we'd use this as an opportunity to quickly share some information around our Developer Principles. For background, the Twifficiency app computes a Twifficiency score based on different aspects of your Twitter account and posts the score as a Tweet. While the developer included a disclaimer that these Tweets would be posted to Twitter, user feedback indicated that the text was too far down on the page to be noticed before proceeding. As a result, many users were surprised that their scores were being tweeted automatically. Which brings us to our Developer Principles, one of which is Don't surprise users. Specifically, we require developers to get users' permission before sending Tweets or other messages on their behalf. Allowing an application to access your account does not constitute consent for actions to automatically be taken on your behalf. Twifficiency violated this principle, so we suspended the app yesterday afternoon while we worked with the developer to make sure users were better informed about the application's actions and could control whether or not a Tweet would be posted. With these changes --which include a more prominent warning and a checkbox on the main page-- the application has been re-enabled. Our developer principles can be found in our API Terms of Service: http://dev.twitter.com/pages/api_terms Brian Sutorius API Policy
Re: [twitter-dev] Update on Twifficiency
+1 On 8/18/10 10:55 PM, Eric Marden - API Hacker wrote: On behalf of the Internet. Thank you. ~e On Wed, Aug 18, 2010 at 3:45 PM, Brian Sutorius bsutor...@twitter.com mailto:bsutor...@twitter.com wrote: Hi all, Over the past 24 hours, we've received some questions about the Twifficiency app, so we thought we'd use this as an opportunity to quickly share some information around our Developer Principles. For background, the Twifficiency app computes a Twifficiency score based on different aspects of your Twitter account and posts the score as a Tweet. While the developer included a disclaimer that these Tweets would be posted to Twitter, user feedback indicated that the text was too far down on the page to be noticed before proceeding. As a result, many users were surprised that their scores were being tweeted automatically. Which brings us to our Developer Principles, one of which is Don't surprise users. Specifically, we require developers to get users' permission before sending Tweets or other messages on their behalf. Allowing an application to access your account does not constitute consent for actions to automatically be taken on your behalf. Twifficiency violated this principle, so we suspended the app yesterday afternoon while we worked with the developer to make sure users were better informed about the application's actions and could control whether or not a Tweet would be posted. With these changes --which include a more prominent warning and a checkbox on the main page-- the application has been re-enabled. Our developer principles can be found in our API Terms of Service: http://dev.twitter.com/pages/api_terms Brian Sutorius API Policy
Re: [twitter-dev] Update on Twifficiency
There's another issue lurking here, and that's just how much typical Twitter end users know about what an app can do once authenticated, either using the soon-to-be-history basic authentication or oAuth/xAuth. I think the page Twitter displays when asking Deny/Allow is fine, but I'd be surprised if people really read that. They just push the button. ;-) What it all boils down to is that once you Allow for Read, the application can do *anything* in your account that the API can do with a GET, and if you Allow for Read/Write, which most applications do even if they only read, the application can also POST and DELETE. It can follow, unfollow, block, report spammers, read your DMs, post DMs, edit your lists, and, of course, tweet. And I'd also venture a guess that most typical Twitter end users don't know how to get to Connections/Settings and revoke access. So I think another developer principle needs to be to clearly state which of the many available actions an app can take on behalf of the user, how to detect if the app has taken other actions, and how to revoke access. Twiffiency semi-clearly stated that it was going to tweet, but it most certainly did not state what other actions it was going to take to compute the score. -- M. Edward (Ed) Borasky http://borasky-research.net http://twitter.com/znmeb A mathematician is a device for turning coffee into theorems. - Paul Erdos
