Well, yes, but then it is a trivial step to get which user. My question, though, is whether or not this sort of behavior is intentional, for 3rd party sites to be able to discover the identity of twitter users on their sites? Personally, I find this to be more worrisome than the current username/password issues.
-Chad On Mon, Jan 5, 2009 at 2:39 PM, Alex Payne <[email protected]> wrote: > > I meant via this particular mechanism. > > On Mon, Jan 5, 2009 at 11:19, Chad Etzel <[email protected]> wrote: >> >> On the contrary, you certainly *can* detect WHICH user is logged in. >> See http://icant.co.uk/sandbox/twitter-hi-demo.html if you are logged >> into the twitter website. Now imagine the site making another AJAX >> call to store the user info into a database somewhere.... goodbye >> anonymous surfing.... >> >> -Chad >> >> On Mon, Jan 5, 2009 at 2:17 PM, Alex Payne <[email protected]> wrote: >>> >>> You can't find out WHICH user is logged in, just that *a* user is >>> logged in. We feel that minimizes the privacy risks. >>> >>> On Mon, Jan 5, 2009 at 11:16, Peter Denton <[email protected]> wrote: >>>> so I can detect if a user is logged into twitter through >>>> /sessions/present.json ? >>>> >>>> What would be the full URL for checking a username against it? >>>> >>>> ex: http://twitter.com/al3x/sessions/present.json >>>> >>>> On Mon, Jan 5, 2009 at 11:09 AM, Alex Payne <[email protected]> wrote: >>>>> >>>>> We did an experiment with a partner of ours around this. It's not >>>>> currently an officially-supported API method, but check out >>>>> /sessions/present.json. It should support a callback and returns a >>>>> boolean. >>>>> >>>>> On Mon, Jan 5, 2009 at 07:49, Chris Heilmann <[email protected]> >>>>> wrote: >>>>> > >>>>> > I've just played around with the user timeline to show data when the >>>>> > user is logged in (http://www.wait-till-i.com/2009/01/05/detecting-and- >>>>> > displaying-the-information-of-a-logged-in-twitter-user/, specifically >>>>> > http://icant.co.uk/sandbox/twitter-hi-demo.html). >>>>> > >>>>> > This is pretty cool, and kudos to your security that when the user is >>>>> > not authenticated I get a popup to authenticate. >>>>> > >>>>> > However, this is the problem of the script. Is there an idea of >>>>> > allowing a "twitter status" API call that only would allow me to see >>>>> > if the current user is authenticated? It would be useful to build for >>>>> > example WordPress add-ons that only give twitter functionality when we >>>>> > know the user is authenticated. >>>>> > >>>>> > A boolean would do, really. Or turning off the automatic login request >>>>> > on the json and callback output and instead throw back an error. >>>>> > >>>>> > If I curl the user timeline I get this error, but not when I use the >>>>> > JSON callback. >>>>> > >>>>> > cheers >>>>> > chris >>>>> > >>>>> >>>>> >>>>> >>>>> -- >>>>> Alex Payne - API Lead, Twitter, Inc. >>>>> http://twitter.com/al3x >>>> >>>> >>> >>> >>> >>> -- >>> Alex Payne - API Lead, Twitter, Inc. >>> http://twitter.com/al3x >>> >> > > > > -- > Alex Payne - API Lead, Twitter, Inc. > http://twitter.com/al3x >
