By logging into http://tweetpass.com/api/ do you automatically store the password somewhere? If so, how is it stored? encrypted? You should really tell the users what is happening (even tho it is in alpha stage).
Also, the /api/ page does not appear to have <html><body> tags? It also doesn't appear that I am able to change anything on my "homepage" or save it... am I missing something? or is this still in implementation phase? Logging Out did not actually log me out as I was able to return to /api/ without needing to re-enter any user/pass info... This site sounds like a good idea (until we see what Twitter's OAuth looks like), but looks like it still needs some work before it is usable? I apologize if my tone seems critical, but this seems like one of those services you have to "get right the first time" or risk total user abandonment. -Chad On Wed, Jan 7, 2009 at 2:58 PM, Brian Hendrickson <[email protected]> wrote: > > Hi Twitter-dev-talk, > > I would appreciate your feedback on a new service I've been working > on, it's called Tweetpass. I was motivated to get it working after I > wrote a comment about Twitter API security on Rahsheen's blog this > past weekend. http://sheenonline.biz/ -- I decided that instead of > complaining I should try to make a difference of some kind. > > Tweetpass makes fresh, disposable Twitter passwords, which can be used > at (compatible) 3rd-party Twitter services. (there are none, yet) > Also, it makes it simple for the end user to delete the passwords > individually, and toggle the API methods individually. > > It works like this: > > Twitter microbloggers: > > a) submit their nicknames at http://tweetpass.com > b) look in their Replies tab and click a link > c) do Basic Authentication against twitter.com > d) receive Tweetpass passwords to use at (compatible) 3rd-party > Twitter services > > e) turn API methods on/off per-password > f) delete passwords anytime > > Developers: > > a) change their code to (conditionally) call the tweetpass.com API > (see below) > b) put the Tweetpass logo on their site > > Twitter API methods: > > twitter.com/statuses/update.json > twitter.com/statuses/friends_timeline.json > twitter.com/statuses/user_timeline.json > twitter.com/statuses/show/ID.json > twitter.com/USERNAME > twitter.com/USERNAME/statuses/STATUS > search.twitter.com/search?q=HASHTAG > > Tweetpass API methods (so far): > > tweetpass.com/statuses/update.json > tweetpass.com/statuses/friends_timeline.json > tweetpass.com/statuses/user_timeline.json > tweetpass.com/statuses/show/ID.json > tweetpass.com/USERNAME > tweetpass.com/USERNAME/statuses/STATUS > search.tweetpass.com/search?q=HASHTAG > > How you can help: > > If you're a developer who happens to use only these few API methods, > you can test your service against the Tweetpass API. The simplest > thing to do is search and replace "twitter.com/" with "tweetpass.com/" > in your code. Then you can proceed to http://tweetpass.com to get your > disposable passwords. > > Thanks for your feedback and ideas about Tweetpass. > > -- Brian > http://tweetpass.com > 503.358.7501 > > >
