Mmmm yes, that is an interesting scenario. Since you are fetching the tweets by authenticating with your @twibs account, I am assuming you are doing this server side and then echo'ing the tweets to the webpage. In that case you can check the "is_proctect" attribute (or whatever it's called) and demux off of that. You probably already figured that out, but I'm just adding to the discussion. -Chad
On Fri, Jan 30, 2009 at 5:24 PM, Peter Denton <[email protected]> wrote: > Hey everyone, > Everyone may know this already and I may have not been diligent enough, but > this scenario came up today and the person who brought it to my attention > said they see it a lot in many apps. > > Basically, > > I have an app http://www.twibs.com (a directory of businesses on twitter) > and am making "statuses/user_timeline/$nameofentity" calls for visitors to > see recent tweets of the business entity. > A business user contacted me today and said their protected updates were > showing up on twibs > This is because the user is following my application alias "@twibs" and I > WAS using my twibs credentials to authenticate with the api > thus when I make the api call, the users protected updates are open to and > were thus shown publically on my site > > So, if your application does something like mine, you may want to make sure > you are using credential from another account so this scenario does not > unfold. I am sure most of you studs (Jazzy Chad & Gang) already see this, > but I didn't. > > Peter > > > > >
