On Wed, Apr 8, 2009 at 11:32 AM, Ivan Kirigin <[email protected]> wrote: > My basic assumption is that "normal" people don't know what the hell > OAuth is. They're used to giving out passwords.
Right, and OAuth is (at least) supposed to help curb that behavior (imho). It does sound like you have been thinking a lot about an OAuth solution, so thanks for that effort. I'm not knocking your API work, I'm just in the paranoid minority :) -Chad > On Apr 8, 11:21 am, Chad Etzel <[email protected]> wrote: >> Hi Ivan, >> >> This looks quite interesting. I do have one concern, though. >> >> On the main tipjoy.com site, you have a prominent banner saying "click >> here to sign up in 5 seconds without giving us your password." >> ...which then leads to the OAuth sign-in. >> >> The Tipjoy API requires a twitter user/pass combo for authentication. >> If I am User A who already has created an account on Tipjoy using >> OAuth, and now I see another 3rd party application asking for my >> twitter user/pass to interact with Tipjoy, I am going to be very >> concerned that this other app is trying to scam me. >> >> I guess it just looks like a conflicting message to me. >> >> I know you said you are "hacking" something together for OAuth apps, >> so maybe this concern is unnecessary, but wanted to give you that >> feedback as a potential user of this system. >> >> As a developer, the API looks very interesting. I don't know how many >> people would actually want to tie their twitter account to actual >> money transactions, but I guess there's only one way to find out... >> >> Congrats on the API launch, >> -Chad >> >> On Wed, Apr 8, 2009 at 10:57 AM, Ivan Kirigin <[email protected]> wrote: >> >> >>>the recipient has enough to cash out to a PayPal account ... before the >> >>>transaction is cancelled ... what happens? >> >> > We audit every cash out, so this step isn't fully automated. It's hard >> > to "take the money and run" >> >> > Also, we track transactions across the site. As you can imagine with >> > micropayments, any wholesale fraud would require lots of transactions >> > or amounts much larger than the median to make any real money. This >> > makes fraud detection easier. >> >> > If anyone sees any transactions that are faulty, they can let us know. >> > We already actively block many IPs and domains because of link spam, >> > and expect to do the same for fraudsters too. >> >> > Best, >> > Ivan >> >http://tipjoy.com >> >> > On Apr 8, 9:52 am, Dossy Shiobara <[email protected]> wrote: >> >> Great, now Nigerian royalty can use Twitter to get their millions of >> >> secret dollars out of their country, with the aid of Twitter users help! >> >> (lol) >> >> >> Or, the first rogue Twitter app. that tweets a Tipjoy payment message >> >> from the user who gives up their username/password to the rogue app. >> >> It'd be a Tipjoy mugging! >> >> >> At least Tipjoy lets you cancel transactions that aren't paid for yet. >> >> But, if you pre-charge your account, and the money is sent from the >> >> account, and the recipient has enough to cash out to a PayPal account >> >> ... before the transaction is cancelled ... what happens? >> >> >> Sounds so very dangerous. >> >> >> On 4/8/09 9:27 AM, Ivan wrote: >> >> >> > Hi Folks, >> >> >> > Tipjoy's Twitter Payments have been really successful for P2P and >> >> > charitable payments. Now we've released an API for Twitter >> >> > applications to do payments over Twitter: >> >> >http://tipjoy.com/api >> >> >> -- >> >> Dossy Shiobara | [email protected] |http://dossy.org/ >> >> Panoptic Computer Network |http://panoptic.com/ >> >> "He realized the fastest way to change is to laugh at your own >> >> folly -- then you can let go and quickly move on." (p. 70)
