I would be all for Twitter having an agreement for all API users (usage being implicit agreement) that, among other things would mean applications that take action on the behalf of users without their express permission will cause them to have their app banned from the API. If basic auth is going to stick around in any shape or form I can see this being pretty difficult to enforce, but I think even a simple public statement from Twitter that such behaviour is unacceptable would be a big step in the right direction.
I also think it should require that reasonable terminology is used. For example on twply.com the question "Support Twply on your first login?" does not make it clear that this means they'll post a tweet as you promoting themselves. -Stuart -- http://stut.net/projects/twitter 2009/4/16 Rod Begbie <[email protected]>: > There are two separate questions here: > 1) Should Twitter make the language on the Authorization page clearer as to > exactly what an app can do if you click "Approve". This gives the user some > amount of a hint at what can happen. I'd push wholeheartedly for this, as > the current distinction of "read and update" versus "read" are easy to miss. > 2) Should Twitter introduce a policy/TOS document on expected behaviour for > apps? I'd hope for at least a wiki page that can be pointed to as "Things > that will get your app deauthorized". This is a policy/community change > request, not a code one. > Rod. > > On Wed, Apr 15, 2009 at 8:09 PM, Chad Etzel <[email protected]> wrote: >> >> Again with the "OAuth does not prevent a bad app form being bad" >> point. All this same stuff can be done with Basic Auth apps. The >> point here is that users can prevent further badness by going to their >> "Connections" tab and revoking the access tokens. >> >> No, this doesn't solve the "what happens when I initially authorize >> this app" problem. >> >> imho, "buyer beware". >> -Chad >> >> On Wed, Apr 15, 2009 at 10:51 PM, Abraham Williams <[email protected]> >> wrote: >> > My thoughts are not having a good enough notice is bad form and users >> > will >> > start gravitating away from apps with bad form and better competition >> > comes >> > out. >> > >> > But yes. I think it would be good for Twitter to make an official >> > statement >> > and include it somewhere that that sort of misdirection is frowned upon. >> > >> > Abraham >> > >> > On Wed, Apr 15, 2009 at 21:21, Cameron Kaiser <[email protected]> >> > wrote: >> >> >> >> > From a user expectatins perspective, I'd suggest that the Twitter >> >> > OAuth >> >> > dialog also add a bullet list of what "access and update your data" >> >> > means >> >> > (like Flickr does) to prevent further surprises. I'm not sure users >> >> > appreciate that an authorised app can: >> >> > >> >> > * Post and delete tweets in your name >> >> > * Add and remove users you are following >> >> > * Block and unblock users >> >> > * Change your name, email address, location, avatar or description >> >> > >> >> > Thoughts? >> >> >> >> This is an excellent point. >> >> >> >> -- >> >> ------------------------------------ personal: >> >> http://www.cameronkaiser.com/ -- >> >> Cameron Kaiser * Floodgap Systems * www.floodgap.com * >> >> [email protected] >> >> -- Sarcasm is a spiritual gift. -- Paul Austin >> >> -------------------------------- >> > >> > >> > >> > -- >> > Abraham Williams | http://the.hackerconundrum.com >> > Hacker | http://abrah.am | http://twitter.com/abraham >> > Web608 | Community Evangelist | http://web608.org >> > This email is: [ ] blogable [x] ask first [ ] private. >> > Sent from Madison, Wisconsin, United States > > > > -- > :: Rod Begbie :: http://groovymother.com/ :: >
